Jump to content

forged physical sectors


Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download TDSSKiller and save it to your Desktop.

 

Make sure TDSSKiller.exe  is on the Desktop itself, not within a folder on the desktop.

 

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

 

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

 

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.

If Malicious objects are found, do NOT select Delete or Cure. Change the action to Skip, When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

 

Kevin

Link to post
Share on other sites

20:52:30.0802 0x11bc TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03

20:53:15.0411 0x11bc KSN EULA was not accepted. For auto accept you could use -accepteulaksn command line parameter.

20:53:15.0411 0x11bc ============================================================

20:53:15.0411 0x11bc Current date / time: 2014/05/27 20:53:15.0411

20:53:15.0411 0x11bc SystemInfo:

20:53:15.0411 0x11bc

20:53:15.0411 0x11bc OS Version: 5.1.2600 ServicePack: 3.0

20:53:15.0411 0x11bc Product type: Workstation

20:53:15.0411 0x11bc ComputerName: -_-

20:53:15.0411 0x11bc UserName: -_-

20:53:15.0411 0x11bc Windows directory: C:\WINDOWS

20:53:15.0411 0x11bc System windows directory: C:\WINDOWS

20:53:15.0411 0x11bc Processor architecture: Intel x86

20:53:15.0411 0x11bc Number of processors: 2

20:53:15.0411 0x11bc Page size: 0x1000

20:53:15.0411 0x11bc Boot type: Normal boot

20:53:15.0411 0x11bc ============================================================

20:53:19.0817 0x11bc KLMD registered as C:\WINDOWS\system32\drivers\88137000.sys

20:53:19.0958 0x11bc System UUID: {E13B074D-2AE3-F571-C988-5220D64D49C3}

20:53:19.0958 0x11bc Skipping KSN library initialization due to KSN EULA unacceptance

20:53:20.0270 0x11bc Drive \Device\Harddisk0\DR0 - Size: 0x1D1BD110000 (1862.95 Gb), SectorSize: 0x200, Cylinders: 0x3B5F9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

20:53:20.0348 0x11bc ============================================================

20:53:20.0348 0x11bc \Device\Harddisk0\DR0:

20:53:20.0348 0x11bc MBR partitions:

20:53:20.0348 0x11bc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6C59361

20:53:20.0411 0x11bc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6C593DF, BlocksNum 0x3A76CA9

20:53:20.0427 0x11bc \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA6D00C7, BlocksNum 0x15F4A412

20:53:20.0473 0x11bc \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2061A518, BlocksNum 0x52F19DDE

20:53:20.0489 0x11bc \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x73534335, BlocksNum 0x139B15FC

20:53:20.0505 0x11bc \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x86EE5970, BlocksNum 0x61F02549

20:53:20.0505 0x11bc ============================================================

20:53:20.0723 0x11bc C: <-> \Device\Harddisk0\DR0\Partition1

20:53:20.0755 0x11bc D: <-> \Device\Harddisk0\DR0\Partition2

20:53:20.0802 0x11bc H: <-> \Device\Harddisk0\DR0\Partition3

20:53:20.0833 0x11bc Z: <-> \Device\Harddisk0\DR0\Partition6

20:53:20.0864 0x11bc Y: <-> \Device\Harddisk0\DR0\Partition5

20:53:20.0880 0x11bc X: <-> \Device\Harddisk0\DR0\Partition4

20:53:20.0880 0x11bc ============================================================

20:53:20.0880 0x11bc Initialize success

20:53:20.0880 0x11bc ============================================================

20:53:50.0036 0x0744 ============================================================

20:53:50.0036 0x0744 Scan started

20:53:50.0036 0x0744 Mode: Manual;

20:53:50.0036 0x0744 ============================================================

20:53:50.0864 0x0744 ================ Scan system memory ========================

20:53:50.0864 0x0744 System memory - ok

20:53:50.0864 0x0744 ================ Scan services =============================

20:53:50.0942 0x0744 [ 631ACDDF541C19EDE242FE5167B13042, 43B872103ED1CBD58D8D27D8DCE13C3DA37096CF9D4691C4F64F38BB8AD27D8E ] 3CXTunnel H:\Program Files\3CX VoIP Client\3CXTunnel.exe

20:53:50.0973 0x0744 3CXTunnel - ok

20:53:51.0052 0x0744 [ 914A9709FC3BF419AD2F85547F2A4832, 37757BC684D39073B92ECF5C92E1F2A4482D8A8AE16F168EBB0353A34059CA2E ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys

20:53:51.0067 0x0744 61883 - ok

20:53:51.0130 0x0744 [ 2A5E5246F22530E351C9F3F2C1CD63B9, 4F58884CC9B1B77D6E92CB2B1BAB5976A4E118FDFD19ABA50E3BA62824944117 ] ABBYY.Licensing.FineReader.Professional.9.0 c:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

20:53:51.0130 0x0744 ABBYY.Licensing.FineReader.Professional.9.0 - ok

20:53:51.0145 0x0744 Abiosdsk - ok

20:53:51.0145 0x0744 abp480n5 - ok

20:53:51.0161 0x0744 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:53:51.0161 0x0744 ACPI - ok

20:53:51.0192 0x0744 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

20:53:51.0192 0x0744 ACPIEC - ok

20:53:51.0208 0x0744 [ 4BC381316F422F3A5D5A957D3AA2224E, FFE1D5C9A1A79D9D2A337BC5D3FD718039D9E0ED163A62975C34F8532872937C ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

20:53:51.0223 0x0744 Adobe LM Service - ok

20:53:51.0286 0x0744 [ 1474F121C3DF1232D3E7239C03691EE6, 26D0F55010CB7C51269D94ECB5C5AA94802607685B9E9791A78B643C6227214F ] AdobeActiveFileMonitor9.0 H:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

20:53:51.0286 0x0744 AdobeActiveFileMonitor9.0 - ok

20:53:51.0286 0x0744 adpu160m - ok

20:53:51.0333 0x0744 [ 9243229DFCCC99B5441750EBA49F1B14, 1292D9A049F07E74F3E60068D839E9166BBC090A63972FBE5432D4818AA9DF47 ] AdvancedSystemCareService6 h:\Program Files\IObit-AdvancedSystemCare6\ASCService.exe

20:53:51.0333 0x0744 AdvancedSystemCareService6 - ok

20:53:51.0364 0x0744 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys

20:53:51.0364 0x0744 aec - ok

20:53:51.0380 0x0744 [ F6B7B1ECD7B41736BDB6FF4B092BCB79, B892C7303E08238C025409D602CB2F58D273B19B81CF04E26EA52A27EE7706DB ] AFD C:\WINDOWS\System32\drivers\afd.sys

20:53:51.0380 0x0744 AFD - ok

20:53:51.0395 0x0744 Aha154x - ok

20:53:51.0411 0x0744 [ 3936A49ECB74CF23BBB6979CD683DD56, 472BEDEFC099A05630664DD5DFA9DA01DFFCB681AE9F8F7748F5A31DF1221096 ] ahcix86 C:\WINDOWS\system32\drivers\ahcix86.sys

20:53:51.0411 0x0744 ahcix86 - ok

20:53:51.0427 0x0744 aic78u2 - ok

20:53:51.0427 0x0744 aic78xx - ok

20:53:51.0442 0x0744 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

20:53:51.0442 0x0744 Alerter - ok

20:53:51.0458 0x0744 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe

20:53:51.0473 0x0744 ALG - ok

20:53:51.0473 0x0744 AliIde - ok

20:53:51.0520 0x0744 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys

20:53:51.0567 0x0744 Ambfilt - ok

20:53:51.0614 0x0744 [ 67FB6EC7C1232FA350D12378D41B742A, 7A92E3144A0C08D428D1524370C178528B62F40D9CFD856E39E1C490A0AC7F33 ] AMD_RAIDXpert H:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe

20:53:51.0614 0x0744 AMD_RAIDXpert - ok

20:53:51.0614 0x0744 amsint - ok

20:53:51.0645 0x0744 AODDriver4.1 - ok

20:53:51.0677 0x0744 [ 605B12C91E1165EDC0BF34D92348187F, EA22B772E5002B87EC4655088F842326AD78772D62CFDF5FDECBA04F5B293B0B ] AODDriver4.3.0 C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys

20:53:51.0692 0x0744 AODDriver4.3.0 - ok

20:53:51.0708 0x0744 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

20:53:51.0708 0x0744 AppMgmt - ok

20:53:51.0723 0x0744 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:53:51.0739 0x0744 Arp1394 - ok

20:53:51.0739 0x0744 asc - ok

20:53:51.0739 0x0744 asc3350p - ok

20:53:51.0739 0x0744 asc3550 - ok

20:53:51.0802 0x0744 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

20:53:51.0802 0x0744 aspnet_state - ok

20:53:51.0833 0x0744 [ 6F1505608202BBD179095A6A150D103F, 0102548296B89A7036B55D13BE54A44F11C4C98E9B8F8E02C58138D47AF5951E ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys

20:53:51.0833 0x0744 aswMonFlt - ok

20:53:51.0848 0x0744 [ B269C41DF93EFF71DF0986BD982D1C46, 78EBDA9D17B0003694748F2BBDFFD31AA02011E5ECAC781B0E62B3F8EC2A02F7 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys

20:53:51.0864 0x0744 aswRdr - ok

20:53:51.0864 0x0744 [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys

20:53:51.0880 0x0744 aswRvrt - ok

20:53:51.0911 0x0744 [ 0F639D0526820BA7872C963813E0EB8D, 2F0B04F09531AF34AF9B9C9746494D963EA58DEF96AB9FDDD86CF31EDB9E19CD ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys

20:53:51.0927 0x0744 aswSnx - ok

20:53:51.0942 0x0744 [ 7BA7543EA7936A7ADA615F6DE7C95494, E28EF95A2C05A8303AF8464CCD664821B4B0441D9E30A98BACB53D4C3EE771CE ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys

20:53:51.0942 0x0744 aswSP - ok

20:53:51.0958 0x0744 [ 1B0662514A68C3A42E60D240C5ABEF28, 71301759C135895C72CAED297A669BA58B3F73E0B7E46DB981F6559D5D5E2B89 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys

20:53:51.0958 0x0744 aswVmm - ok

20:53:51.0973 0x0744 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:53:51.0989 0x0744 AsyncMac - ok

20:53:51.0989 0x0744 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

20:53:51.0989 0x0744 atapi - ok

20:53:52.0005 0x0744 Atdisk - ok

20:53:52.0020 0x0744 [ D2FBEB67C63AFA2F6747779B0FEE15B0, DAB78D787A1DC5388925E68EB5697760EBF84CBF1AD1D81E7EAB48B5DCDF1599 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

20:53:52.0036 0x0744 Ati HotKey Poller - ok

20:53:52.0067 0x0744 [ 460741BEFBFC91C88934620BC546D172, CDB9C3EFA452EA096FB70960B85A693183AE739368A7AA81A3BEA21E79A76C82 ] ATI Smart c:\WINDOWS\system32\ati2sgag.exe

20:53:52.0083 0x0744 ATI Smart - ok

20:53:52.0239 0x0744 [ 8E280E25A7A3CA8F5F35946CDF41D434, 15AD65B030FDD476E303A5134A3E2B6F046824F0465BBEA49A8A08887547B12A ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

20:53:52.0380 0x0744 ati2mtag - ok

20:53:52.0442 0x0744 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:53:52.0458 0x0744 Atmarpc - ok

20:53:52.0473 0x0744 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

20:53:52.0473 0x0744 AudioSrv - ok

20:53:52.0489 0x0744 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

20:53:52.0505 0x0744 audstub - ok

20:53:52.0536 0x0744 [ D74884939D53612FD84AC82C59CCFE27, 07BFB34A3748E018C0A674A6253A03FFA522B31AE1942E84B3CC4DDDED9C16A9 ] avast! Antivirus h:\Program Files\Avast5\AvastSvc.exe

20:53:52.0552 0x0744 avast! Antivirus - ok

20:53:52.0583 0x0744 [ F8E6956A614F15A0860474C5E2A7DE6B, A745F2AA8F9F90AC7FC63D4DD1CD93070050405026AE4ECBDB9C8754A23C569C ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys

20:53:52.0583 0x0744 Avc - ok

20:53:52.0598 0x0744 [ E625773D7B950842D582F713656859C0, 40A50D17BEA48E1355E867AF69D6D98309A9051ADC9313674F93B2FDEFD81A85 ] AVCSTRM C:\WINDOWS\system32\DRIVERS\avcstrm.sys

20:53:52.0598 0x0744 AVCSTRM - ok

20:53:52.0598 0x0744 AVG Anti-Rootkit - ok

20:53:52.0598 0x0744 AvgArCln - ok

20:53:52.0630 0x0744 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys

20:53:52.0630 0x0744 Beep - ok

20:53:52.0661 0x0744 [ F13D1AA04F1F02399EB87F011584B7C0, 92E8FACAEDA7A36424ABDF2F2096F9980E140D8312706E541BD9D363B6572BC7 ] BITS C:\WINDOWS\system32\qmgr.dll

20:53:52.0708 0x0744 BITS - ok

20:53:52.0723 0x0744 [ 31FF5B87C1DD907613CC613224B8E303, 71878A4D7029AE39B3DD7847983D6228A01A83899F09862E775DA05DBF5869AA ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys

20:53:52.0739 0x0744 BlueletAudio - ok

20:53:52.0786 0x0744 [ D7B7EF32336BE73F43CE22B8D803E09B, DD263227069C5F7AF1D45F1875CB3FB6004A05A03E692F0D240F8AD3EF6D76E5 ] BlueSoleil Hid Service h:\Program Files\BlueSoleil\BTNtService.exe

20:53:52.0786 0x0744 BlueSoleil Hid Service - ok

20:53:52.0802 0x0744 [ FC6D1D80588D371F0321E15A75B2F8F2, C87F45BA56B273ED75693BA88879AA5E39F4DEAD7A0F386A4E51171961F880EB ] Browser C:\WINDOWS\System32\browser.dll

20:53:52.0802 0x0744 Browser - ok

20:53:52.0817 0x0744 BstHdDrv - ok

20:53:52.0848 0x0744 [ 9DA8ABC4885AFF4793D4AA420E40BB12, 502C7ED03B4DB0B36436FF0AE2DE1BD1DB488EFC9D473E3E8EC40E2D96954CC1 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys

20:53:52.0848 0x0744 BT - ok

20:53:52.0895 0x0744 [ BDF2C32C14EF7AB75DDCC3394D6F80D4, 212C62AF31FC03B22021325E8A7A597D321D20BFB9B70A928304CB6A7DFC1B04 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys

20:53:52.0895 0x0744 Btcsrusb - ok

20:53:53.0067 0x0744 [ 083AD7F6FF500D0A93C0BEA2CF298C93, 5AD9009642718506A71B0D399FC255A1DD648A016E00727C20763C3D91B9BC97 ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys

20:53:53.0098 0x0744 BTHidEnum - ok

20:53:53.0114 0x0744 [ F408264F6AD1DC7E7BDD4837440F115D, 3EC127AAC4D26D63783A098FDF52DF03F57C6B7D7788CDEC51509B9BE74EEB5C ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys

20:53:53.0114 0x0744 BTHidMgr - ok

20:53:53.0145 0x0744 [ 51D05D5A8A7D93AB0B1A8D6A38DB3CA4, CE39927ABF7B7A4FF1F9F0C3460C0BFD22FA3711544924FBE40A6B0F28C3520C ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys

20:53:53.0145 0x0744 BTHPORT - ok

20:53:53.0161 0x0744 [ F4C43C66471B87996D95DB7A3A664A37, C7324DBF75376578EC254FD64E2564FEF9A35B58DFE1095389F769F37EA68B21 ] BthServ C:\WINDOWS\System32\bthserv.dll

20:53:53.0177 0x0744 BthServ - ok

20:53:53.0192 0x0744 [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys

20:53:53.0192 0x0744 BTHUSB - ok

20:53:53.0208 0x0744 [ 6B05FDC0CFC3753B520D2D4176CC32D0, A15BB0899A1A6273FFB34A57FC6B5544CCC09F2A7C56F6173A8F86E80C0DD49E ] BTNetFilter C:\WINDOWS\system32\drivers\BTNetFilter.sys

20:53:53.0223 0x0744 BTNetFilter - ok

20:53:53.0239 0x0744 [ 088C0978203D59425A12B2A53FCCD02B, 183437E9A9F5454DFF9AF723A83F3DCB227BE75BCF6261BDEF86B236097549C5 ] camfilt2 C:\WINDOWS\system32\DRIVERS\camfilt2.sys

20:53:53.0239 0x0744 camfilt2 - ok

20:53:53.0270 0x0744 catchme - ok

20:53:53.0333 0x0744 [ 89ED00F930C053A19038C008743E72EF, EEF667B71EC436E8C7FDD1709BA1780A614617E4B79C6267B8DCB580E0B62168 ] cbfs4 C:\WINDOWS\system32\drivers\cbfs4.sys

20:53:53.0348 0x0744 cbfs4 - ok

20:53:53.0364 0x0744 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

20:53:53.0380 0x0744 cbidf2k - ok

20:53:53.0380 0x0744 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:53:53.0395 0x0744 CCDECODE - ok

20:53:53.0395 0x0744 cd20xrnt - ok

20:53:53.0411 0x0744 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

20:53:53.0411 0x0744 Cdaudio - ok

20:53:53.0427 0x0744 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

20:53:53.0427 0x0744 Cdfs - ok

20:53:53.0427 0x0744 [ 351735695E9EAD93DE6AF85D8BEB1CA8, CA3D48AAE080CC71F71BA23BCB46095F3B3207EEDA4A32ED3EFD1FF9DE684516 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys

20:53:53.0442 0x0744 cdrbsdrv - ok

20:53:53.0458 0x0744 [ 7FC46240546C16C0448C29C9D233B915, 460F5EB008D9DC0BE88532E652FFA2F6616A4DA76DCE7F235C669E3F826405A8 ] cdrbsvsd C:\WINDOWS\system32\drivers\cdrbsvsd.sys

20:53:53.0458 0x0744 cdrbsvsd - ok

20:53:53.0473 0x0744 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:53:53.0473 0x0744 Cdrom - ok

20:53:53.0489 0x0744 CE3 - ok

20:53:53.0489 0x0744 Changer - ok

20:53:53.0505 0x0744 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe

20:53:53.0520 0x0744 CiSvc - ok

20:53:53.0802 0x0744 [ DBC8CDAFC84E96E894C3BAAED9B30F47, A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp H:\program files\EEK_\Run\cleanhlp32.sys

20:53:53.0817 0x0744 cleanhlp - ok

20:53:53.0833 0x0744 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

20:53:53.0833 0x0744 ClipSrv - ok

20:53:53.0864 0x0744 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:53:53.0864 0x0744 clr_optimization_v2.0.50727_32 - ok

20:53:53.0895 0x0744 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:53:53.0911 0x0744 clr_optimization_v4.0.30319_32 - ok

20:53:53.0927 0x0744 CmdIde - ok

20:53:53.0927 0x0744 COMSysApp - ok

20:53:53.0942 0x0744 Cpqarray - ok

20:53:53.0958 0x0744 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

20:53:53.0973 0x0744 CryptSvc - ok

20:53:54.0005 0x0744 [ F054744F67576A01139885173392502B, 4FEA15AABC4FC63A3E991412CAF17283BBD257172EF7E255F40F5E22E0286902 ] CrystalSysInfo H:\program files\MediaCoder\SysInfo.sys

20:53:54.0020 0x0744 CrystalSysInfo - ok

20:53:54.0036 0x0744 [ 5776322F93CDB91086111F5FFBFDA2A0, 3F965C1415E27A5D4F70AB71A42CCA39E74DF6AF258C503E0392A9DAA4CEF044 ] d3472bus C:\WINDOWS\system32\DRIVERS\d3472bus.sys

20:53:54.0052 0x0744 d3472bus - ok

20:53:54.0052 0x0744 [ B49F79ACE459763F4E0380071BE9CB45, 4AC5C4C3C7D7739E6309D1C9A89D307AD77376A9E37F7EBC0AA59251548DE2A8 ] d3472prt C:\WINDOWS\system32\Drivers\d3472prt.sys

20:53:54.0052 0x0744 d3472prt - ok

20:53:54.0067 0x0744 d347Bbus - ok

20:53:54.0067 0x0744 d347Bprt - ok

20:53:54.0083 0x0744 [ 5776322F93CDB91086111F5FFBFDA2A0, 3F965C1415E27A5D4F70AB71A42CCA39E74DF6AF258C503E0392A9DAA4CEF044 ] d347bus C:\WINDOWS\system32\DRIVERS\d347bus.sys

20:53:54.0098 0x0744 d347bus - ok

20:53:54.0098 0x0744 [ B49F79ACE459763F4E0380071BE9CB45, 4AC5C4C3C7D7739E6309D1C9A89D307AD77376A9E37F7EBC0AA59251548DE2A8 ] d347prt C:\WINDOWS\system32\Drivers\d347prt.sys

20:53:54.0098 0x0744 d347prt - ok

20:53:54.0098 0x0744 dac2w2k - ok

20:53:54.0114 0x0744 dac960nt - ok

20:53:54.0130 0x0744 [ A2FC6535CC57414A2785093E9517D15C, 7C84AD54E7AB9E00217E81D0FFC52B71E587A87C594815DB7C31B438B2358E2E ] DC30 C:\WINDOWS\system32\DRIVERS\DC30.sys

20:53:54.0130 0x0744 DC30 - ok

20:53:54.0161 0x0744 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

20:53:54.0161 0x0744 DcomLaunch - ok

20:53:54.0192 0x0744 [ 6216FD7FD227DE454238A702B218CEC7, 5699FDD253754AE274B8624A41CBE778D74383E95D5167785A48A51AAD67FC70 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys

20:53:54.0208 0x0744 dgderdrv - ok

20:53:54.0223 0x0744 [ D720E872772D004E304FCE0CE54E1F8A, CEEC6D27A5DBE6522C2BC5467BA9A24D12F8119CA4EFBC42B0EB1A1939AEEC09 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys

20:53:54.0223 0x0744 dg_ssudbus - ok

20:53:54.0255 0x0744 [ C51DE19619D50CBD03708647ACA10E70, 701869D644DB6EDDF5016DBC86F1B799FFDDEA3CBA35203C6C417DB5B6E89597 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

20:53:54.0255 0x0744 Dhcp - ok

20:53:54.0270 0x0744 [ 47B6AAEC570F2C11D8BAD80A064D8ED1, 83AAFD7D2E44BAD967430AF72ABEC3E8F2985BAF71D06ADFC2B92EC4CD644012 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

20:53:54.0286 0x0744 Disk - ok

20:53:54.0286 0x0744 dmadmin - ok

20:53:54.0317 0x0744 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

20:53:54.0333 0x0744 dmboot - ok

20:53:54.0364 0x0744 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys

20:53:54.0364 0x0744 dmio - ok

20:53:54.0395 0x0744 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys

20:53:54.0395 0x0744 dmload - ok

20:53:54.0411 0x0744 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll

20:53:54.0411 0x0744 dmserver - ok

20:53:54.0442 0x0744 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

20:53:54.0442 0x0744 DMusic - ok

20:53:54.0458 0x0744 [ D977659AE4D8ECE5286D99D1ED34614D, 4D7DF9C6D5E8255DDD34AFCC04DA0B675162BF852D29DB50C6451C5BDD7269D5 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

20:53:54.0458 0x0744 Dnscache - ok

20:53:54.0473 0x0744 [ B4109C8C3D54C83246997A777724F318, 5ADD03B169498CBE4550C1FDD0D7E1E51C97A1DB117BCA8581A5CFDEED8EF1D3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

20:53:54.0489 0x0744 Dot3svc - ok

20:53:54.0489 0x0744 dpti2o - ok

20:53:54.0505 0x0744 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

20:53:54.0505 0x0744 drmkaud - ok

20:53:54.0520 0x0744 [ B327281012B48BD73F587799F9F29BE2, C4A5A47F25F38388ACED5FF5B03CFCF3239C8FEBC1E9AF83303B1E917F4E15CC ] DumpDrv C:\WINDOWS\system32\drivers\DumpDrv.sys

20:53:54.0536 0x0744 DumpDrv - ok

20:53:54.0552 0x0744 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll

20:53:54.0567 0x0744 EapHost - ok

20:53:54.0661 0x0744 [ 34820F6A33918BE24B76AD670C167F28, 0F40A8401E579CA574A88AB8EA68EC2B9129096E6980E2C72DF7D00033371B80 ] EaseUS Agent h:\Program Files\EaseUS Todo Backup 6.5\bin\Agent.exe

20:53:54.0692 0x0744 EaseUS Agent - ok

20:53:54.0692 0x0744 efavdrv - ok

20:53:54.0708 0x0744 [ F07BA56B0235F15EFF8F10DC6389C42E, A7202CCB418D03606A97679BCF166ACA12F8341E8AB97DF044AE00401B8496B4 ] epmntdrv c:\WINDOWS\system32\epmntdrv.sys

20:53:54.0723 0x0744 epmntdrv - ok

20:53:54.0739 0x0744 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll

20:53:54.0739 0x0744 ERSvc - ok

20:53:54.0770 0x0744 [ E9E8DC2FB3C7B02BF9280E5557245FC7, 18618D624A3807D9A86F6F409C0C375F0A90B86DE77652CFEEBA57C0A3C0A533 ] EU3_USB C:\WINDOWS\system32\DRIVERS\EU3USB.sys

20:53:54.0786 0x0744 EU3_USB - ok

20:53:54.0802 0x0744 [ F8EFD04DB94B1DA2568C53A546613E43, AF417543D292C55D28C92D51D975ED41FB07A29644374ACDDDC3D110A03521E0 ] EUBAKUP C:\WINDOWS\system32\drivers\eubakup.sys

20:53:54.0817 0x0744 EUBAKUP - ok

20:53:54.0817 0x0744 EUBAKUP0 - ok

20:53:54.0833 0x0744 [ 4CD0B4D145CF39F8221765952301941B, 439D2FE8BF9AEC3E34C8861576CC7489FEB2CF30E28909360F97987506E31798 ] EUBKMON C:\WINDOWS\system32\drivers\EUBKMON.sys

20:53:54.0833 0x0744 EUBKMON - ok

20:53:54.0864 0x0744 [ 37ABA51F85518FC381CEFC8D76F2E2C4, A985A72B780333CB06A4F56FEA40B29CCEFD78DAC3F77B6CEFA6D8A47D12A5FC ] EuDisk C:\WINDOWS\system32\DRIVERS\EuDisk.sys

20:53:54.0864 0x0744 EuDisk - ok

20:53:54.0880 0x0744 [ 8D980D175E17C88AA07ECAB23E38C70D, E63304164775EA6F219161A34F4B29B715DDE42F1088A0D062ACCD7C10AD2416 ] EUDSKACS c:\WINDOWS\system32\drivers\eudskacs.sys

20:53:54.0880 0x0744 EUDSKACS - ok

20:53:54.0911 0x0744 [ F8EF4F17D136DA000AE15333376F4CBF, FDC14ED510938BBB78A37CDBBDFBC3218B30A6859DF30590A2D47FE475FBB38D ] EUFDDISK C:\WINDOWS\system32\drivers\EuFdDisk.sys

20:53:54.0911 0x0744 EUFDDISK - ok

20:53:54.0927 0x0744 [ A08E9E711CD7661D7C3F19EE638102C2, E3DE80F8D5EDE27574A98F966E7BC386D0E64C22C0DCCBFDC9E0A2542A249C50 ] EUFS C:\WINDOWS\system32\drivers\eufs.sys

20:53:54.0927 0x0744 EUFS - ok

20:53:54.0942 0x0744 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013, FB06406AD9CCD946155C4E8CA769E0430589A4E4BBBDA2C90A67C84E0D2F8EE0 ] EuGdiDrv c:\WINDOWS\system32\EuGdiDrv.sys

20:53:54.0942 0x0744 EuGdiDrv - ok

20:53:54.0958 0x0744 [ C519E15665CD89A91AD383FCE3CB556A, C2488C0B7D3C05CA5B23154AEDD07EFC592B7E5008100FA4416BE8DFEE551B24 ] Eventlog C:\WINDOWS\system32\services.exe

20:53:54.0989 0x0744 Eventlog - ok

20:53:55.0020 0x0744 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC, 51EDCDEB437A8984C086CC19C25958CBF0B8EB18FEA21173D1DCCDC39B6E64E1 ] EventSystem C:\WINDOWS\system32\es.dll

20:53:55.0020 0x0744 EventSystem - ok

20:53:55.0052 0x0744 [ 4D893323DAE445E34A4C9038B0551BC9, 39EE6D1EA496568368F7E8167EFE444CAEDD34A760EC9107EC383D8D17485EFD ] exFat C:\WINDOWS\system32\drivers\exFat.sys

20:53:55.0052 0x0744 exFat - ok

20:53:55.0067 0x0744 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

20:53:55.0067 0x0744 Fastfat - ok

20:53:55.0083 0x0744 [ 888CD7B39C37E13A2419BECFAAF0A28C, 90D6386E893FB4F20C27DACEF0AF139D89944B5FAA47C2CBD732E42DE76485BE ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

20:53:55.0098 0x0744 FastUserSwitchingCompatibility - ok

20:53:55.0114 0x0744 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax C:\WINDOWS\system32\fxssvc.exe

20:53:55.0130 0x0744 Fax - ok

20:53:55.0145 0x0744 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

20:53:55.0145 0x0744 Fdc - ok

20:53:55.0161 0x0744 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys

20:53:55.0161 0x0744 Fips - ok

20:53:55.0177 0x0744 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

20:53:55.0192 0x0744 Flpydisk - ok

20:53:55.0208 0x0744 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

20:53:55.0208 0x0744 FltMgr - ok

20:53:55.0239 0x0744 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:53:55.0239 0x0744 FontCache3.0.0.0 - ok

20:53:55.0255 0x0744 [ DDEE99DC54EFA20BD5A442CD733C4462, 941D6C5D91F6419198F1A53BF7D33AA2D9118CEAC028B6ED8E5308751810B9B5 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS

20:53:55.0255 0x0744 FsUsbExDisk - ok

20:53:55.0270 0x0744 [ 0796C1E47ADB9825269E64B9DAB4E741, A9E476278428824FAE8B63B2B2CAC683EABD28E5B514925F6379593CB6CAB968 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe

20:53:55.0286 0x0744 FsUsbExService - ok

20:53:55.0302 0x0744 [ 30D42943A54704EF13E2562911DBFCEA, 6E0904E60A2F8B62BD34E5EDA2DA2240DFBCE1288C58CB4D819F0025ECF76763 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:53:55.0302 0x0744 Fs_Rec - ok

20:53:55.0317 0x0744 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:53:55.0317 0x0744 Ftdisk - ok

20:53:55.0333 0x0744 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:53:55.0348 0x0744 Gpc - ok

20:53:55.0411 0x0744 [ B5B81876470C099E6DB3B63BDFBE58FC, B04221680BF4890829B817B6A89BF0408CE6AF3BFA9BFBF25D55BF7F99BAA8DE ] Guard Agent h:\Program Files\EaseUS Todo Backup 6.5\bin\GuardAgent.exe

20:53:55.0442 0x0744 Guard Agent - ok

20:53:55.0567 0x0744 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

20:53:55.0567 0x0744 gupdate - ok

20:53:55.0583 0x0744 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

20:53:55.0583 0x0744 gupdatem - ok

20:53:55.0598 0x0744 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:53:55.0598 0x0744 HDAudBus - ok

20:53:55.0614 0x0744 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:53:55.0630 0x0744 helpsvc - ok

20:53:55.0630 0x0744 HidServ - ok

20:53:55.0661 0x0744 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:53:55.0661 0x0744 HidUsb - ok

20:53:55.0677 0x0744 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

20:53:55.0692 0x0744 hkmsvc - ok

20:53:55.0692 0x0744 hpn - ok

20:53:55.0708 0x0744 [ 937031C085718C1C04A9C0864625EC6B, B812A70063750090202D646F466BD7F0377413F74AD109F8097CB2A1FB42466B ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

20:53:55.0723 0x0744 HTTP - ok

20:53:55.0739 0x0744 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

20:53:55.0770 0x0744 HTTPFilter - ok

20:53:55.0770 0x0744 i2omgmt - ok

20:53:55.0770 0x0744 i2omp - ok

20:53:55.0786 0x0744 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:53:55.0802 0x0744 i8042prt - ok

20:53:55.0802 0x0744 ialm - ok

20:53:55.0802 0x0744 iaStor - ok

20:53:55.0895 0x0744 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT (RENAME) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

20:53:55.0911 0x0744 IDriverT (RENAME) - ok

20:53:55.0958 0x0744 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:53:55.0973 0x0744 idsvc - ok

20:53:55.0989 0x0744 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

20:53:55.0989 0x0744 Imapi - ok

20:53:56.0098 0x0744 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe

20:53:56.0098 0x0744 ImapiService - ok

20:53:56.0098 0x0744 ini910u - ok

20:53:56.0255 0x0744 [ 921F2452A8D3A10083DDD824FC8C267F, 4064A459A926C4CCBD9A85CF2E1A2FF3BA395D462E1C99CDE53B9647518EC855 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:53:56.0395 0x0744 IntcAzAudAddService - ok

20:53:56.0411 0x0744 IntelIde - ok

20:53:56.0458 0x0744 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:53:56.0473 0x0744 intelppm - ok

20:53:56.0473 0x0744 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

20:53:56.0489 0x0744 Ip6Fw - ok

20:53:56.0520 0x0744 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:53:56.0520 0x0744 IpFilterDriver - ok

20:53:56.0520 0x0744 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:53:56.0520 0x0744 IpInIp - ok

20:53:56.0552 0x0744 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:53:56.0567 0x0744 IpNat - ok

20:53:56.0583 0x0744 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:53:56.0583 0x0744 IPSec - ok

20:53:56.0598 0x0744 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

20:53:56.0614 0x0744 IRENUM - ok

20:53:56.0630 0x0744 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:53:56.0630 0x0744 isapnp - ok

20:53:56.0645 0x0744 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:53:56.0661 0x0744 Kbdclass - ok

20:53:56.0677 0x0744 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

20:53:56.0677 0x0744 kmixer - ok

20:53:56.0692 0x0744 [ C6EBF1D6AD71DF30DB49B8D3287E1368, 09A8F5BCE774BA8881195AB390692048C3B05EDC8C0BF3ACBC673FD391A29D72 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

20:53:56.0692 0x0744 KSecDD - ok

20:53:56.0708 0x0744 [ 3695B8D03745B2F8022B161238347A9D, AFA2FFA9D3A5CA7383FA1A60C7E1C054EF6B0021A62B2AC3AAC499DF12765F93 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

20:53:56.0708 0x0744 lanmanserver - ok

20:53:56.0723 0x0744 [ 3B9324D60DD321BAB7BF6F77931D3FD1, 060F32C57CF9ABE9039CDD51A7CA9DE33ED407E17ECA20DAA3AB0F795E798511 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

20:53:56.0739 0x0744 lanmanworkstation - ok

20:53:56.0739 0x0744 lbrtfdc - ok

20:53:56.0755 0x0744 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

20:53:56.0755 0x0744 LmHosts - ok

20:53:56.0833 0x0744 [ C4FD8055F421A8E6F49259A0BF59C40D, 79C6A7424EA94821E86F304BBAA419D662A4BFE0A8D7832FD7FE431C3A5F8032 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys

20:53:56.0848 0x0744 LVRS - ok

20:53:56.0942 0x0744 [ BAB6DBA71DEFBC9D147AFC15CDC9563F, 4FA8B0C55F81FCA3D899389053476260D8071D36337515F1F522D6E067A54C9F ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys

20:53:57.0114 0x0744 LVUVC - ok

20:53:57.0145 0x0744 [ A3E700D78EEC390F1208098CDCA5C6B6, 37D92D4AF24C43B4C468974CBBD55B6DF3AB92780560285039A0B078E566985A ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

20:53:57.0145 0x0744 MarvinBus - ok

20:53:57.0177 0x0744 [ 6F0D0617310A677360B7EB6D2D59086E, 399358CFCE99EBCAE9874FDD44F634ED434CCE3C8821357EDC324046F7FEC68F ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys

20:53:57.0177 0x0744 mbamchameleon - ok

20:53:57.0192 0x0744 [ 0C6EA0109CFEDF441F06D031E9A8D1A9, 61C18F1DD1DC5719252564A60F9E0CBD0AD275C065C5B95F330921C582EA532F ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

20:53:57.0192 0x0744 MBAMProtector - ok

20:53:57.0286 0x0744 [ 0E08BDD7326E657D59DB40BAD23D8169, 428C6CCCC0BB540DFD35847776140D60C186B9D2D14F0ACCD1A4D42A8877BD98 ] MBAMScheduler H:\program files\Virus\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe

20:53:57.0317 0x0744 MBAMScheduler - ok

20:53:57.0427 0x0744 [ A8E7F3DB083EB0839DFC1C763CDD2594, BDF416E360A52130B23B029C89E6406A97FB0516C52C7E63B94CAECEEB431A2E ] MBAMService H:\program files\Virus\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware\mbamservice.exe

20:53:57.0442 0x0744 MBAMService - ok

20:53:57.0505 0x0744 [ AF61A1C34E2D3F7543F9CCFC323170B8, EA05EA7A6DB9752CFAE40ABDA1491D0C0C96B1067A8B117F3BE77A36830F5117 ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys

20:53:57.0505 0x0744 mcdbus - ok

20:53:57.0567 0x0744 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

20:53:57.0567 0x0744 MDM - ok

20:53:57.0583 0x0744 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll

20:53:57.0598 0x0744 Messenger - ok

20:53:57.0614 0x0744 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

20:53:57.0614 0x0744 mnmdd - ok

20:53:57.0645 0x0744 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc c:\WINDOWS\system32\mnmsrvc.exe

20:53:57.0645 0x0744 mnmsrvc - ok

20:53:57.0677 0x0744 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys

20:53:57.0677 0x0744 Modem - ok

20:53:57.0739 0x0744 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys

20:53:57.0770 0x0744 Monfilt - ok

20:53:57.0786 0x0744 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:53:57.0786 0x0744 Mouclass - ok

20:53:57.0786 0x0744 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:53:57.0802 0x0744 mouhid - ok

20:53:57.0817 0x0744 [ 1A1FAA5102466F418494E94FF9B0B091, 0E2145D001178095C46C34FD05BE3587B6440AEF6E2A301A50F5C357504BC95F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

20:53:57.0817 0x0744 MountMgr - ok

20:53:57.0848 0x0744 [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

20:53:57.0864 0x0744 MpFilter - ok

20:53:57.0864 0x0744 mraid35x - ok

20:53:57.0880 0x0744 [ 4FEFD389D71126EE581B9F9CB2918BE4, 64C527DEFF0F8B6CB0318B14BC7F34F8221D8FF6D5A128F9C2C4779537245F7B ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:53:57.0895 0x0744 MRxDAV - ok

20:53:57.0911 0x0744 [ FB2FCCC70F7174C7BF64F48E96D3ADF4, 484B4DF0A500CAE8AFA4F3A6393615A3963D91C95939025DF1A172C9A67D951D ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:53:57.0927 0x0744 MRxSmb - ok

20:53:57.0942 0x0744 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe

20:53:57.0942 0x0744 MSDTC - ok

20:53:58.0020 0x0744 [ 1477849772712BAC69C144DCF2C9CE81, A74C2FF6F7EE5564E783C689534A5EC3D626F0277E9707A21E36980908836922 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys

20:53:58.0020 0x0744 MSDV - ok

20:53:58.0036 0x0744 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

20:53:58.0036 0x0744 Msfs - ok

20:53:58.0052 0x0744 [ 9B99B04C28CCD19741DBBED64480195C, B16ADCA5C7D82E58E7380B30F0B341A56721DD852D010E65B06EBDA033DB5763 ] msikbd2k C:\WINDOWS\system32\DRIVERS\msikbd2k.sys

20:53:58.0052 0x0744 msikbd2k - ok

20:53:58.0067 0x0744 MSIServer - ok

20:53:58.0083 0x0744 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:53:58.0098 0x0744 MSKSSRV - ok

20:53:58.0145 0x0744 [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

20:53:58.0145 0x0744 MsMpSvc - ok

20:53:58.0161 0x0744 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:53:58.0177 0x0744 MSPCLOCK - ok

20:53:58.0192 0x0744 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

20:53:58.0192 0x0744 MSPQM - ok

20:53:58.0208 0x0744 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:53:58.0223 0x0744 mssmbios - ok

20:53:58.0239 0x0744 [ 5C3F9BDF4DB23B75306388FC26A0A8E5, 1F66132CEED799DFAC478F3919AEA784BCD206B3B5047E4FBD786686853D70CE ] MSTAPE C:\WINDOWS\system32\DRIVERS\mstape.sys

20:53:58.0239 0x0744 MSTAPE - ok

20:53:58.0255 0x0744 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

20:53:58.0255 0x0744 MSTEE - ok

20:53:58.0286 0x0744 [ F7B1AD991491F02AF6DA70B00B8BF114, 4EF6B2FF3138CB461D631EB9395C52DE4075B58E8A3C13847A3AFF591536CA72 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

20:53:58.0286 0x0744 Mup - ok

20:53:58.0302 0x0744 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:53:58.0302 0x0744 NABTSFEC - ok

20:53:58.0317 0x0744 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll

20:53:58.0333 0x0744 napagent - ok

20:53:58.0411 0x0744 [ 3BAE2BFCB6D69E19C8373F635DD544DC, A32DB5282ED5AFC1650883B1870E46FDC029EF9225075E6916D2E371F18D8B9E ] NBService H:\Program Files\Nero 7\Nero BackItUp\NBService.exe

20:53:58.0427 0x0744 NBService - ok

20:53:58.0458 0x0744 [ 8716356E49A665BDC7B114725B60A456, F8187DD17B6C3D65D6A3AD7C13EC9B83C0767D86FAC9EC9EFCAB5ABA8A88A668 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

20:53:58.0458 0x0744 NDIS - ok

20:53:58.0489 0x0744 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:53:58.0489 0x0744 NdisIP - ok

20:53:58.0505 0x0744 [ 091735A5F20ACB1DC147383A905AE002, 71F5EA1B762B304AE46284F80F9AABF5EAB890C9CC5F257AC84D3ABF4268B3D3 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:53:58.0505 0x0744 NdisTapi - ok

20:53:58.0520 0x0744 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:53:58.0536 0x0744 Ndisuio - ok

20:53:58.0552 0x0744 [ 5526CFEBB619F7F763BD6A2E1B618078, B4A8C6C115B3DED7E2D977B583FCE5DEB0AD8D14DDAE24BF35E9F4DF2C3A52B2 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:53:58.0552 0x0744 NdisWan - ok

20:53:58.0567 0x0744 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

20:53:58.0583 0x0744 NDProxy - ok

20:53:58.0598 0x0744 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

20:53:58.0614 0x0744 NetBIOS - ok

20:53:58.0614 0x0744 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

20:53:58.0630 0x0744 NetBT - ok

20:53:58.0645 0x0744 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe

20:53:58.0661 0x0744 NetDDE - ok

20:53:58.0661 0x0744 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

20:53:58.0677 0x0744 NetDDEdsdm - ok

20:53:58.0692 0x0744 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe

20:53:58.0692 0x0744 Netlogon - ok

20:53:58.0708 0x0744 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll

20:53:58.0723 0x0744 Netman - ok

20:53:58.0739 0x0744 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:53:58.0755 0x0744 NetTcpPortSharing - ok

20:53:58.0802 0x0744 [ 522215532916836B9CA19EE30658F3C1, 9BD1917290E7CE5B1B9C62502E0A4BBAAC46F6612B540EBE82835A223214C19A ] nhksrv c:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

20:53:58.0802 0x0744 nhksrv - ok

20:53:58.0817 0x0744 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:53:58.0817 0x0744 NIC1394 - ok

20:53:58.0864 0x0744 [ BA4EAB2B03C133C8E7CCE1D688661C90, 790427B9B0B731F2A950A64AD71747554E6C9B439D8B224D5655B75ADF2E20B3 ] NitroDriverReadSpool H:\program files\Nitro PDF Pro 6\NitroPDFDriverService.exe

20:53:58.0864 0x0744 NitroDriverReadSpool - ok

20:53:58.0895 0x0744 [ B6AB14440CF8A954DC43F53413B89667, A6B588D813B335C18321FD5CEE9F55B3B2F2D9EC3E845E161912AE882956EA26 ] NitroDriverReadSpool2 H:\Program Files\Nitro PDF Pro 7\NitroPDFDriverService2.exe

20:53:58.0895 0x0744 NitroDriverReadSpool2 - ok

20:53:58.0927 0x0744 [ 290C1A30DEFC723BBE10910AC2D6F6D0, B9CC2882B2A8F27B77FB6291471E07574281A16AAF14DC5D4B97BE7A4589CB59 ] Nla C:\WINDOWS\System32\mswsock.dll

20:53:58.0942 0x0744 Nla - ok

20:53:58.0958 0x0744 [ 23688F610A5A16DD8B4D93D2F7BD44F6, C84BB6FAB61C643D57DE9A1593476E35694B17F3074B26358159439E2E5860F2 ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE

20:53:58.0958 0x0744 nlsX86cc - ok

20:53:59.0098 0x0744 [ 193FA51DDDD0BFFDED1C340F0434999A, C05CA0A8568E9CBDA15633ED420C29F52082114B2B9F24EB61369E42C480C080 ] NMIndexingService c:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

20:53:59.0098 0x0744 NMIndexingService - ok

20:53:59.0145 0x0744 [ 590168F80BEBC75CAF9EC7006A77C9B4, E0F36978EBE1DC67B5BA0916350A95F2B5932F95004EFC2761F3F810BD52D712 ] NovacomD c:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

20:53:59.0161 0x0744 NovacomD - ok

20:53:59.0177 0x0744 [ 25401B0C9576C8456B3E0BBD74FF0771, BB569C99360A631850537DC2EDA0BF85D091CC30BD98B3FD2AC9DABDFB7741DA ] NPF C:\WINDOWS\system32\drivers\npf.sys

20:53:59.0192 0x0744 NPF - ok

20:53:59.0208 0x0744 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

20:53:59.0208 0x0744 Npfs - ok

20:53:59.0239 0x0744 [ AE8CAD8F28DB13B515A68510A539B0B8, 3889CBF5B2A9AFCD5D46A2B472B3BE30584C0C1105E12C608EBF07D7B209F54A ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

20:53:59.0239 0x0744 Ntfs - ok

20:53:59.0255 0x0744 NTIOLib_1_0_2 - ok

20:53:59.0255 0x0744 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

20:53:59.0255 0x0744 NtLmSsp - ok

20:53:59.0286 0x0744 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

20:53:59.0302 0x0744 NtmsSvc - ok

20:53:59.0333 0x0744 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys

20:53:59.0333 0x0744 Null - ok

20:53:59.0348 0x0744 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:53:59.0348 0x0744 NwlnkFlt - ok

20:53:59.0364 0x0744 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:53:59.0380 0x0744 NwlnkFwd - ok

20:53:59.0411 0x0744 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:53:59.0427 0x0744 odserv - ok

20:53:59.0442 0x0744 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:53:59.0442 0x0744 ose - ok

20:53:59.0458 0x0744 PackethSvc - ok

20:53:59.0473 0x0744 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

20:53:59.0473 0x0744 Parport - ok

20:53:59.0505 0x0744 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

20:53:59.0505 0x0744 PartMgr - ok

20:53:59.0520 0x0744 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

20:53:59.0520 0x0744 ParVdm - ok

20:53:59.0614 0x0744 [ 61A5701E3F543861B21BBE0932C4CC03, 2F304E2BF0B8979143A94DF3412AB9956549134C3B8914CA28873DBBECE74F06 ] pbfilter H:\program files\PeerBlock\pbfilter.sys

20:53:59.0630 0x0744 pbfilter - ok

20:53:59.0645 0x0744 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

20:53:59.0661 0x0744 PCI - ok

20:53:59.0661 0x0744 PCIDump - ok

20:53:59.0677 0x0744 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

20:53:59.0677 0x0744 PCIIde - ok

20:53:59.0708 0x0744 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

20:53:59.0723 0x0744 Pcmcia - ok

20:53:59.0723 0x0744 PDCOMP - ok

20:53:59.0786 0x0744 [ A1688A4FB2EC49D040C027EF6DC7A87B, E5F5768D189B590F4D8D20C13FC0F7FF5AC7C4729848F38A93D653AB0B740696 ] PDF Architect Helper Service c:\Program Files\PDF Architect\HelperService.exe

20:53:59.0817 0x0744 PDF Architect Helper Service - ok

20:53:59.0833 0x0744 [ E23FF9B2F8EEAB2BDDA681C21C48E843, 2D0072C2EFFD5278D0211438FA9A29CF394F01857273A53B09A629977C024B30 ] PDF Architect Service c:\Program Files\PDF Architect\ConversionService.exe

20:53:59.0848 0x0744 PDF Architect Service - ok

20:53:59.0864 0x0744 PDFRAME - ok

20:53:59.0864 0x0744 PDRELI - ok

20:53:59.0864 0x0744 PDRFRAME - ok

20:53:59.0864 0x0744 perc2 - ok

20:53:59.0880 0x0744 perc2hib - ok

20:53:59.0911 0x0744 [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service c:\WINDOWS\system32\IoctlSvc.exe

20:53:59.0911 0x0744 PLFlash DeviceIoControl Service - ok

20:53:59.0927 0x0744 [ C519E15665CD89A91AD383FCE3CB556A, C2488C0B7D3C05CA5B23154AEDD07EFC592B7E5008100FA4416BE8DFEE551B24 ] PlugPlay C:\WINDOWS\system32\services.exe

20:53:59.0942 0x0744 PlugPlay - ok

20:53:59.0958 0x0744 [ 713E294439D982BB161317DE0136FAA0, 439DE38F993B3EBFAE7053A90AE5EA47BEEF02E28E261F23CA6A6037FC3676C4 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys

20:53:59.0973 0x0744 pneteth - ok

20:53:59.0989 0x0744 [ DA19E3401F39C10DF193BE029C7E7BBA, 3CF52FAAACC8DA80D1725531E2B4CC9507A948C619DC2D0A504D0AAD94CB5781 ] pnetmdm C:\WINDOWS\system32\DRIVERS\pnetmdm.sys

20:54:00.0005 0x0744 pnetmdm - ok

20:54:00.0005 0x0744 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

20:54:00.0005 0x0744 PolicyAgent - ok

20:54:00.0067 0x0744 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:54:00.0083 0x0744 PptpMiniport - ok

20:54:00.0083 0x0744 [ 4228630829C0E521C43D882A00533374, B40E1F02D2467805B2962A797BC743924DDBCE2C03339C480209E414E537AE26 ] PQNTDrv C:\WINDOWS\system32\drivers\PQNTDrv.sys

20:54:00.0098 0x0744 PQNTDrv - ok

20:54:00.0114 0x0744 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

20:54:00.0130 0x0744 Processor - ok

20:54:00.0130 0x0744 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

20:54:00.0130 0x0744 ProtectedStorage - ok

20:54:00.0145 0x0744 [ D8E11D311785F89F1D70A28B0E879127, 8DC3BB4C2238960A47D601CC0B6E2D07EE6C8B5D3852A9908803F89B01F715FB ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

20:54:00.0161 0x0744 PSched - ok

20:54:00.0177 0x0744 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:54:00.0177 0x0744 Ptilink - ok

20:54:00.0192 0x0744 [ 3A6489DCB6F28970B6BBD9687777FA00, 23F8C7B8A4B95925AA53D7F0AA4C349EA38CBEDF31AC9EAC17189CBBEAEF7B5C ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys

20:54:00.0192 0x0744 pwdrvio - ok

20:54:00.0208 0x0744 [ 9D00D015159B6ADF0980BAEEB5DCC5E4, C944564FD992084E86DD581B73E8DFDA54DBDA8A4396F6675BDA771ED50AF6C5 ] pwdspio C:\WINDOWS\system32\pwdspio.sys

20:54:00.0223 0x0744 pwdspio - ok

20:54:00.0239 0x0744 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:54:00.0239 0x0744 PxHelp20 - ok

20:54:00.0255 0x0744 ql1080 - ok

20:54:00.0255 0x0744 Ql10wnt - ok

20:54:00.0255 0x0744 ql12160 - ok

20:54:00.0255 0x0744 ql1240 - ok

20:54:00.0270 0x0744 ql1280 - ok

20:54:00.0270 0x0744 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:54:00.0286 0x0744 RasAcd - ok

20:54:00.0302 0x0744 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll

20:54:00.0317 0x0744 RasAuto - ok

20:54:00.0317 0x0744 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:54:00.0333 0x0744 Rasl2tp - ok

20:54:00.0348 0x0744 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll

20:54:00.0348 0x0744 RasMan - ok

20:54:00.0380 0x0744 [ 2C9D4620A0FD35DE1828370B392F6E2D, FAC9DFC34CDC4194B3724D0A2B64BD5CB3823F15B654CA7B7673917E9F0792A4 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:54:00.0380 0x0744 RasPppoe - ok

20:54:00.0380 0x0744 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

20:54:00.0395 0x0744 Raspti - ok

20:54:00.0411 0x0744 [ 77050C6615F6EB5402F832B27FD695E0, 8BEDCB0687349DAEA3DDEA04857A03BF8EAB73F2651170E6EE3D7A4838BACE90 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:54:00.0411 0x0744 Rdbss - ok

20:54:00.0411 0x0744 Rdoagen - ok

20:54:00.0427 0x0744 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:54:00.0427 0x0744 RDPCDD - ok

20:54:00.0442 0x0744 [ 47EA20320E3D6FDC7B7BB22B2B881CA6, 79C3D7F038C1EBB6DFDF8B7E0FB2EA1557AB6FBB806681F902B9BC6FF704086D ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:54:00.0458 0x0744 rdpdr - ok

20:54:00.0473 0x0744 [ C7D9BC54354B8C706ABF172D48313F1B, 48065B6914F29AAA3010CCBC78A3ED4ADC25C98D2E6778559DCCF986FA36E21E ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

20:54:00.0473 0x0744 RDPWD - ok

20:54:00.0505 0x0744 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr c:\WINDOWS\system32\sessmgr.exe

20:54:00.0505 0x0744 RDSessMgr - ok

20:54:00.0520 0x0744 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

20:54:00.0520 0x0744 redbook - ok

20:54:00.0552 0x0744 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

20:54:00.0567 0x0744 RemoteAccess - ok

20:54:00.0583 0x0744 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

20:54:00.0598 0x0744 RemoteRegistry - ok

20:54:00.0598 0x0744 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys

20:54:00.0598 0x0744 ROOTMODEM - ok

20:54:00.0645 0x0744 [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe

20:54:00.0645 0x0744 rpcapd - ok

20:54:00.0677 0x0744 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe

20:54:00.0677 0x0744 RpcLocator - ok

20:54:00.0692 0x0744 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] RpcSs C:\WINDOWS\System32\rpcss.dll

20:54:00.0708 0x0744 RpcSs - ok

20:54:00.0739 0x0744 [ 743D7D59767073A617B1DCC6C546F234, DE08EEC475F97F616BACF125B441B3542CEA3B017E2E98D94BE9FB1E13D13C99 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys

20:54:00.0739 0x0744 rspndr - ok

20:54:00.0755 0x0744 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe

20:54:00.0755 0x0744 RSVP - ok

20:54:00.0770 0x0744 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe

20:54:00.0786 0x0744 SamSs - ok

20:54:00.0802 0x0744 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

20:54:00.0802 0x0744 SCardSvr - ok

20:54:00.0817 0x0744 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll

20:54:00.0833 0x0744 Schedule - ok

20:54:00.0848 0x0744 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:54:00.0848 0x0744 Secdrv - ok

20:54:00.0864 0x0744 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll

20:54:00.0880 0x0744 seclogon - ok

20:54:00.0880 0x0744 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll

20:54:00.0895 0x0744 SENS - ok

20:54:00.0911 0x0744 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

20:54:00.0927 0x0744 Serenum - ok

20:54:00.0927 0x0744 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

20:54:00.0942 0x0744 Serial - ok

20:54:01.0067 0x0744 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys

20:54:01.0083 0x0744 Sfloppy - ok

20:54:01.0161 0x0744 [ F407F9E7CE3B68A07E96555B0E818BE6, C0512F8C92F7F70A99BBFA8B61D0A99B3DBAF52FDE612EA5E6AE9E76BF5A0971 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

20:54:01.0161 0x0744 SharedAccess - ok

20:54:01.0177 0x0744 [ 888CD7B39C37E13A2419BECFAAF0A28C, 90D6386E893FB4F20C27DACEF0AF139D89944B5FAA47C2CBD732E42DE76485BE ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

20:54:01.0192 0x0744 ShellHWDetection - ok

20:54:01.0192 0x0744 Simbad - ok

20:54:01.0208 0x0744 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:54:01.0223 0x0744 SLIP - ok

20:54:01.0239 0x0744 [ 853DADF45A76CB18EBC415EEBFFE0065, 854C36D254439E8DB01E14A4C6944637DBF2FE0485B4AE0C6585DBA5110835BB ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

20:54:01.0255 0x0744 SmartDefragDriver - ok

20:54:01.0489 0x0744 [ 9CD6FFC9F5B999EB5DF69B9177D9848F, ED9444C2A70B2244F47621686209223B6F56ABC684DC6731995E171637879A54 ] SNPSTD3 C:\WINDOWS\system32\DRIVERS\snpstd3.sys

20:54:01.0786 0x0744 SNPSTD3 - ok

20:54:01.0802 0x0744 Sparrow - ok

20:54:01.0927 0x0744 [ 080DACE6E314F875911D432B6A833C06, CAF395F31DDA4172FAE7C85F6FB6B16964B8D1E13223880BE461501A3D8F6022 ] SplashtopRemoteService c:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe

20:54:01.0942 0x0744 SplashtopRemoteService - ok

20:54:01.0958 0x0744 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys

20:54:01.0958 0x0744 splitter - ok

20:54:02.0005 0x0744 [ 258DD5D4283FD9F9A7166BE9AE45CE73, 05369C6943ADFF081B06400ADC4D26FEC81972B53F11AD079F51412AD07C2978 ] Spooler C:\WINDOWS\system32\spoolsv.exe

20:54:02.0005 0x0744 Spooler - ok

20:54:02.0036 0x0744 [ D390675B8CE45E5FB359338E5E649329, D10D750EC3FEA62A202EED163F534F2B7EDB2951A4908EA07BDE75D31C1250F2 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys

20:54:02.0067 0x0744 sptd - ok

20:54:02.0067 0x0744 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

20:54:02.0083 0x0744 sr - ok

20:54:02.0098 0x0744 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll

20:54:02.0098 0x0744 srservice - ok

20:54:02.0130 0x0744 [ 9B390283569EA58D43D2586032B892F5, FADC0AD9D8F715290F02A6A59B284A6AD53C5BD13933B1D3ECC03C558C9D5885 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

20:54:02.0145 0x0744 Srv - ok

20:54:02.0161 0x0744 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

20:54:02.0161 0x0744 SSDPSRV - ok

20:54:02.0192 0x0744 [ A1CC726323FB41FFD29F436A77237E41, 8D76C546EA0185F17F5058B4040DC94E0737C5C005320970E6F7F888429D94B5 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys

20:54:02.0192 0x0744 ssudmdm - ok

20:54:02.0255 0x0744 [ 504C33FE3B4E2AF11FE5875DDCA8EBEA, 7A3A5B5B23422A58F597DDE5FC0593EDE8EF31A7FB9CB77DB3A6AAFCCA369F3D ] SSUService C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe

20:54:02.0286 0x0744 SSUService - ok

20:54:02.0302 0x0744 [ 1F730FDDC8E4602ECFD8D143F970CF82, 71CCC206C7C15DAD420F8AFDC08EEB5525ACD509350636197E3373D778A5559D ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys

20:54:02.0302 0x0744 StarOpen - ok

20:54:02.0333 0x0744 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll

20:54:02.0333 0x0744 stisvc - ok

20:54:02.0364 0x0744 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:54:02.0364 0x0744 streamip - ok

20:54:02.0380 0x0744 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

20:54:02.0380 0x0744 swenum - ok

20:54:02.0395 0x0744 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

20:54:02.0395 0x0744 swmidi - ok

20:54:02.0411 0x0744 SwPrv - ok

20:54:02.0411 0x0744 symc810 - ok

20:54:02.0427 0x0744 symc8xx - ok

20:54:02.0427 0x0744 sym_hi - ok

20:54:02.0427 0x0744 sym_u3 - ok

20:54:02.0442 0x0744 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

20:54:02.0458 0x0744 sysaudio - ok

20:54:02.0473 0x0744 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

20:54:02.0489 0x0744 SysmonLog - ok

20:54:02.0505 0x0744 [ E2B32B10ACC5D97623275AAFB67E5F03, 470EE68D78D09DD924CDC34E607801EB31C3E1482A823923D4324A36A0F96E2B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

20:54:02.0520 0x0744 TapiSrv - ok

20:54:02.0567 0x0744 [ 51E41F16ACD80B8B39C0AE703A213F09, AFE18DBEAFA68F87E57FB23E447148372516A5A1152B31787E2EC3E199C8B0D6 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:54:02.0567 0x0744 Tcpip - ok

20:54:02.0583 0x0744 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

20:54:02.0598 0x0744 TDPIPE - ok

20:54:02.0614 0x0744 [ C0578456F29E5F26285F81B7B71FE57D, D1744D3C242E014EBB242FFA2F21AE9398D7568A23E443855A94DF14D1A72885 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

20:54:02.0614 0x0744 TDTCP - ok

20:54:02.0630 0x0744 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

20:54:02.0645 0x0744 TermDD - ok

20:54:02.0661 0x0744 [ 5128852A18AE46C387F87BF27DA4C9DD, C4E012E03067C2658AB89B0A673F2091CDD8D52673DBCE8699D27EACC4CF6CDA ] TermService C:\WINDOWS\System32\termsrv.dll

20:54:02.0677 0x0744 TermService - ok

20:54:02.0692 0x0744 [ 888CD7B39C37E13A2419BECFAAF0A28C, 90D6386E893FB4F20C27DACEF0AF139D89944B5FAA47C2CBD732E42DE76485BE ] Themes C:\WINDOWS\System32\shsvcs.dll

20:54:02.0708 0x0744 Themes - ok

20:54:02.0723 0x0744 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr c:\WINDOWS\system32\tlntsvr.exe

20:54:02.0723 0x0744 TlntSvr - ok

20:54:02.0723 0x0744 TosIde - ok

20:54:02.0770 0x0744 [ 4D3622859D61F50DBBDF2677A90DA1C2, 12423C896C3BFE130811B7BE015B2ED948F1B139E34EA12E064038FFDE43D6C0 ] TPLINKUDSMBus C:\WINDOWS\system32\drivers\TplinkUDSMBus.sys

20:54:02.0786 0x0744 TPLINKUDSMBus - ok

20:54:02.0802 0x0744 [ 5C0CE8FD796C466967311A5211C8086F, BD7C6FF50C409FC5BF4BE36F72432CDF611237E5F69CDC67DAED280E58FB1C66 ] TplinkUDSTcpBus C:\WINDOWS\system32\drivers\TplinkUDSTcpBus.sys

20:54:02.0802 0x0744 TplinkUDSTcpBus - ok

20:54:02.0817 0x0744 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll

20:54:02.0833 0x0744 TrkWks - ok

20:54:02.0833 0x0744 TrueSight - ok

20:54:02.0864 0x0744 [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys

20:54:02.0864 0x0744 tunmp - ok

20:54:02.0880 0x0744 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

20:54:02.0880 0x0744 Udfs - ok

20:54:02.0895 0x0744 ultra - ok

20:54:02.0895 0x0744 ultradfg - ok

20:54:02.0927 0x0744 [ 5B27BAC376642259825A6131879D760B, DFC9B57A5710022ED2DE88EF30FBD43A7603D4C7A64B81E5E86700433F434DA6 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

20:54:02.0942 0x0744 UMVPFSrv - ok

20:54:02.0958 0x0744 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

20:54:02.0973 0x0744 Update - ok

20:54:02.0989 0x0744 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll

20:54:03.0005 0x0744 upnphost - ok

20:54:03.0020 0x0744 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe

20:54:03.0036 0x0744 UPS - ok

20:54:03.0052 0x0744 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

20:54:03.0192 0x0744 usbaudio - ok

20:54:03.0223 0x0744 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:54:03.0223 0x0744 usbccgp - ok

20:54:03.0473 0x0744 [ D8B72BC1A9D28F98497C730E7FC13DFB, 6F60FF193EA2F6094A641797C6463FD3BBB0FD97DA5ADAC39D71030C80BD09AF ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:54:03.0489 0x0744 usbehci - ok

20:54:03.0505 0x0744 [ 9B2586EB4A1CD8A1F12B25A2B35E2408, 947820A2F4477F12D57FBEADCD17D538E359A9E8783DC8D100FB4AC3A4402597 ] usbfilter C:\WINDOWS\system32\DRIVERS\usbfilter.sys

20:54:03.0520 0x0744 usbfilter - ok

20:54:03.0536 0x0744 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:54:03.0536 0x0744 usbhub - ok

20:54:03.0552 0x0744 [ C5E11CD822ADF0019A5A862D9C4E2222, 17BB70CD0D88ABE628E7CE4508E0F38511DAAFE33A50B483AC6B2CCAE3F3DEB7 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

20:54:03.0567 0x0744 usbohci - ok

20:54:03.0583 0x0744 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:54:03.0583 0x0744 usbprint - ok

20:54:03.0614 0x0744 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:54:03.0614 0x0744 usbscan - ok

20:54:03.0645 0x0744 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:54:03.0645 0x0744 USBSTOR - ok

20:54:03.0645 0x0744 [ 55105AABA83A430309CC1F5BBC4C5DA7, C3E4A1A02B9D780FA0005A840118D79FA9DF8245DFF0ACEC2358D8C671B23687 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:54:03.0661 0x0744 usbuhci - ok

20:54:03.0661 0x0744 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

20:54:03.0677 0x0744 usbvideo - ok

20:54:03.0692 0x0744 [ 534D1BAD358DC73F17E7FAD12723A793, A6C1DEA8BF3561C132C41F0D14142EF1118AAD77A15DAB48D5A8C7AC6A6958C5 ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys

20:54:03.0692 0x0744 usb_rndisx - ok

20:54:03.0708 0x0744 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E, 695332A57F65E2F5854043691C1F8FC20FF97A60BB72A90095DCB113A5AE8D33 ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys

20:54:03.0723 0x0744 VComm - ok

20:54:03.0739 0x0744 [ EF0D45ED806B0C9AE9756BFEECB077ED, FB7C006C2D88B361AB971F78F86169263D595EEB75163F5774FEA2208055109F ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys

20:54:03.0739 0x0744 VcommMgr - ok

20:54:03.0770 0x0744 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

20:54:03.0770 0x0744 VgaSave - ok

20:54:03.0786 0x0744 ViaIde - ok

20:54:03.0817 0x0744 [ 590C7A3A1133E51A7E1CEF67366E75AF, DF08F0167BFB02E68023A09D723B21D3DA20D4EA1515C0B0A262E1C6372BBF23 ] vmm c:\WINDOWS\system32\Drivers\vmm.sys

20:54:03.0817 0x0744 vmm - ok

20:54:03.0833 0x0744 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

20:54:03.0833 0x0744 VolSnap - ok

20:54:03.0848 0x0744 [ F96A678DEBDCCB0B4BB7F38CB2580589, B4CF2C6AE52D418488FF9E9474F5826005DD57EE55C59D1F2FB2D86DDED0B373 ] VPCNetS2 C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys

20:54:03.0848 0x0744 VPCNetS2 - ok

20:54:03.0880 0x0744 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe

20:54:03.0895 0x0744 VSS - ok

20:54:03.0927 0x0744 [ CC6FE51A1FED595C37D5ACB0934AF793, D669B3A5E68C1060CEC03B0A4D9BAA688CE927CBAFBAEE6B11AF8B9321F18CC4 ] VUSB3HUB C:\WINDOWS\system32\DRIVERS\ViaHub3.sys

20:54:03.0927 0x0744 VUSB3HUB - ok

20:54:03.0958 0x0744 [ D3FDB6080351D78839112138F353F250, 9E2151F928B494B25CD6EECF46EEABAD48CB7639F101810F7ABF3C15C76F082C ] W2kbhid C:\WINDOWS\system32\DRIVERS\W2kbhid.sys

20:54:03.0973 0x0744 W2kbhid - ok

20:54:03.0989 0x0744 [ 9F8A0D0CBB2FA265A754516128C00E22, 906678898949399FA484FE45E5663CC678BEFDF69694CA1D5433093F87EF66A8 ] W32Time C:\WINDOWS\system32\w32time.dll

20:54:03.0989 0x0744 W32Time - ok

20:54:04.0020 0x0744 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:54:04.0020 0x0744 Wanarp - ok

20:54:04.0083 0x0744 [ 85D294B1BA9307C229C099D1699C19EE, F08373C15C773A4EF1F52DE740E048E40CBD6738FCB24EE1845B642936997CD9 ] wandrv C:\WINDOWS\system32\DRIVERS\wandrv.sys

20:54:04.0083 0x0744 wandrv - ok

20:54:04.0098 0x0744 [ 46A247F6617526AFE38B6F12F5512120, 24931910E3D678829A7A6CF1140CFE428E05057A4D3A14086ED66B884E847D2D ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

20:54:04.0114 0x0744 wceusbsh - ok

20:54:04.0145 0x0744 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

20:54:04.0161 0x0744 Wdf01000 - ok

20:54:04.0161 0x0744 WDICA - ok

20:54:04.0177 0x0744 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

20:54:04.0192 0x0744 wdmaud - ok

20:54:04.0192 0x0744 [ 703591CD1403BC19E7198CA7B314E132, 51ED522E32BBE2B3DFFD5E3CDA62CA709F51A5F14C334A1D614415AFF9BD6F59 ] WebClient C:\WINDOWS\System32\webclnt.dll

20:54:04.0208 0x0744 WebClient - ok

20:54:04.0208 0x0744 [ AC1BB18F293B1F68299A4070302A630F, 6F015696CA2BD86BEC769142B3C173EF979C29660B3D633EBCB614A7A960C2EA ] WideUsb C:\WINDOWS\system32\DRIVERS\WideUSB.sys

20:54:04.0208 0x0744 WideUsb - ok

20:54:04.0255 0x0744 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

20:54:04.0255 0x0744 winmgmt - ok

20:54:04.0286 0x0744 [ E98867609102F966C5A9078AFB44547E, 5E01F874336D0E2D2B34A400721F1550C3B8C6D43360707FA88F23A05CE921CC ] Wintab32 C:\WINDOWS\system32\Wintab32.exe

20:54:04.0302 0x0744 Wintab32 - ok

20:54:04.0317 0x0744 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys

20:54:04.0333 0x0744 WinUSB - ok

20:54:04.0348 0x0744 [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

20:54:04.0348 0x0744 WmdmPmSN - ok

20:54:04.0380 0x0744 [ 652C0DB3B76746CC1E50823E1FCF7B13, 9359F9C60310619DB7CA5C53C89862BA1C59BF7E3A4BC00186910777A322F975 ] Wmi C:\WINDOWS\System32\advapi32.dll

20:54:04.0395 0x0744 Wmi - ok

20:54:04.0427 0x0744 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:54:04.0427 0x0744 WmiApSrv - ok

20:54:04.0473 0x0744 [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

20:54:04.0489 0x0744 WMPNetworkSvc - ok

20:54:04.0520 0x0744 [ 9D783B7E9D0CE7EB95069A5472F16B37, 1BA27068EC024C26541534F4C84EABBA12A18E8CD3B838F51670C81975C42A55 ] WNCPKT C:\WINDOWS\system32\drivers\wncpkt.sys

20:54:04.0520 0x0744 WNCPKT - ok

20:54:04.0520 0x0744 [ C60DC16D4E406810FAD54B98DC92D5EC, 43E7DF323BBD7C889CAD078176E239319A40EE4BEBC7BD753012B94CF5E48551 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys

20:54:04.0536 0x0744 WpdUsb - ok

20:54:04.0583 0x0744 [ 120F3B596F79FC990B7D808857A8B3BC, FCCB2042CD9546FD22B2C03045D55D1834BFCC28EAD2F51E1133894BCF91473B ] WPFFontCache_v0400 c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:54:04.0598 0x0744 WPFFontCache_v0400 - ok

20:54:04.0598 0x0744 Wpf_aidcg - ok

20:54:04.0630 0x0744 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:54:04.0630 0x0744 WS2IFSL - ok

20:54:04.0645 0x0744 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

20:54:04.0661 0x0744 wscsvc - ok

20:54:04.0677 0x0744 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:54:04.0692 0x0744 WSTCODEC - ok

20:54:04.0708 0x0744 [ 12FBDF5B521B4D50E4BD61CFBDBF4B69, 20441A3116F36B247F5775038D08173B30A2772095FBC06A0082582E493F612B ] Wtcls2k C:\WINDOWS\system32\DRIVERS\Wtcls2k.sys

20:54:04.0723 0x0744 Wtcls2k - ok

20:54:04.0739 0x0744 [ 37E17DF31E2883F394FABFBC93AC3069, 2AE00DA07595934F3F5A78A0AA7DF23E65B0A917E09B896994D201FB3581FE00 ] wuauserv C:\WINDOWS\system32\wuauserv.dll

20:54:04.0755 0x0744 wuauserv - ok

20:54:04.0770 0x0744 [ EAA6324F51214D2F6718977EC9CE0DEF, B9DE1521395E09233FE519873702979C3EAF65FEC4B94B12A46CECB16C488543 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:54:04.0770 0x0744 WudfPf - ok

20:54:04.0786 0x0744 [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:54:04.0802 0x0744 WudfRd - ok

20:54:04.0802 0x0744 [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

20:54:04.0817 0x0744 WudfSvc - ok

20:54:04.0848 0x0744 [ 349B8D2BB755E8C3B0E3E82A87663E55, 1C1F93C34527AA9C70694D2246829A48E54270063E16D04B357ACD0314B7EAD4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

20:54:04.0864 0x0744 WZCSVC - ok

20:54:04.0880 0x0744 xati2 - ok

20:54:04.0911 0x0744 [ B960943193A207FE2B81FBA7888752D5, 455F331BC0D2CE7B81498C3269340D59CEB01B33028B23DFDDA0C66B1B65AC37 ] xhcdrv C:\WINDOWS\system32\DRIVERS\xhcdrv.sys

20:54:04.0911 0x0744 xhcdrv - ok

20:54:04.0942 0x0744 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll

20:54:04.0958 0x0744 xmlprov - ok

20:54:04.0989 0x0744 [ 03382DEB49F1D9D61523754C0C5A8DDD, EB3C48B4C6FEDB2B6721C43150C5D65D5250073A82AA898765180C61E5A8E7E2 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys

20:54:04.0989 0x0744 yukonwxp - ok

20:54:05.0052 0x0744 ================ Scan global ===============================

20:54:05.0067 0x0744 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll

20:54:05.0098 0x0744 [ A6430B97C05DA8A4BA70E8280B2E6287, A54251E7CCC870890E0D7E75AF8E7431934D3A587FF24FC8BB1FBA60E2C0B12A ] C:\WINDOWS\system32\winsrv.dll

20:54:05.0114 0x0744 [ A6430B97C05DA8A4BA70E8280B2E6287, A54251E7CCC870890E0D7E75AF8E7431934D3A587FF24FC8BB1FBA60E2C0B12A ] C:\WINDOWS\system32\winsrv.dll

20:54:05.0145 0x0744 [ C519E15665CD89A91AD383FCE3CB556A, C2488C0B7D3C05CA5B23154AEDD07EFC592B7E5008100FA4416BE8DFEE551B24 ] C:\WINDOWS\system32\services.exe

20:54:05.0145 0x0744 [ Global ] - ok

20:54:05.0145 0x0744 ================ Scan MBR ==================================

20:54:05.0161 0x0744 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

20:54:05.0317 0x0744 \Device\Harddisk0\DR0 - ok

20:54:05.0317 0x0744 ================ Scan VBR ==================================

20:54:05.0317 0x0744 [ 4226D987F24E7B4CF97F7AD0BA119262 ] \Device\Harddisk0\DR0\Partition1

20:54:05.0364 0x0744 \Device\Harddisk0\DR0\Partition1 - ok

20:54:05.0364 0x0744 [ BE1E8EA2318CAE6F4336B7D9B37803E0 ] \Device\Harddisk0\DR0\Partition2

20:54:05.0427 0x0744 \Device\Harddisk0\DR0\Partition2 - ok

20:54:05.0442 0x0744 [ 4816DE150C64BADC4F8E9CCEF7823181 ] \Device\Harddisk0\DR0\Partition3

20:54:05.0489 0x0744 \Device\Harddisk0\DR0\Partition3 - ok

20:54:05.0505 0x0744 [ B61B10B5CE932C35E9FA0F59EB652C0F ] \Device\Harddisk0\DR0\Partition4

20:54:05.0552 0x0744 \Device\Harddisk0\DR0\Partition4 - ok

20:54:05.0567 0x0744 [ F2AC5CD11771BB58491AE4DA4AD5FAB0 ] \Device\Harddisk0\DR0\Partition5

20:54:05.0614 0x0744 \Device\Harddisk0\DR0\Partition5 - ok

20:54:05.0630 0x0744 [ 044D46827AB2EF0B0AC3FDFFE6CBB22B ] \Device\Harddisk0\DR0\Partition6

20:54:05.0661 0x0744 \Device\Harddisk0\DR0\Partition6 - ok

20:54:05.0661 0x0744 ============================================================

20:54:05.0661 0x0744 Scan finished

20:54:05.0661 0x0744 ============================================================

20:54:05.0677 0x1374 Detected object count: 0

20:54:05.0677 0x1374 Actual detected object count: 0

Link to post
Share on other sites

That log is clean, ok continue please:

 

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

Kevin, while running combofix I got pev.3XE Application Errors several times throughout. After clicking OK each time, combofix continued.
 
 
============================== COMBOFIX LOG =====================================
 
 
ComboFix 14-05-27.02 - User 05/28/2014  10:22:23.13.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3320.2612 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\daemon.dll
c:\windows\system32\AdmDll.dll
c:\windows\system32\browseui.dll.tmp
c:\windows\system32\r_server.exe
c:\windows\system32\raddrv.dll
c:\windows\system32\SET1BF.tmp
c:\windows\system32\WgaTray.exe.txt
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-28 to 2014-05-28  )))))))))))))))))))))))))))))))
.
.
2014-05-27 04:42 . 2014-05-27 04:44 -------- d-----w- C:\FRST
2014-05-17 14:03 . 2014-04-17 09:32 8050496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7156C499-8557-4396-BE03-0DE409CE51FC}\mpengine.dll
2014-05-17 05:05 . 2014-05-17 05:05 -------- d-----w- C:\clean
2014-05-15 18:17 . 2014-05-15 18:20 -------- d-----w- c:\windows\system32\MRT
2014-05-15 17:35 . 2014-04-17 09:32 8050496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-13 18:34 . 2008-04-14 08:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2014-05-13 18:34 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2014-05-13 18:34 . 2008-04-14 08:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2014-05-13 18:34 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2014-05-13 18:34 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2014-05-13 18:33 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2014-05-13 18:33 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2014-05-13 18:33 . 2008-04-14 01:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2014-05-13 18:33 . 2008-04-14 01:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2014-05-13 18:33 . 2008-04-14 08:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2014-05-13 18:33 . 2008-04-14 03:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2014-05-13 18:33 . 2008-04-14 01:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2014-05-13 18:33 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2014-05-13 18:33 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2014-05-13 18:31 . 2001-08-17 17:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2014-05-13 18:30 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2014-05-13 18:29 . 2001-08-18 02:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2014-05-13 18:28 . 2001-08-17 16:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2014-05-13 18:27 . 2001-08-18 02:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2014-05-13 18:26 . 2008-04-14 03:10 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2014-05-13 18:25 . 2001-08-18 02:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2014-05-13 18:24 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2014-05-13 18:23 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2014-05-13 16:53 . 2014-05-27 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-05-13 16:27 . 2014-05-13 16:27 -------- d-----w- c:\documents and settings\User\Application Data\ElevatedDiagnostics
2014-05-13 16:26 . 2014-05-13 16:29 -------- d-----w- C:\MATS
2014-05-13 16:22 . 2014-05-13 16:22 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun
2014-05-13 15:19 . 2014-05-13 15:19 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
2014-05-12 17:44 . 2014-05-13 13:45 -------- d-----w- c:\program files\D-Tools
2014-05-12 17:44 . 2004-08-22 20:31 5248 ----a-w- c:\windows\system32\drivers\d3472prt.sys
2014-05-12 17:44 . 2004-08-22 20:31 155136 ----a-w- c:\windows\system32\drivers\d3472bus.sys
2014-05-12 13:09 . 2007-04-17 01:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2014-05-12 13:06 . 2013-09-20 14:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-05-12 13:00 . 2014-05-12 13:00 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2014-04-29 18:54 . 2014-04-29 18:54 3584 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-27 04:21 . 2014-03-29 03:37 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-20 13:33 . 2012-10-23 15:45 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-20 13:33 . 2012-05-17 18:03 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 17:15 . 2014-03-29 03:37 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-28 21:26 . 2010-10-15 01:18 165232 ---ha-w- c:\documents and settings\User\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2014-04-03 13:50 . 2011-10-13 16:27 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-02 15:18 . 2014-04-24 13:01 144664 ----a-w- c:\windows\system32\secman.dll
2014-03-31 03:58 . 2010-10-15 01:26 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-03-10 22:17 . 2014-04-04 05:58 109856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-03-06 17:59 . 2012-02-28 19:48 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:59 . 2008-04-14 09:41 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2008-04-14 09:41 18944 ------w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2012-02-28 14:53 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\EldosIconOverlay-cbfs4]
@="{173F8B22-0595-459D-8088-CCBCEAC854EE}"
[HKEY_CLASSES_ROOT\CLSID\{173F8B22-0595-459D-8088-CCBCEAC854EE}]
2013-04-25 01:19 155496 ------w- c:\windows\system32\cbfsMntNtf4.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer"="h:\program files\Glary Utilities\memdefrag.exe" [2010-09-09 108344]
"H/PC Connection Agent"="h:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-06-19 180224]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-21 20026472]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
AODAssist.lnk - c:\program files\AMD\OverDrive\AODAssist.exe [2014-1-8 137584]
DeskPins.lnk - h:\program files\DeskPins\DeskPins.exe [2010-10-15 62464]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - h:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ   kerberos msv1_0 schannel wdigest tspkg tspkg
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^RAM XP.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\RAM XP.lnk
backup=c:\windows\pss\RAM XP.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.2 HD Edition.lnk]
backup=c:\windows\pss\PHOTOfunSTUDIO 5.2 HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SJphone 1.65.lnk]
backup=c:\windows\pss\SJphone 1.65.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SJphone.lnk]
backup=c:\windows\pss\SJphone.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^PowerMenu.lnk]
backup=c:\windows\pss\PowerMenu.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^Remote Touch Server.exe]
backup=c:\windows\pss\Remote Touch Server.exeStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^MultiMon Taskbar.lnk]
backup=c:\windows\pss\MultiMon Taskbar.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^SJphone 1.65.lnk]
backup=c:\windows\pss\SJphone 1.65.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
-scheduler [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 05:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2013-04-19 00:38 491840 ----a-w- h:\program files\IObit-AdvancedSystemCare6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2011-04-20 01:44 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avichannel]
2011-02-22 01:14 1680384 ----a-w- h:\program files\Evaer (skype recorder)\videochannel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 09:42 110592 ------w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoxCryptor]
2013-06-14 05:09 4143360 ----a-w- h:\program files\BoxCryptor\BoxCryptor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]
2007-08-10 19:38 81920 ----a-w- h:\program files\webcam\Deluxe Optical Glass\CamService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 17:53 2567272 ----a-w- h:\program files\Canon\PIXMA_MX870\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CompanionLink]
2012-09-26 14:36 49004544 ----a-w- h:\program files\CompanionLink\CompanionLink.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]
2006-05-31 22:46 5252392 ----a-w- h:\program files\Copernic Desktop Search\CopernicDesktopSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2013-09-04 15:34 1372232 ----a-w- h:\program files\EaseUS Todo Backup 6.5\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2013-09-04 15:33 70728 ----a-w- h:\program files\EaseUS Todo Backup 6.5\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epic Update]
2013-09-10 14:00 499368 ----atw- c:\documents and settings\User\Local Settings\Application Data\Epic\Update\EpicUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2008-07-25 19:47 487424 ----a-w- h:\program files\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]
2012-03-15 02:05 3090056 ----a-w- h:\program files\FlashGet 3\Flashget3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
2010-09-09 14:32 108344 ----a-w- h:\program files\Glary Utilities\memdefrag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- h:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2013-10-30 03:20 578560 ----a-w- h:\program files\SAMSUNG\kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-12-11 09:52 1564528 ----a-w- h:\program files\SAMSUNG\kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-12-11 09:52 311152 ----a-w- h:\program files\SAMSUNG\kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-03-02 03:14 190808 ----a-w- h:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2001-11-09 00:19 53248 ------w- c:\windows\system32\MMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2014-03-11 14:13 951576 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF7 Registry Controller]
2011-04-28 14:15 138528 ----a-w- h:\program files\PDF Professional 7 by Nuance\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2011-04-28 14:16 1770784 ----a-w- h:\program files\PDF Professional 7 by Nuance\PdfPro7Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
2012-07-16 20:41 113664 ----a-w- h:\program files\RAM Idle LE\RAM_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-04-25 18:14 4101584 ----a-w- h:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmBizcard]
2009-11-27 19:22 247632 ----a-w- h:\program files\Presto! BizCard 6\SmBizcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-08-14 01:24 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP-LINK USB Printer Controller]
2012-09-21 20:46 4226048 ----a-w- h:\program files\TP-LINK\USB Printer Controller\USB Printer Controller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 16:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIAxHCUtl]
2011-07-12 20:14 331776 ----a-w- c:\via_xhci\usb3Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pymtimea"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"wuauserv"=2 (0x2)
"MDM"=2 (0x2)
"WZCSVC"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"NovacomD"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"mnmsrvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"Fax"=2 (0x2)
"CiSvc"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"Wintab32"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"ose"=3 (0x3)
"avast! Antivirus"=3 (0x3)
"AdvancedSystemCareService6"=2 (0x2)
"rpcapd"=3 (0x3)
"odserv"=3 (0x3)
"MBAMScheduler"=2 (0x2)
"MBAMService"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\program files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\program files\Microsoft ActiveSync\WCESMgr.exe"= h:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"h:\program files\Microsoft ActiveSync\wcescomm.exe"= h:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"h:\program files\Microsoft ActiveSync\rapimgr.exe"= h:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"h:\\program files\\ThinVNC\\ThinVnc.exe"=
"c:\\Program Files\\SJphone 1.65\\SJphone.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\program files\\Avid\\Studio\\programs\\UMI.exe"=
"h:\\program files\\Avid\\Studio\\programs\\NGStudio.exe"=
"h:\\program files\\Avid\\Studio\\programs\\RM.exe"=
"h:\\program files\\WinPcap\\rpcapd.exe"=
"h:\\program files\\gmms\\bin\\gmms.exe"=
"h:\\program files\\Mozilla Firefox3\\plugin-container.exe"=
"h:\\program files\\RTMPdump\\rtmpgw.exe"=
"h:\\program files\\RTMPdump\\rtmpsrv.exe"=
"h:\\program files\\RTMPdump\\rtmpsuck.exe"=
"h:\\program files\\CuteFTP\\CUTFTP32.EXE"=
"h:\\program files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"h:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\program files\\FlashGet\\flashget.exe"=
"h:\\Program Files\\FlashGet 3\\FlashGet3.exe"=
"h:\\program files\\BlueSoleil\\BlueSoleil.exe"=
"h:\\program files\\CompanionLink\\CompanionLink.exe"=
"h:\\program files\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Client\\strwinclt.exe"=
"h:\\program files\\TP-LINK\\USB Printer Controller\\USB Printer Controller.exe"=
"c:\\Program Files\\SJLabs\\SJphone\\SJphone.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"h:\\program files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"h:\\program files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"h:\\program files\\EaseUS Todo Backup 6.5\\bin\\TbService.exe"=
"h:\\program files\\EaseUS Todo Backup 6.5\\bin\\Agent.exe"=
"h:\\program files\\EaseUS Todo Backup 6.5\\bin\\TBConsoleUI.exe"=
"h:\\program files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"h:\\program files\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"h:\\program files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRServer.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\DataProxy.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8075:TCP"= 8075:TCP:radmin
"5060:TCP"= 5060:TCP:5060
"5061:UDP"= 5061:UDP:5061
"5060:UDP"= 5060:UDP:5060
"1812:UDP"= 1812:UDP:1812
"3478:UDP"= 3478:UDP:3478
"3479:UDP"= 3479:UDP:3479
"6263:TCP"= 6263:TCP:splashtop
"6262:TCP"= 6262:TCP:splashtop
"6261:TCP"= 6261:TCP:splashtop
"18112:TCP"= 18112:TCP:skype 18112
"18112:UDP"= 18112:UDP:skype 18112
"7878:TCP"= 7878:TCP:AllShare TCP Port
"20102:TCP"= 20102:TCP:AllShare UDP Port
"1900:TCP"= 1900:TCP:AllShare Multicast Port
"7437:UDP"= 7437:UDP:TP-LINK USB Printer Controller UDP Port
"4705:TCP"= 4705:TCP:*:Disabled:messenger
"37789:TCP"= 37789:TCP:www
"6641:TCP"= 6641:TCP:messenger
"21269:TCP"= 21269:TCP:www
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [1/30/2011 7:24 PM 189968]
R0 d3472bus;d3472bus;c:\windows\system32\drivers\d3472bus.sys [5/12/2014 1:44 PM 155136]
R0 d3472prt;d3472prt;c:\windows\system32\drivers\d3472prt.sys [5/12/2014 1:44 PM 5248]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [10/14/2010 9:26 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [10/14/2010 9:26 PM 5248]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [10/15/2010 3:04 AM 52040]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [3/27/2014 10:19 AM 40776]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [10/15/2010 3:04 AM 20616]
R1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys [6/14/2013 1:10 AM 321984]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [10/15/2010 3:04 AM 14920]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [3/27/2014 10:19 AM 185800]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [10/14/2010 9:26 PM 6656]
R2 AMD_RAIDXpert;AMD RAIDXpert;h:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [12/14/2011 12:02 PM 131320]
R2 AODDriver4.3.0;AODDriver4.3.0;c:\program files\AMD\OverDrive\i386\AODDriver2.sys [1/8/2014 6:42 AM 50408]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [10/14/2010 9:19 PM 28672]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [10/24/2013 12:58 PM 790880]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12/5/2013 2:16 AM 84248]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [10/15/2010 3:04 AM 122504]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12/5/2013 2:16 AM 182680]
R3 TPLINKUDSMBus;TPLINKUDSMBus;c:\windows\system32\drivers\TplinkUDSMBus.sys [1/18/2013 10:20 AM 88576]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [1/31/2011 4:08 AM 40832]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys [5/25/2013 6:05 AM 193608]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\drivers\xhcdrv.sys [5/25/2013 6:04 AM 241096]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/14/2010 9:26 PM 685816]
S1 DC30;miroVIDEO DC30 series, Motion JPEG Capture/CODEC Board;c:\windows\system32\drivers\DC30.SYS [10/14/2010 9:26 PM 124672]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [8/18/2009 8:50 AM 9472]
S2 AODDriver4.1;AODDriver4.1;\??\h:\program files\AMD\OverDrive\i386\AODDriver2.sys --> h:\program files\AMD\OverDrive\i386\AODDriver2.sys [?]
S2 xati2;ATI Radeon WindowsNT Miniport Driver;c:\program files\AMD 760G\ati2mtag.exe "c:\program files\Common Files\AMD 760G\ati2mtag.dat" --> c:\program files\AMD 760G\ati2mtag.exe c:\program files\Common Files\AMD 760G\ati2mtag.dat [?]
S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [10/14/2010 9:21 PM 660768]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/14/2010 9:26 PM 1691480]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [10/14/2010 9:26 PM 94720]
S3 cleanhlp;cleanhlp;h:\program files\EEK_\Run\cleanhlp32.sys [4/1/2014 9:21 AM 50200]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [11/24/2012 10:44 PM 20032]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/15/2010 3:24 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/15/2010 3:24 AM 8456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/19/2013 5:12 PM 37344]
S3 IDriverT (RENAME);InstallDriver Table Manager;c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [10/22/2004 4:24 AM 73728]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/28/2014 11:37 PM 52312]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/13/2011 12:27 PM 23256]
S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [3/21/2011 12:17 PM 68928]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [12/2/2012 2:58 AM 13440]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [10/14/2010 9:26 PM 9472]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [10/29/2013 11:26 AM 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [10/29/2013 11:26 AM 10320]
S3 TplinkUDSTcpBus;TPLINKUDSTcpBus;c:\windows\system32\drivers\TplinkUDSTcpBus.sys [1/18/2013 10:20 AM 151296]
S3 W2kbhid;KBGear Tablet (USB);c:\windows\system32\drivers\w2kbhid.sys [10/14/2010 9:26 PM 23552]
S3 WideUsb;WideUSB Generic USB Bulk driver;c:\windows\system32\drivers\WideUSB.sys [10/14/2010 9:26 PM 24448]
S4 3CXTunnel;3CX PhoneSystem SIP/RTP Tunneling Proxy;h:\program files\3CX VoIP Client\3CXTunnel.exe [10/15/2010 8:04 AM 1014872]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;h:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 3:06 AM 169408]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;h:\program files\IObit-AdvancedSystemCare6\ASCService.exe [10/8/2013 12:13 AM 574272]
S4 Asw960s_wc;Asw960s_wc; [x]
S4 BstHdAndroidSvc;BlueStacks Android Service; [x]
S4 BstHdDrv;BlueStacks Hypervisor;\??\c:\program files\BlueStacks\HD-Hypervisor-x86.sys --> c:\program files\BlueStacks\HD-Hypervisor-x86.sys [?]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; [x]
S4 Coxspemedsv;Coxspemedsv; [x]
S4 d347Bbus;d347Bbus;c:\windows\system32\DRIVERS\d347Bbus.sys --> c:\windows\system32\DRIVERS\d347Bbus.sys [?]
S4 d347Bprt;d347Bprt;c:\windows\system32\Drivers\d347Bprt.sys --> c:\windows\system32\Drivers\d347Bprt.sys [?]
S4 DEDR;DEDR; [x]
S4 EaseUS Agent;EaseUS Agent Service;h:\program files\EaseUS Todo Backup 6.5\bin\Agent.exe [3/27/2014 10:16 AM 36936]
S4 efavdrv;efavdrv;\??\c:\windows\system32\drivers\efavdrv.sys --> c:\windows\system32\drivers\efavdrv.sys [?]
S4 EUBAKUP0;EUBAKUP0;\??\c:\windows\system32\drivers\EUBAKUP0.sys --> c:\windows\system32\drivers\EUBAKUP0.sys [?]
S4 FDUYT;FDUYT; [x]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2/19/2013 5:12 PM 233472]
S4 Guard Agent;Guard Agent Service;h:\program files\EaseUS Todo Backup 6.5\bin\GuardAgent.exe [3/27/2014 10:16 AM 23624]
S4 MBAMScheduler;MBAMScheduler;h:\program files\Virus\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe [3/28/2014 11:37 PM 1809720]
S4 MBAMService;MBAMService;h:\program files\Virus\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware\mbamservice.exe [3/28/2014 11:37 PM 857912]
S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;h:\program files\Nitro PDF Pro 6\NitroPDFDriverService.exe [9/24/2011 4:03 PM 196928]
S4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;h:\program files\Nitro PDF Pro 7\NitroPDFDriverService2.exe [12/20/2011 6:11 PM 196896]
S4 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [6/24/2011 9:16 PM 61440]
S4 NTIOLib_1_0_2;NTIOLib_1_0_2;\??\h:\program files\MSI\BIOS Code Unlocked Technology\NTIOLib.sys --> h:\program files\MSI\BIOS Code Unlocked Technology\NTIOLib.sys [?]
S4 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe --> c:\windows\system32\PackethSvc.exe [?]
S4 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [1/9/2013 6:34 PM 1324104]
S4 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [1/9/2013 6:36 PM 795208]
S4 Rdoagen;Rdoagen; [x]
S4 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/4/2014 1:58 AM 15808]
S4 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [10/8/2013 11:47 PM 609056]
S4 ultradfg;ultradfg;c:\windows\system32\DRIVERS\ultradfg.sys --> c:\windows\system32\DRIVERS\ultradfg.sys [?]
S4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [5/26/2011 12:05 AM 442656]
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-28 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-04 01:59]
.
2014-05-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-04 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All with FlashGet - h:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - h:\program files\FlashGet\jc_link.htm
IE: Append the content of the link to existing PDF file - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\22ihmxww.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 212.93.193.83
FF - prefs.js: network.proxy.ftp_port - 443
FF - prefs.js: network.proxy.http - 128.233.252.12
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.ssl - 217.144.240.250
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} - (no file)
ShellIconOverlayIdentifiers-{00F848DC-B1D4-4892-9C25-CAADC86A215D} - (no file)
ShellIconOverlayIdentifiers-{71573297-552E-46fc-BE3D-3DFAF88D47B7} - (no file)
Notify-AutorunsDisabled - igfxdev.dll SDWinLogon.dll
SafeBoot-97482129.sys
SafeBoot-mbamchameleon
MSConfigStartUp-AvastUI - h:\program files\Avast5\AvastUI.exe
MSConfigStartUp-DAEMON Tools-1033 - h:\program files\D-Tools\daemon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-28 10:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\ADOBE\Premiere Pro\1.5\DefaultPreset]
@DACL=(02 0000)
@="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"
.
[HKEY_LOCAL_MACHINE\software\ADOBE\Premiere Pro\1.5\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"
"Contents"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"
"ExportToDVD"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_19_2_0.html"
"HowToUse"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\0_0_0_0.html"
"Keyboard"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_21_0_0.html"
"Search"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:99,f6,11,9c,9f,4d,d5,6a,2b,b0,22,c6,d2,d1,39,66,ef,97,a3,4a,27,
   29,a6,c0,ab,1f,53,a9,d1,f7,c6,d6,c0,04,de,e7,bc,07,b1,62,a2,7c,00,ac,f2,b1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:99,f6,11,9c,9f,4d,d5,6a,2b,b0,22,c6,d2,d1,39,66,ef,97,a3,4a,27,
   29,a6,c0,ab,1f,53,a9,d1,f7,c6,d6,c0,04,de,e7,bc,07,b1,62,a2,7c,00,ac,f2,b1,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\cbfsNetRdr4.dll
.
- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\WININET.dll
h:\program files\DeskPins\dphook.dll
c:\windows\system32\ieframe.dll
c:\program files\Netropa\Multimedia Keyboard\nhkdll.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
h:\program files\MICROSOFT VIRTUAL PC\VPCSHEXH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wudfhost.exe
h:\program files\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\windows\system32\locator.exe
c:\windows\system32\wscntfy.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe
c:\program files\Netropa\Onscreen Display\OSD.exe
h:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRFeature.exe
c:\windows\system32\WinMsgBalloonServer.exe
c:\windows\system32\WinMsgBalloonClient.exe
.
**************************************************************************
.
Completion time: 2014-05-28  10:39:22 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-28 14:39
ComboFix.txt  2010-04-19 18:15
ComboFix2.txt  2014-03-31 04:54
ComboFix3.txt  2014-03-31 03:04
ComboFix4.txt  2014-03-29 03:33
ComboFix5.txt  2014-05-12 05:39
.
Pre-Run: 22,227,152,896 bytes free
Post-Run: 23,191,711,744 bytes free
.
- - End Of File - - 60A62CC869E8AF56CD99C5BBEAEF3267
A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::Driver::Asw960s_wcBstHdAndroidSvcBstHdLogRotatorSvcCoxspemedsvDEDRFDUYTRdoagen

 

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those two logs, also give an update of any remaining issues or concerns....

 

One other point, there is a network proxy listed in Firefox. Are you aware of that?

 

Kevin

Link to post
Share on other sites

During combofix scan, several times I got a chcp.com error saying: chcp.com is not a valid W32 application. I was able to continue after pressing OK (no pev.3XE errors).

 

I run the ESET scan twice. First time only for malware and nothing was detected. Second time as you instructed (unwanted, unsafe etc.) and the log is below

 

ESET LOG =====================

 

 

C:\Documents and Settings\-_-\Local Settings\Application Data\Epic Privacy Browser\User Data\Default\File System\001\t\00\00000000 Win32/InstalleRex.M potentially unwanted application
C:\Qoobox\Quarantine\C\WINDOWS\system32\AdmDll.dll.vir Win32/RemoteAdmin potentially unsafe application
C:\Qoobox\Quarantine\C\WINDOWS\system32\raddrv.dll.vir Win32/RemoteAdmin potentially unsafe application
C:\Qoobox\Quarantine\C\WINDOWS\system32\r_server.exe.vir Win32/RemoteAdmin potentially unsafe application
C:\Qoobox\Quarantine\D\Windows\system32\admdll.dll.vir Win32/RemoteAdmin potentially unsafe application
C:\Qoobox\Quarantine\D\Windows\system32\raddrv.dll.vir Win32/RemoteAdmin potentially unsafe application
C:\Qoobox\Quarantine\H\program files\Radmin\r_server.exe.vir Win32/RemoteAdmin potentially unsafe application
C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP83\A0077106.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077869.dll Win32/RemoteAdmin potentially unsafe application
C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077870.exe Win32/RemoteAdmin potentially unsafe application
C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077871.dll Win32/RemoteAdmin potentially unsafe application
C:\WINDOWS\system32\drivers\SmitfraudFix\Process.exe Win32/PrcView potentially unsafe application
Link to post
Share on other sites



ComboFix 14-05-27.02 - User 05/28/2014  11:49:56.14.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3320.2552 [GMT -4:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ASW960S_WC

-------\Legacy_BSTHDANDROIDSVC

-------\Legacy_BSTHDLOGROTATORSVC

-------\Legacy_COXSPEMEDSV

-------\Legacy_DEDR

-------\Legacy_FDUYT

-------\Legacy_RDOAGEN

-------\Service_Asw960s_wc

-------\Service_BstHdAndroidSvc

-------\Service_BstHdLogRotatorSvc

-------\Service_Coxspemedsv

-------\Service_DEDR

-------\Service_FDUYT

-------\Service_Rdoagen

.

.

(((((((((((((((((((((((((   Files Created from 2014-04-28 to 2014-05-28  )))))))))))))))))))))))))))))))

.

.

2014-05-27 04:42 . 2014-05-27 04:44 -------- d-----w- C:\FRST

2014-05-24 06:43 . 2014-04-17 09:31 10651704 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2014-05-24 06:43 . 2014-04-30 23:20 10702536 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{D48BA012-F700-4E06-9DE7-D90A980EFC5C}\mpengine.dll

2014-05-24 02:24 . 2014-05-24 02:24 -------- d-----w- d:\programdata\Malwarebytes

2014-05-22 04:30 . 2014-05-22 04:30 -------- d-----w- d:\programdata\Splashtop

2014-05-21 13:00 . 2014-05-21 13:00 -------- d-----w- d:\programdata\PDF Architect 2

2014-05-21 06:09 . 2014-05-21 06:09 -------- d--h--w- d:\programdata\CanonBJ

2014-05-21 04:19 . 2014-05-21 04:19 -------- d-----w- d:\programdata\AMD

2014-05-21 04:18 . 2014-05-21 04:18 -------- d-----w- d:\programdata\Package Cache

2014-05-17 05:05 . 2014-05-17 05:05 -------- d-----w- C:\clean

2014-05-15 18:17 . 2014-05-15 18:20 -------- d-----w- c:\windows\system32\MRT

2014-05-13 18:34 . 2008-04-14 08:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2014-05-13 18:34 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2014-05-13 18:34 . 2008-04-14 08:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2014-05-13 18:34 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2014-05-13 18:34 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2014-05-13 18:33 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2014-05-13 18:33 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2014-05-13 18:33 . 2008-04-14 01:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2014-05-13 18:33 . 2008-04-14 01:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2014-05-13 18:33 . 2008-04-14 08:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2014-05-13 18:33 . 2008-04-14 03:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2014-05-13 18:33 . 2008-04-14 01:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2014-05-13 18:33 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2014-05-13 18:33 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2014-05-13 18:31 . 2001-08-17 17:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2014-05-13 18:30 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2014-05-13 18:29 . 2001-08-18 02:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll

2014-05-13 18:28 . 2001-08-17 16:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys

2014-05-13 18:27 . 2001-08-18 02:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll

2014-05-13 18:26 . 2008-04-14 03:10 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys

2014-05-13 18:25 . 2001-08-18 02:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe

2014-05-13 18:24 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2014-05-13 18:23 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2014-05-13 16:27 . 2014-05-13 16:27 -------- d-----w- c:\documents and settings\User\Application Data\ElevatedDiagnostics

2014-05-13 16:26 . 2014-05-13 16:29 -------- d-----w- C:\MATS

2014-05-13 16:22 . 2014-05-13 16:22 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun

2014-05-13 15:19 . 2014-05-13 15:19 -------- d-----w- c:\documents and settings\User\Application Data\Oracle

2014-05-12 17:44 . 2014-05-13 13:45 -------- d-----w- c:\program files\D-Tools

2014-05-12 17:44 . 2004-08-22 20:31 5248 ----a-w- c:\windows\system32\drivers\d3472prt.sys

2014-05-12 17:44 . 2004-08-22 20:31 155136 ----a-w- c:\windows\system32\drivers\d3472bus.sys

2014-05-12 13:09 . 2007-04-17 01:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys

2014-05-12 13:06 . 2013-09-20 14:49 18968 ----a-w- c:\windows\system32\sdnclean.exe

2014-05-12 13:00 . 2014-05-12 13:00 -------- d-sh--w- c:\documents and settings\User\IECompatCache

2014-04-29 18:54 . 2014-04-29 18:54 3584 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-05-27 04:21 . 2014-03-29 03:37 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-05-20 13:33 . 2012-10-23 15:45 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-05-20 13:33 . 2012-05-17 18:03 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-04-28 21:26 . 2010-10-15 01:18 165232 ---ha-w- c:\documents and settings\User\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll

2014-04-02 15:18 . 2014-04-24 13:01 144664 ----a-w- c:\windows\system32\secman.dll

2014-03-31 03:58 . 2010-10-15 01:26 685816 ----a-w- c:\windows\system32\drivers\sptd.sys

2014-03-10 22:17 . 2014-04-04 05:58 109856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll

2014-03-06 17:59 . 2012-02-28 19:48 920064 ----a-w- c:\windows\system32\wininet.dll

2014-03-06 17:59 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl

2014-03-06 17:59 . 2008-04-14 09:41 43520 ------w- c:\windows\system32\licmgr10.dll

2014-03-06 17:59 . 2008-04-14 09:41 18944 ------w- c:\windows\system32\corpol.dll

2014-03-06 00:46 . 2012-02-28 14:53 385024 ------w- c:\windows\system32\html.iec

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\EldosIconOverlay-cbfs4]

@="{173F8B22-0595-459D-8088-CCBCEAC854EE}"

[HKEY_CLASSES_ROOT\CLSID\{173F8B22-0595-459D-8088-CCBCEAC854EE}]

2013-04-25 01:19 155496 ------w- c:\windows\system32\cbfsMntNtf4.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Glary Memory Optimizer"="h:\program files\Glary Utilities\memdefrag.exe" [2010-09-09 108344]

"H/PC Connection Agent"="h:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-06-19 180224]

"RTHDCPL"="RTHDCPL.EXE" [2011-01-21 20026472]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\User\Start Menu\Programs\Startup\

AODAssist.lnk - c:\program files\AMD\OverDrive\AODAssist.exe [2014-1-8 137584]

DeskPins.lnk - h:\program files\DeskPins\DeskPins.exe [2010-10-15 62464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ    autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg tspkg

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk]

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

backup=c:\windows\pss\PdaNet Desktop.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^RAM XP.lnk]

path=c:\documents and settings\User\Start Menu\Programs\Startup\RAM XP.lnk

backup=c:\windows\pss\RAM XP.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.2 HD Edition.lnk]

backup=c:\windows\pss\PHOTOfunSTUDIO 5.2 HD Edition.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SJphone 1.65.lnk]

backup=c:\windows\pss\SJphone 1.65.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SJphone.lnk]

backup=c:\windows\pss\SJphone.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

.

[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]

backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

.

[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

backup=c:\windows\pss\PdaNet Desktop.lnkStartup

.

[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^PowerMenu.lnk]

backup=c:\windows\pss\PowerMenu.lnkStartup

.

[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^Remote Touch Server.exe]

backup=c:\windows\pss\Remote Touch Server.exeStartup

.

[HKLM\~\startupfolder\D:^Documents and Settings^User^Start Menu^Programs^Startup^WordWeb Pro.lnk]

backup=c:\windows\pss\WordWeb Pro.lnkStartup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^MultiMon Taskbar.lnk]

backup=c:\windows\pss\MultiMon Taskbar.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^SJphone 1.65.lnk]

backup=c:\windows\pss\SJphone 1.65.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

-scheduler [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-07-29 05:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]

2013-04-19 00:38 491840 ----a-w- h:\program files\IObit-AdvancedSystemCare6\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

2011-04-20 01:44 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avichannel]

2011-02-22 01:14 1680384 ----a-w- h:\program files\Evaer (skype recorder)\videochannel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 09:42 110592 ------w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoxCryptor]

2013-06-14 05:09 4143360 ----a-w- h:\program files\BoxCryptor\BoxCryptor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]

2007-08-10 19:38 81920 ----a-w- h:\program files\webcam\Deluxe Optical Glass\CamService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2011-07-19 17:53 2567272 ----a-w- h:\program files\Canon\PIXMA_MX870\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CompanionLink]

2012-09-26 14:36 49004544 ----a-w- h:\program files\CompanionLink\CompanionLink.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]

2006-05-31 22:46 5252392 ----a-w- h:\program files\Copernic Desktop Search\CopernicDesktopSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]

2013-09-04 15:34 1372232 ----a-w- h:\program files\EaseUS Todo Backup 6.5\bin\TrayNotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]

2013-09-04 15:33 70728 ----a-w- h:\program files\EaseUS Todo Backup 6.5\bin\EuWatch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epic Update]

2013-09-10 14:00 499368 ----atw- c:\documents and settings\User\Local Settings\Application Data\Epic\Update\EpicUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2008-07-25 19:47 487424 ----a-w- h:\program files\Eraser\eraser.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]

2012-03-15 02:05 3090056 ----a-w- h:\program files\FlashGet 3\Flashget3.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]

2010-09-09 14:32 108344 ----a-w- h:\program files\Glary Utilities\memdefrag.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 17:39 1289000 ----a-w- h:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]

2013-10-30 03:20 578560 ----a-w- h:\program files\SAMSUNG\kies\KiesAirMessage.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

2013-12-11 09:52 1564528 ----a-w- h:\program files\SAMSUNG\kies\Kies.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2013-12-11 09:52 311152 ----a-w- h:\program files\SAMSUNG\kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]

2011-03-02 03:14 190808 ----a-w- h:\program files\Logitech\LWS\Webcam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2001-11-09 00:19 53248 ------w- c:\windows\system32\MMTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2014-03-11 14:13 951576 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF7 Registry Controller]

2011-04-28 14:15 138528 ----a-w- h:\program files\PDF Professional 7 by Nuance\RegistryController.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]

2011-04-28 14:16 1770784 ----a-w- h:\program files\PDF Professional 7 by Nuance\PdfPro7Hook.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]

2012-07-16 20:41 113664 ----a-w- h:\program files\RAM Idle LE\RAM_XP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

2014-04-25 18:14 4101584 ----a-w- h:\program files\Spybot - Search & Destroy 2\SDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmBizcard]

2009-11-27 19:22 247632 ----a-w- h:\program files\Presto! BizCard 6\SmBizcard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2009-08-14 01:24 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP-LINK USB Printer Controller]

2012-09-21 20:46 4226048 ----a-w- h:\program files\TP-LINK\USB Printer Controller\USB Printer Controller.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]

2007-02-20 16:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIAxHCUtl]

2011-07-12 20:14 331776 ----a-w- c:\via_xhci\usb3Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Pymtimea"=3 (0x3)

"Avg7UpdSvc"=2 (0x2)

"Avg7Alrt"=2 (0x2)

"wuauserv"=2 (0x2)

"MDM"=2 (0x2)

"WZCSVC"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"UPS"=3 (0x3)

"NovacomD"=2 (0x2)

"MozillaMaintenance"=3 (0x3)

"mnmsrvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"Fax"=2 (0x2)

"CiSvc"=3 (0x3)

"AdobeFlashPlayerUpdateSvc"=3 (0x3)

"Wintab32"=2 (0x2)

"SkypeUpdate"=2 (0x2)

"ose"=3 (0x3)

"avast! Antivirus"=3 (0x3)

"AdvancedSystemCareService6"=2 (0x2)

"rpcapd"=3 (0x3)

"odserv"=3 (0x3)

"MBAMScheduler"=2 (0x2)

"MBAMService"=2 (0x2)

"MsMpSvc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"SerialNumber"="AXXXA-KXX-XXXX-XXXX-TE"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"h:\\program files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"h:\\program files\\PeerBlock\\peerblock.exe"=

"h:\\program files\\PeerGuardian2\\pg2.exe"=

"h:\program files\Microsoft ActiveSync\WCESMgr.exe"= h:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"h:\program files\Microsoft ActiveSync\wcescomm.exe"= h:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"h:\program files\Microsoft ActiveSync\rapimgr.exe"= h:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"h:\\program files\\ThinVNC\\ThinVnc.exe"=

"c:\\Program Files\\SJphone 1.65\\SJphone.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\program files\\Avid\\Studio\\programs\\UMI.exe"=

"h:\\program files\\Avid\\Studio\\programs\\NGStudio.exe"=

"h:\\program files\\Avid\\Studio\\programs\\RM.exe"=

"h:\\program files\\WinPcap\\rpcapd.exe"=

"h:\\program files\\gmms\\bin\\gmms.exe"=

"h:\\program files\\Mozilla Firefox3\\plugin-container.exe"=

"h:\\program files\\RTMPdump\\rtmpgw.exe"=

"h:\\program files\\RTMPdump\\rtmpsrv.exe"=

"h:\\program files\\RTMPdump\\rtmpsuck.exe"=

"h:\\program files\\CuteFTP\\CUTFTP32.EXE"=

"h:\\program files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"h:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"h:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\program files\\FlashGet\\flashget.exe"=

"h:\\Program Files\\FlashGet 3\\FlashGet3.exe"=

"h:\\program files\\BlueSoleil\\BlueSoleil.exe"=

"h:\\program files\\CompanionLink\\CompanionLink.exe"=

"h:\\program files\\MyPhoneExplorer\\MyPhoneExplorer.exe"=

"c:\\Program Files\\Splashtop\\Splashtop Remote\\Client\\strwinclt.exe"=

"h:\\program files\\TP-LINK\\USB Printer Controller\\USB Printer Controller.exe"=

"c:\\Program Files\\SJLabs\\SJphone\\SJphone.exe"=

"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"h:\\program files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=

"h:\\program files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=

"h:\\program files\\EaseUS Todo Backup 6.5\\bin\\TbService.exe"=

"h:\\program files\\EaseUS Todo Backup 6.5\\bin\\Agent.exe"=

"h:\\program files\\EaseUS Todo Backup 6.5\\bin\\TBConsoleUI.exe"=

"h:\\program files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=

"h:\\program files\\VLC\\vlc.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"h:\\program files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRServer.exe"=

"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe"=

"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\DataProxy.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"8075:TCP"= 8075:TCP:radmin

"5060:TCP"= 5060:TCP:5060

"5061:UDP"= 5061:UDP:5061

"5060:UDP"= 5060:UDP:5060

"1812:UDP"= 1812:UDP:1812

"3478:UDP"= 3478:UDP:3478

"3479:UDP"= 3479:UDP:3479

"6263:TCP"= 6263:TCP:splashtop

"6262:TCP"= 6262:TCP:splashtop

"6261:TCP"= 6261:TCP:splashtop

"18112:TCP"= 18112:TCP:skype 18112

"18112:UDP"= 18112:UDP:skype 18112

"7878:TCP"= 7878:TCP:AllShare TCP Port

"20102:TCP"= 20102:TCP:AllShare UDP Port

"1900:TCP"= 1900:TCP:AllShare Multicast Port

"7437:UDP"= 7437:UDP:TP-LINK USB Printer Controller UDP Port

"4705:TCP"= 4705:TCP:*:Disabled:messenger

"37789:TCP"= 37789:TCP:www

"6641:TCP"= 6641:TCP:messenger

"21269:TCP"= 21269:TCP:www

.

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [1/30/2011 7:24 PM 189968]

R0 d3472bus;d3472bus;c:\windows\system32\drivers\d3472bus.sys [5/12/2014 1:44 PM 155136]

R0 d3472prt;d3472prt;c:\windows\system32\drivers\d3472prt.sys [5/12/2014 1:44 PM 5248]

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [10/14/2010 9:26 PM 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [10/14/2010 9:26 PM 5248]

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [10/15/2010 3:04 AM 52040]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [3/27/2014 10:19 AM 40776]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [10/15/2010 3:04 AM 20616]

R1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys [6/14/2013 1:10 AM 321984]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [10/15/2010 3:04 AM 14920]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [3/27/2014 10:19 AM 185800]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [10/14/2010 9:26 PM 6656]

R2 AMD_RAIDXpert;AMD RAIDXpert;h:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [12/14/2011 12:02 PM 131320]

R2 AODDriver4.3.0;AODDriver4.3.0;c:\program files\AMD\OverDrive\i386\AODDriver2.sys [1/8/2014 6:42 AM 50408]

R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [10/14/2010 9:19 PM 28672]

R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [10/24/2013 12:58 PM 790880]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12/5/2013 2:16 AM 84248]

R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [10/15/2010 3:04 AM 122504]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12/5/2013 2:16 AM 182680]

R3 TPLINKUDSMBus;TPLINKUDSMBus;c:\windows\system32\drivers\TplinkUDSMBus.sys [1/18/2013 10:20 AM 88576]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [1/31/2011 4:08 AM 40832]

R3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys [5/25/2013 6:05 AM 193608]

R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\drivers\xhcdrv.sys [5/25/2013 6:04 AM 241096]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/14/2010 9:26 PM 685816]

S1 DC30;miroVIDEO DC30 series, Motion JPEG Capture/CODEC Board;c:\windows\system32\drivers\DC30.SYS [10/14/2010 9:26 PM 124672]

S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [8/18/2009 8:50 AM 9472]

S2 AODDriver4.1;AODDriver4.1;\??\h:\program files\AMD\OverDrive\i386\AODDriver2.sys --> h:\program files\AMD\OverDrive\i386\AODDriver2.sys [?]

S2 xati2;ATI Radeon WindowsNT Miniport Driver;c:\program files\AMD 760G\ati2mtag.exe "c:\program files\Common Files\AMD 760G\ati2mtag.dat" --> c:\program files\AMD 760G\ati2mtag.exe c:\program files\Common Files\AMD 760G\ati2mtag.dat [?]

S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [10/14/2010 9:21 PM 660768]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/14/2010 9:26 PM 1691480]

S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [10/14/2010 9:26 PM 94720]

S3 cleanhlp;cleanhlp;h:\program files\EEK_\Run\cleanhlp32.sys [4/1/2014 9:21 AM 50200]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [11/24/2012 10:44 PM 20032]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/15/2010 3:24 AM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/15/2010 3:24 AM 8456]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/19/2013 5:12 PM 37344]

S3 IDriverT (RENAME);InstallDriver Table Manager;c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [10/22/2004 4:24 AM 73728]

S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [3/21/2011 12:17 PM 68928]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600]

S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [12/2/2012 2:58 AM 13440]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [10/14/2010 9:26 PM 9472]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [10/29/2013 11:26 AM 15688]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [10/29/2013 11:26 AM 10320]

S3 TplinkUDSTcpBus;TPLINKUDSTcpBus;c:\windows\system32\drivers\TplinkUDSTcpBus.sys [1/18/2013 10:20 AM 151296]

S3 W2kbhid;KBGear Tablet (USB);c:\windows\system32\drivers\w2kbhid.sys [10/14/2010 9:26 PM 23552]

S3 WideUsb;WideUSB Generic USB Bulk driver;c:\windows\system32\drivers\WideUSB.sys [10/14/2010 9:26 PM 24448]

S4 3CXTunnel;3CX PhoneSystem SIP/RTP Tunneling Proxy;h:\program files\3CX VoIP Client\3CXTunnel.exe [10/15/2010 8:04 AM 1014872]

S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;h:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 3:06 AM 169408]

S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;h:\program files\IObit-AdvancedSystemCare6\ASCService.exe [10/8/2013 12:13 AM 574272]

S4 BstHdDrv;BlueStacks Hypervisor;\??\c:\program files\BlueStacks\HD-Hypervisor-x86.sys --> c:\program files\BlueStacks\HD-Hypervisor-x86.sys [?]

S4 d347Bbus;d347Bbus;c:\windows\system32\DRIVERS\d347Bbus.sys --> c:\windows\system32\DRIVERS\d347Bbus.sys [?]

S4 d347Bprt;d347Bprt;c:\windows\system32\Drivers\d347Bprt.sys --> c:\windows\system32\Drivers\d347Bprt.sys [?]

S4 EaseUS Agent;EaseUS Agent Service;h:\program files\EaseUS Todo Backup 6.5\bin\Agent.exe [3/27/2014 10:16 AM 36936]

S4 efavdrv;efavdrv;\??\c:\windows\system32\drivers\efavdrv.sys --> c:\windows\system32\drivers\efavdrv.sys [?]

S4 EUBAKUP0;EUBAKUP0;\??\c:\windows\system32\drivers\EUBAKUP0.sys --> c:\windows\system32\drivers\EUBAKUP0.sys [?]

S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2/19/2013 5:12 PM 233472]

S4 Guard Agent;Guard Agent Service;h:\program files\EaseUS Todo Backup 6.5\bin\GuardAgent.exe [3/27/2014 10:16 AM 23624]

S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;h:\program files\Nitro PDF Pro 6\NitroPDFDriverService.exe [9/24/2011 4:03 PM 196928]

S4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;h:\program files\Nitro PDF Pro 7\NitroPDFDriverService2.exe [12/20/2011 6:11 PM 196896]

S4 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [6/24/2011 9:16 PM 61440]

S4 NTIOLib_1_0_2;NTIOLib_1_0_2;\??\h:\program files\MSI\BIOS Code Unlocked Technology\NTIOLib.sys --> h:\program files\MSI\BIOS Code Unlocked Technology\NTIOLib.sys [?]

S4 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe --> c:\windows\system32\PackethSvc.exe [?]

S4 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [1/9/2013 6:34 PM 1324104]

S4 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [1/9/2013 6:36 PM 795208]

S4 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/4/2014 1:58 AM 15808]

S4 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [10/8/2013 11:47 PM 609056]

S4 ultradfg;ultradfg;c:\windows\system32\DRIVERS\ultradfg.sys --> c:\windows\system32\DRIVERS\ultradfg.sys [?]

S4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [5/26/2011 12:05 AM 442656]

.

Contents of the 'Scheduled Tasks' folder

.

2014-05-28 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

- c:\windows\system32\xp_eos.exe [2014-04-04 01:59]

.

2014-05-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

- c:\windows\system32\xp_eos.exe [2014-04-04 01:59]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

IE: &Download All with FlashGet - h:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - h:\program files\FlashGet\jc_link.htm

IE: Append the content of the link to existing PDF file - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - h:\program files\PDF Professional 7 by Nuance\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\22ihmxww.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.ftp - 212.93.193.83

FF - prefs.js: network.proxy.ftp_port - 443

FF - prefs.js: network.proxy.http - 128.233.252.12

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.ssl - 217.144.240.250

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-05-28 12:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\ADOBE\Premiere Pro\1.5\DefaultPreset]

@DACL=(02 0000)

@="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

.

[HKEY_LOCAL_MACHINE\software\ADOBE\Premiere Pro\1.5\Help]

@DACL=(02 0000)

"AdobeMediaEncoder"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"

"Contents"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"

"ExportToDVD"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_19_2_0.html"

"HowToUse"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\0_0_0_0.html"

"Keyboard"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_21_0_0.html"

"Search"="h:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\search.html"


.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:99,f6,11,9c,9f,4d,d5,6a,2b,b0,22,c6,d2,d1,39,66,ef,97,a3,4a,27,

   29,a6,c0,ab,1f,53,a9,d1,f7,c6,d6,c0,04,de,e7,bc,07,b1,62,a2,7c,00,ac,f2,b1,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:99,f6,11,9c,9f,4d,d5,6a,2b,b0,22,c6,d2,d1,39,66,ef,97,a3,4a,27,

   29,a6,c0,ab,1f,53,a9,d1,f7,c6,d6,c0,04,de,e7,bc,07,b1,62,a2,7c,00,ac,f2,b1,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1696)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\windows\system32\cbfsNetRdr4.dll

.

- - - - - - - > 'explorer.exe'(3972)

c:\windows\system32\WININET.dll

h:\program files\DeskPins\dphook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

h:\program files\MICROSOFT VIRTUAL PC\VPCSHEXH.DLL

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\wudfhost.exe

h:\program files\AMD\RAIDXpert\bin\RAIDXpert.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

c:\windows\system32\locator.exe

c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe

c:\windows\system32\wscntfy.exe

c:\program files\Splashtop\Splashtop Remote\Server\SRFeature.exe

c:\windows\RTHDCPL.EXE

c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe

c:\program files\Netropa\Onscreen Display\OSD.exe

h:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe

h:\progra~1\MICROS~4\rapimgr.exe

c:\windows\system32\WinMsgBalloonServer.exe

c:\windows\system32\WinMsgBalloonClient.exe

.

**************************************************************************

.

Completion time: 2014-05-28  12:04:44 - machine was rebooted

ComboFix-quarantined-files.txt  2014-05-28 16:04

ComboFix.txt  2010-04-19 18:15

ComboFix2.txt  2014-05-28 14:39

ComboFix3.txt  2014-03-31 04:54

ComboFix4.txt  2014-03-31 03:04

ComboFix5.txt  2014-05-28 15:47

.

Pre-Run: 23,200,833,536 bytes free

Post-Run: 23,172,276,224 bytes free

.

- - End Of File - - 3F20D5B82D944EBDA2E73E7D7F5DDC40

A36C5E4F47E84449FF07ED3517B43A31


Link to post
Share on other sites

OK we can remove the entries flagged by ESET, i`ve left out the first entry quoted by ESET as you amended the navigational address.

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP83\A0077106.exeC:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077869.dllC:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077870.exeC:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077871.dllC:\WINDOWS\system32\drivers\SmitfraudFix\Process.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Post that log, also let me know if there are any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\-_-\My Documents\Downloads\cmd.bat deleted successfully.

C:\Documents and Settings\-_-\My Documents\Downloads\cmd.txt deleted successfully.

C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP83\A0077106.exe moved successfully.

DllUnregisterServer procedure not found in C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077869.dll

C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077869.dll moved successfully.

C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077870.exe moved successfully.

DllUnregisterServer procedure not found in C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077871.dll

C:\System Volume Information\_restore{637F514F-4EDF-4820-9454-8D12975632D3}\RP96\A0077871.dll moved successfully.

C:\WINDOWS\system32\drivers\SmitfraudFix\Process.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: ----

->Temp folder emptied: 0 bytes

 

User: -_-

->Temp folder emptied: 0 bytes

->FireFox cache emptied: 9073379 bytes

->Apple Safari cache emptied: 21042176 bytes

->Flash cache emptied: 18481813 bytes

 

User: Administrator

->Temp folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 25208628 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 96512 bytes

Windows Temp folder emptied: 306 bytes

Session Manager Temp folder emptied: 1111018 bytes

Session Manager Tmp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20048596 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 91.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 05292014_080555
Link to post
Share on other sites

did another MBAR scan and the forged physical sectors are still there

 

======================

Malware Found:     3

 

Scanning physical sectors of unpartitioned space on drive 0
(1-62-3906878048-3906898048)...
Sectors 3906878048 - 3906890199 --> [Forged physical
sectors]
Sectors 3906892432 - 3906895543 --> [Forged physical
sectors]
Sectors 3906895545 - 3906898047 --> [Forged physical
sectors]
Done!
Link to post
Share on other sites

ListParts by Farbar Version: 17-04-2014

Ran by -_- (administrator) on 29-05-2014 at 13:20:48

Windows XP (X86)

Running From: C:\Documents and Settings\-_-\desktop

Language: 0409

************************************************************

 

========================= Memory info ====================== 

 

Percentage of memory in use: 53%

Total physical RAM: 3319.99 MB

Available physical RAM: 1552.09 MB

Total Pagefile: 7236.34 MB

Available Pagefile: 5737.5 MB

Total Virtual: 2047.88 MB

Available Virtual: 1999.7 MB

 

======================= Partitions =========================

 

1 Drive c: (XP) (Fixed) (Total:54.17 GB) (Free:21.52 GB) NTFS ==>[Drive with boot components (Windows XP)]

2 Drive d: (Win7) (Fixed) (Total:29.23 GB) (Free:5.97 GB) NTFS

5 Drive h: (Programs) (Fixed) (Total:175.65 GB) (Free:41.83 GB) NTFS

6 Drive n: (volume9) (Network) (Total:279.47 GB) (Free:81.43 GB) NTFS

8 Drive u: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS

9 Drive x: (Storage) (Fixed) (Total:663.55 GB) (Free:328.93 GB) NTFS

10 Drive y: (Music) (Fixed) (Total:156.85 GB) (Free:31.63 GB) NTFS

11 Drive z: (Video) (Fixed) (Total:783.5 GB) (Free:431.27 GB) NTFS

 

  Disk ###  Status      Size     Free     Dyn  Gpt

  --------  ----------  -------  -------  ---  ---

  Disk 0    Online      1863 GB      0 B         

 

Partitions of Disk 0:

===============

 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary             54 GB    32 KB

  Partition 2    Extended          1809 GB    54 GB

  Partition 3    Logical             29 GB    54 GB

  Partition 4    Logical            176 GB    83 GB

  Partition 5    Logical            664 GB   259 GB

  Partition 6    Logical            157 GB   923 GB

  Partition 7    Logical            784 GB  1079 GB

======================================================================================================

 

Disk: 0

Partition 1

Type  : 07

Hidden: No

Active: Yes

 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 3     C   XP           NTFS   Partition     54 GB  Healthy    System (partition with boot components)  

======================================================================================================

 

Disk: 0

Partition 3

Type  : 07

Hidden: No

Active: No

 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 4     D   Win7         NTFS   Partition     29 GB  Healthy            

======================================================================================================

 

Disk: 0

Partition 4

Type  : 07

Hidden: No

Active: No

 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 5     H   Programs     NTFS   Partition    176 GB  Healthy            

======================================================================================================

 

Disk: 0

Partition 5

Type  : 07

Hidden: No

Active: No

 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 6     X   Storage      NTFS   Partition    664 GB  Healthy            

======================================================================================================

 

Disk: 0

Partition 6

Type  : 07

Hidden: No

Active: No

 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 7     Y   Music        NTFS   Partition    157 GB  Healthy            

======================================================================================================

 

Disk: 0

Partition 7

Type  : 07

Hidden: No

Active: No

 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 8     Z   Video        NTFS   Partition    784 GB  Healthy            

======================================================================================================

============================== MBR Partition Table ==================

 

==============================

Partitions of Disk 0:

===============

Disk ID: F877194E

Partition 1: (Active) - (Size=54 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=-256861916672) - (Type=OF Extended)

 

 

****** End Of Log ****** 
Link to post
Share on other sites

run chkdsk many times including scans of bad sectors and everything comes back ok. The three forged sectors warnings, from MBAR, are still there. Can you ask the developers of MBAR to shed some more light about this? Is this possibly a known false positive?

Link to post
Share on other sites

When you run MBAR and those sectors are flagged do you select the "Cleanup Button" to remove threats?

 

There is already a thread opened in the MBAR forum, but no reply from any of the moderators here: https://forums.malwarebytes.org/index.php?showtopic=149317

 

I do not see any reason continually run MBAR, there is no infection on your system.... Run the following to clean up tools etc..

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Kevin...

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.