Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Assistance required please.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Assistance required please.

Unread postby MESA » January 17th, 2013, 3:49 pm

Hi there.I have a new computer running windows 7.There are no actual signs of malware showing BUT while installing Ahampoo yesterday from cnet I unticked all the add ons/toolbars that were listed with the software but winpatrol informed me that something called imminent had installed itself(this wasn't even listed in the installation of ashampoo)but it installed itself along with some active x controls.I managed to uninstall it with Revo but I'm a bit worried it may have compromised my system?I would really appreciate if you could have a look over and help to clear any possible remnants this piece of crap may have left over.Thank you.Kind regards.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Comet at 19:40:01 on 2013-01-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4000.2260 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://ts.fujitsu.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7EBDDF97-D62B-4DBF-854F-87BED32D7D47} : DHCPNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Comet\AppData\Roaming\Mozilla\Firefox\Profiles\2lbdzjpy.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2012-12-28 15:57; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Comet\AppData\Roaming\Mozilla\Firefox\Profiles\2lbdzjpy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-01-02 10:09; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-01-16 17:43; webbooster@iminent.com; C:\Program Files (x86)\Iminent\webbooster@iminent.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-2 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-2 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-2 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-2 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-2 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-13 342528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-26 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-26 158976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-27 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-17 19:04:43 -------- d-----w- C:\Program Files (x86)\ESET
2013-01-15 22:20:33 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{25FD898D-EB22-4FB6-B00C-CBF13E3BA5D6}\mpengine.dll
2013-01-15 21:50:37 -------- d-----w- C:\Users\Comet\AppData\Roaming\WinPatrol
2013-01-15 21:50:30 -------- d-----w- C:\ProgramData\InstallMate
2013-01-15 21:50:30 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-01-15 13:10:43 -------- d-----w- C:\Users\Comet\Tracing
2013-01-14 23:55:52 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-01-14 14:01:24 -------- d-----w- C:\Users\Comet\AppData\Local\Macromedia
2013-01-14 13:59:39 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-14 13:59:39 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-11 14:52:31 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2013-01-11 10:06:48 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-01-09 10:30:22 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-09 10:30:22 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-01-09 10:30:21 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 10:30:20 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 10:30:19 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 10:30:19 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 10:30:15 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 10:30:15 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 10:30:13 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 10:30:13 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-08 17:23:50 277488 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2013-01-08 17:23:48 511984 ----a-w- C:\Windows\System32\igfxsrvc.exe
2013-01-08 17:23:48 172016 ----a-w- C:\Windows\System32\igfxtray.exe
2013-01-08 17:23:46 5905904 ----a-w- C:\Windows\System32\GfxUI.exe
2013-01-08 17:23:46 441840 ----a-w- C:\Windows\System32\igfxpers.exe
2013-01-08 17:23:46 399856 ----a-w- C:\Windows\System32\hkcmd.exe
2013-01-08 17:23:46 254960 ----a-w- C:\Windows\System32\igfxext.exe
2013-01-08 17:23:44 185840 ----a-w- C:\Windows\System32\difx64.exe
2013-01-02 13:53:06 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-01-02 13:53:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-01-02 13:53:06 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-01-02 13:53:05 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-01-02 13:53:05 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-01-02 13:53:05 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-01-02 13:53:05 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-01-02 10:17:40 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-02 10:09:47 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-01-02 10:09:44 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-01-02 10:09:43 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-01-02 10:09:27 41224 ----a-w- C:\Windows\avastSS.scr
2013-01-02 10:09:18 -------- d-----w- C:\ProgramData\AVAST Software
2013-01-02 10:09:18 -------- d-----w- C:\Program Files\AVAST Software
2012-12-29 12:12:10 -------- d-----w- C:\Users\Comet\AppData\Local\Programs
2012-12-29 10:48:11 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003
2012-12-28 16:00:13 -------- d-----w- C:\Users\Comet\dwhelper
2012-12-28 15:40:05 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-12-28 14:27:48 -------- d-----w- C:\Users\Comet\AppData\Roaming\Auslogics
2012-12-28 14:27:47 -------- d-----w- C:\Program Files (x86)\Auslogics
2012-12-28 14:25:12 -------- d-----w- C:\Users\Comet\Desktop Shortcuts
2012-12-28 13:50:15 -------- d-----w- C:\Program Files (x86)\Audacity
2012-12-28 13:29:47 -------- d-----w- C:\Users\Comet\AppData\Roaming\SoftGrid Client
2012-12-28 13:29:47 -------- d-----w- C:\Users\Comet\AppData\Local\SoftGrid Client
2012-12-28 13:29:06 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-12-27 15:30:27 -------- d-----w- C:\Users\Comet\AppData\Local\CrashDumps
2012-12-27 12:12:36 -------- d-----w- C:\Users\Comet\AppData\Roaming\Malwarebytes
2012-12-27 12:12:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-27 12:12:26 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-27 12:12:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-27 12:07:20 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-12-27 12:07:19 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-12-27 12:07:00 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-12-27 12:01:29 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-12-27 11:33:40 -------- d-----w- C:\Windows\SysWow64\Wat
2012-12-27 11:33:40 -------- d-----w- C:\Windows\System32\Wat
2012-12-27 11:24:45 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-27 11:24:44 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-27 11:24:44 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-27 11:24:44 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-27 11:24:22 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-12-27 11:10:07 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-12-27 11:07:58 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-12-27 11:07:57 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-12-27 11:07:04 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-12-27 11:07:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-12-27 11:06:48 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-12-27 11:06:48 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-12-27 11:06:48 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-12-27 11:06:48 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-12-27 11:06:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-27 11:06:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-27 11:05:10 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-12-27 11:05:10 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-12-27 11:05:09 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-12-27 11:05:09 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-12-27 11:03:45 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-12-27 11:03:45 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-12-27 11:03:27 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-12-27 11:03:12 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-12-27 11:03:12 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-12-27 11:00:13 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-12-27 11:00:13 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-12-27 10:59:41 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-12-27 10:59:41 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-12-27 10:59:25 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-12-27 10:59:25 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-12-27 10:59:25 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-12-27 10:59:10 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-12-27 10:59:10 31232 ----a-w- C:\Windows\System32\lsass.exe
2012-12-27 10:59:10 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2012-12-27 10:59:10 28160 ----a-w- C:\Windows\System32\secur32.dll
2012-12-27 10:59:10 136192 ----a-w- C:\Windows\System32\sspicli.dll
2012-12-27 10:57:49 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-12-27 10:57:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-27 10:57:11 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-27 10:56:56 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-12-27 10:56:56 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-12-27 10:56:41 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-12-27 10:56:04 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-12-27 10:56:04 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-12-27 10:56:04 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-12-27 10:55:49 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-12-27 10:55:49 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-12-27 10:55:49 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-12-27 10:55:49 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-12-27 10:55:46 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-12-27 10:55:46 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-12-27 10:55:46 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-12-27 10:55:46 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-12-27 10:55:46 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-12-27 10:55:33 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-12-27 10:54:57 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-12-27 10:54:42 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-12-27 10:54:25 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-12-27 10:54:25 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-12-27 10:54:10 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-12-27 10:54:10 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-12-27 10:53:54 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-12-27 10:53:54 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-12-27 10:52:50 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-12-27 10:52:50 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-12-27 10:52:50 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-12-27 10:52:50 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-12-27 10:52:50 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-12-27 10:52:34 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-12-27 10:52:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-12-27 10:52:34 136704 ----a-w- C:\Windows\System32\browser.dll
2012-12-27 10:52:19 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-12-27 10:52:19 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-12-27 10:51:44 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-12-27 10:51:44 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-12-27 10:51:29 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-12-27 10:51:29 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-12-27 10:50:42 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-12-27 10:50:31 -------- d-----w- C:\Program Files\CCleaner
2012-12-27 10:50:27 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-12-27 10:50:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-12-27 10:50:27 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-12-27 10:50:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-12-27 10:50:11 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-12-27 10:50:11 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-12-27 10:48:52 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-12-27 10:48:51 67072 ----a-w- C:\Windows\splwow64.exe
2012-12-27 10:48:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-12-27 10:48:40 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-12-27 10:48:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-12-27 10:48:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-12-27 10:48:40 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-12-27 10:48:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-12-27 10:48:19 77312 ----a-w- C:\Windows\System32\packager.dll
2012-12-27 10:48:19 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-12-27 10:31:35 -------- d-----w- C:\Users\Comet\AppData\Local\Mozilla
2012-12-27 10:29:54 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2012-12-27 10:29:54 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-12-27 10:22:02 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-12-27 10:22:02 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-12-27 10:22:02 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-12-27 10:17:16 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-12-27 10:17:04 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-12-27 10:16:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-12-27 10:16:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-12-27 10:16:42 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-13 16:24:10 342528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2012-12-13 16:24:10 16896 ----a-w- C:\Windows\System32\IntcDAuC.dll
2012-12-13 16:23:46 116224 ----a-w- C:\Windows\System32\igfxCoIn_v2932.dll
2012-12-12 16:45:06 12858368 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-12-12 16:44:04 11174912 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-12-12 16:42:46 384512 ----a-w- C:\Windows\System32\igfxpph.dll
2012-12-12 16:42:44 410112 ----a-w- C:\Windows\System32\igfxTMM.dll
2012-12-12 16:42:44 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2012-12-12 16:42:36 126976 ----a-w- C:\Windows\System32\igfxcpl.cpl
2012-12-12 16:42:36 12615680 ----a-w- C:\Windows\System32\igdumd64.dll
2012-12-12 16:42:34 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-12-12 16:42:28 64000 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-12-12 16:42:28 5353888 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-12-12 16:42:24 80384 ----a-w- C:\Windows\System32\igdde64.dll
2012-12-12 16:42:06 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-12-12 16:41:56 9728 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-12-12 16:41:56 175104 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-12-12 16:41:54 442880 ----a-w- C:\Windows\System32\igfxdev.dll
2012-12-12 16:41:38 11049472 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-12-12 16:41:26 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-12-12 16:41:24 64512 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-12-12 16:41:22 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-12-12 16:40:42 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-12-12 16:40:34 13030400 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-12-12 16:40:08 330752 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-12-12 16:39:58 10812416 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-12-12 16:38:20 640512 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-12-12 16:38:20 518656 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-12-12 16:38:18 483840 ----a-w- C:\Windows\System32\igfx11cmrt64.dll
2012-12-12 16:38:18 459264 ----a-w- C:\Windows\SysWow64\igfx11cmrt32.dll
2012-12-12 16:38:18 3511296 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-12-12 16:38:18 3121152 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:40:20.64 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/04/2012 14:23:37
System Uptime: 17/01/2013 16:36:47 (3 hours ago)
.
Motherboard: FUJITSU | | D2990-A1
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | SOCKET 0 | 1584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 870.506 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&84771DC&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&84771DC&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP29: 09/01/2013 10:30:35 - Windows Update
RP30: 09/01/2013 14:24:59 - Installed Nero 9 Essentials 4.4.8.1
RP31: 09/01/2013 14:59:23 - Configured Nero 9 Essentials 4.4.8.1
RP32: 09/01/2013 15:02:03 - Revo Uninstaller's restore point - Nero 9 Essentials
RP33: 09/01/2013 15:02:27 - Removed Nero 9 Essentials 4.4.8.1
RP34: 11/01/2013 10:06:33 - Windows Update
RP35: 14/01/2013 10:47:16 - Revo Uninstaller's restore point - Mozilla Firefox 17.0.1 (x86 en-US)
RP36: 14/01/2013 13:51:50 - Revo Uninstaller's restore point - Adobe Flash Player 11 Plugin
RP37: 15/01/2013 00:44:32 - Windows Update
RP38: 15/01/2013 00:45:18 - Windows Update
RP39: 15/01/2013 09:38:33 - Revo Uninstaller's restore point - Intel(R) SDK for OpenCL - CPU Only Runtime Package
RP40: 16/01/2013 17:45:21 - Revo Uninstaller's restore point - Iminent
RP41: 16/01/2013 17:47:10 - Revo Uninstaller's restore point - Adobe Flash Player 11 ActiveX
RP42: 16/01/2013 17:47:41 - Revo Uninstaller's restore point - Wajam
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader 9.3
Audacity 2.0.2
Auslogics Disk Defrag
avast! Free Antivirus
CCleaner
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeskUpdate 4.11
eBay
ESET Online Scanner v3
ImagXpress
Intel(R) Processor Graphics
Junk Mail filter update
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SpywareBlaster 4.6
System Requirements Lab for Intel
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
16/01/2013 17:43:33, Error: Service Control Manager [7030] - The SProtection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
15/01/2013 22:01:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
15/01/2013 22:01:57, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/01/2013 22:01:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
15/01/2013 22:01:27, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
15/01/2013 22:01:27, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
15/01/2013 21:38:50, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
15/01/2013 00:45:41, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2 - Intel(R) HD Graphics.
15/01/2013 00:01:19, Error: Service Control Manager [7023] - The Intel(R) Content Protection HECI Service service terminated with the following error: %%-2147024637
.
==== End Of File ===========================
MESA
Regular Member
 
Posts: 35
Joined: January 17th, 2013, 3:11 pm
Advertisement
Register to Remove

Re: Assistance required please.

Unread postby deltalima » January 19th, 2013, 4:57 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Assistance required please.

Unread postby deltalima » January 19th, 2013, 5:06 pm

Hi MESA,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Assistance required please.

Unread postby MESA » January 19th, 2013, 6:08 pm

Hi deltalima,thank you for your time/help.
Here are the OTL scans but while running Gmer like you said windows just shut down with the advanced start page saying that widows didn't shut down successfully?I restarted windows normally and it booted up ok.

OTL logfile created on: 1/19/2013 9:49:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Comet\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 64.04% Memory free
3.90 Gb Paging File | 2.44 Gb Available in Paging File | 62.42% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.84 Gb Total Space | 875.93 Gb Free Space | 95.85% Space Free | Partition Type: NTFS

Computer Name: WINDOWS | User Name: Comet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Comet\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7B2F92D7-BFDA-4BDC-B046-AD0CA985F42E}
IE:64bit: - HKLM\..\SearchScopes\{7B2F92D7-BFDA-4BDC-B046-AD0CA985F42E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ts.fujitsu.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-298761936-1198288888-1608458099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKU\S-1-5-21-298761936-1198288888-1608458099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-298761936-1198288888-1608458099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-298761936-1198288888-1608458099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-298761936-1198288888-1608458099-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-298761936-1198288888-1608458099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/02 10:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 10:08:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/12/27 10:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Comet\AppData\Roaming\mozilla\Extensions
[2013/01/19 13:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Comet\AppData\Roaming\mozilla\Firefox\Profiles\o25779ek.default-1358534187264\extensions
[2013/01/19 13:06:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Comet\AppData\Roaming\mozilla\Firefox\Profiles\o25779ek.default-1358534187264\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/01/19 10:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/02 10:09:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/01/19 10:08:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/05 03:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/05 03:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/01/18 10:59:18 | 000,582,262 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 15666 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NewReminderDialog.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NewReminderDialog.lnk = File not found
O4 - Startup: C:\Users\Kiosk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-298761936-1198288888-1608458099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EBDDF97-D62B-4DBF-854F-87BED32D7D47}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{710d8cd7-502d-11e2-bf2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{710d8cd7-502d-11e2-bf2d-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 21:47:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Comet\Desktop\OTL.exe
[2013/01/19 19:43:02 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Auslogics
[2013/01/19 19:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/01/19 19:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2013/01/19 19:28:22 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Ashampoo
[2013/01/19 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Local\ashampoo
[2013/01/19 19:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013/01/19 19:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013/01/19 19:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013/01/19 17:58:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/19 16:07:34 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Macromedia
[2013/01/19 16:07:34 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Local\Macromedia
[2013/01/19 16:07:34 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Adobe
[2013/01/19 16:06:09 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/19 16:06:09 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/19 16:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/01/19 10:08:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/18 10:59:18 | 000,000,000 | ---D | C] -- C:\Users\Comet\Documents\hosts
[2013/01/18 09:22:03 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\WinPatrol
[2013/01/18 09:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/01/18 09:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/01/18 09:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/01/17 21:41:24 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Acronis
[2013/01/17 21:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2013/01/17 21:37:50 | 000,367,200 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2013/01/17 21:37:45 | 001,294,432 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpman.sys
[2013/01/17 21:37:44 | 000,994,912 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2013/01/17 21:37:41 | 000,211,552 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\vididr.sys
[2013/01/17 21:37:41 | 000,146,528 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\vsflt67.sys
[2013/01/17 21:37:39 | 000,320,096 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2013/01/17 21:37:37 | 000,137,312 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys
[2013/01/17 21:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2013/01/17 21:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2013/01/17 21:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2013/01/17 19:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/17 18:54:36 | 000,000,000 | ---D | C] -- C:\Users\Comet\Documents\Denny(PRS)Oliver_145687641_61203_2012121
[2013/01/17 18:43:46 | 000,000,000 | ---D | C] -- C:\Users\Comet\Documents\toolbarcop
[2013/01/15 13:10:43 | 000,000,000 | ---D | C] -- C:\Users\Comet\Tracing
[2013/01/14 23:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/01/14 23:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013/01/14 23:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/01/14 13:59:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/01/11 14:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013/01/11 10:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/01/09 10:30:22 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 10:30:21 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 10:30:20 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 10:30:19 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 10:29:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 10:29:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 10:29:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 10:29:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 10:29:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 10:29:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 10:29:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 10:29:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 10:29:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 10:29:45 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 10:29:45 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 10:29:45 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 10:29:45 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 10:29:45 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 10:29:45 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 10:29:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 10:29:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 10:29:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 10:29:45 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 10:29:45 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 10:29:45 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 10:29:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 10:29:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 10:29:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 10:29:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 10:29:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 10:29:45 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 10:29:45 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 10:29:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 10:29:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 10:29:44 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 10:29:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 10:29:16 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 10:29:16 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 10:29:16 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 10:29:16 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 10:29:16 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 10:29:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 10:29:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 10:29:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 10:29:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 10:29:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:29:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:29:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 10:29:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:29:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:29:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:29:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:29:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:29:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:29:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:29:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:29:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:29:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:29:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:29:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:29:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:29:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:29:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:29:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:29:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:29:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:29:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:29:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:29:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:29:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 10:29:12 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 10:29:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 10:29:08 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/08 17:23:50 | 000,277,488 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2013/01/08 17:23:48 | 000,511,984 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2013/01/08 17:23:48 | 000,172,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2013/01/08 17:23:46 | 005,905,904 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2013/01/08 17:23:46 | 000,441,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2013/01/08 17:23:46 | 000,399,856 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2013/01/08 17:23:46 | 000,254,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2013/01/08 17:23:44 | 000,185,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2013/01/02 13:53:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/01/02 10:09:50 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/01/02 10:09:50 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/01/02 10:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/01/02 10:09:47 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/01/02 10:09:46 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/01/02 10:09:44 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/01/02 10:09:43 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/01/02 10:09:42 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/01/02 10:09:27 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/01/02 10:09:26 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/01/02 10:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/02 10:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/12/29 12:12:10 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Local\Programs
[2012/12/28 16:00:13 | 000,000,000 | ---D | C] -- C:\Users\Comet\dwhelper
[2012/12/28 15:49:09 | 065,087,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/12/28 15:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/12/28 14:25:12 | 000,000,000 | ---D | C] -- C:\Users\Comet\Desktop Shortcuts
[2012/12/28 13:50:35 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Audacity
[2012/12/28 13:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/12/28 13:29:47 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\SoftGrid Client
[2012/12/28 13:29:47 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Local\SoftGrid Client
[2012/12/28 13:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/12/28 13:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/12/27 15:30:27 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Local\CrashDumps
[2012/12/27 14:03:58 | 000,000,000 | ---D | C] -- C:\Users\Comet\Documents\Chimes
[2012/12/27 12:12:36 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Malwarebytes
[2012/12/27 12:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/27 12:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/27 12:12:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/27 12:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/27 12:07:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/12/27 12:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/12/27 12:07:19 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012/12/27 12:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/12/27 12:06:58 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Winamp
[2012/12/27 12:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012/12/27 12:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/12/27 12:01:29 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/12/27 11:33:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/12/27 11:33:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/12/27 11:24:44 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/27 11:24:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/27 11:24:22 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012/12/27 11:15:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/27 11:15:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/27 11:15:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/27 11:15:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/27 11:15:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/27 11:15:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/27 11:15:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/27 11:15:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/27 11:15:34 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/27 11:15:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/27 11:15:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/27 11:15:34 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/27 11:15:33 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/27 11:15:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/27 11:15:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/27 11:09:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/12/27 11:09:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/12/27 11:09:18 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/12/27 11:09:18 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/12/27 11:09:17 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/12/27 11:09:16 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/12/27 11:09:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/12/27 11:09:15 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/12/27 11:09:15 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/12/27 11:09:15 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/12/27 11:09:02 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/12/27 11:07:04 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/12/27 11:07:04 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/12/27 11:06:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/12/27 11:06:48 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/12/27 11:06:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/12/27 11:05:10 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/12/27 11:05:10 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/12/27 11:05:09 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/12/27 11:05:09 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/12/27 11:04:55 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/12/27 11:04:37 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/12/27 11:04:37 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/12/27 11:04:37 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/12/27 11:04:36 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/12/27 11:04:36 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/12/27 11:04:36 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/12/27 11:04:36 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/12/27 11:04:36 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/12/27 11:04:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/12/27 11:04:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/12/27 11:04:36 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/12/27 11:04:36 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/12/27 11:04:36 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/12/27 11:04:02 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/12/27 11:04:02 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/12/27 11:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/12/27 11:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/12/27 11:03:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/12/27 11:03:12 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/12/27 11:03:12 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/12/27 11:01:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/27 11:01:57 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/27 11:01:57 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/27 11:01:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/27 11:01:49 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/12/27 11:01:48 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/12/27 11:01:47 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/12/27 11:01:29 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/27 11:01:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/27 11:01:28 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/27 11:01:28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/27 11:01:03 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/12/27 11:01:03 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/12/27 11:00:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/12/27 10:59:41 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/12/27 10:59:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/12/27 10:59:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/12/27 10:59:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/12/27 10:59:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/12/27 10:59:10 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/12/27 10:59:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/12/27 10:58:39 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/12/27 10:58:39 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/12/27 10:58:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/12/27 10:58:39 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/12/27 10:58:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/12/27 10:58:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/12/27 10:58:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/12/27 10:58:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/12/27 10:58:05 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/12/27 10:57:11 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/27 10:57:11 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/27 10:56:56 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/12/27 10:56:41 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/12/27 10:55:49 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/12/27 10:55:49 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/12/27 10:55:49 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/12/27 10:55:49 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/12/27 10:55:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/12/27 10:55:46 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/12/27 10:54:10 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/12/27 10:53:54 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/12/27 10:53:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/12/27 10:52:50 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/12/27 10:52:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/12/27 10:52:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/12/27 10:52:34 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/12/27 10:52:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/12/27 10:52:19 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/12/27 10:51:29 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/12/27 10:50:42 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/12/27 10:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/27 10:50:27 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/12/27 10:50:27 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/12/27 10:50:11 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/12/27 10:50:11 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/12/27 10:49:24 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/12/27 10:49:24 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/12/27 10:49:07 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/12/27 10:48:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/12/27 10:48:40 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/12/27 10:48:40 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/12/27 10:48:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/12/27 10:48:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/12/27 10:35:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/12/27 10:31:35 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Roaming\Mozilla
[2012/12/27 10:31:35 | 000,000,000 | ---D | C] -- C:\Users\Comet\AppData\Local\Mozilla
[2012/12/27 10:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/12/27 10:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/12/27 10:29:54 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2012/12/27 10:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/12/27 10:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/12/27 10:22:02 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/12/27 10:22:02 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/12/27 10:17:16 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/12/27 10:17:16 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/12/27 10:17:16 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/12/27 10:17:04 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/12/27 10:17:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/12/27 10:17:04 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/12/27 10:16:58 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/12/27 10:16:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/12/27 10:16:42 | 000,000,000 | ---D | C] -- C:\Windows\pss

========== Files - Modified Within 30 Days ==========

[2013/01/19 21:47:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Comet\Desktop\OTL.exe
[2013/01/19 19:59:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 19:59:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 19:52:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/19 19:52:00 | 3146,047,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/19 18:03:12 | 000,000,842 | ---- | M] () -- C:\Users\Comet\Documents\cc_20130119_180308.reg
[2013/01/19 17:59:53 | 000,001,476 | ---- | M] () -- C:\Users\Comet\Documents\cc_20130119_175950.reg
[2013/01/19 17:59:41 | 000,005,506 | ---- | M] () -- C:\Users\Comet\Documents\cc_20130119_175938.reg
[2013/01/19 17:10:39 | 000,001,290 | ---- | M] () -- C:\Users\Comet\Documents\cc_20130119_171036.reg
[2013/01/19 16:06:09 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/19 16:06:09 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/19 14:18:20 | 000,000,166 | ---- | M] () -- C:\Users\Comet\Documents\cc_20130119_141817.reg
[2013/01/19 14:04:59 | 000,000,680 | ---- | M] () -- C:\Users\Comet\Documents\cc_20130119_140456.reg
[2013/01/18 10:59:18 | 000,582,262 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2013/01/18 00:55:43 | 000,000,866 | ---- | M] () -- C:\Users\Comet\Documents\cc_20130118_005540.reg
[2013/01/17 21:59:32 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/17 21:59:32 | 000,664,984 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/17 21:59:32 | 000,125,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/17 21:37:50 | 000,367,200 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2013/01/17 21:37:45 | 001,294,432 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpman.sys
[2013/01/17 21:37:44 | 000,994,912 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2013/01/17 21:37:41 | 000,211,552 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\vididr.sys
[2013/01/17 21:37:41 | 000,146,528 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\vsflt67.sys
[2013/01/17 21:37:39 | 000,320,096 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2013/01/17 21:37:37 | 000,137,312 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys
[2013/01/17 20:13:46 | 000,139,574 | ---- | M] () -- C:\Users\Comet\Documents\Receipt for Les Deux Moulin fragrance oil.png
[2013/01/17 18:57:53 | 000,006,014 | ---- | M] () -- C:\Users\Comet\Documents\cc_20130117_185747.reg
[2013/01/16 17:56:07 | 000,001,544 | ---- | M] () -- C:\Users\Comet\Documents\cc_20130116_175604.reg
[2013/01/16 17:45:43 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/01/15 00:01:44 | 000,015,448 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/01/14 10:49:55 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/09 10:37:51 | 000,765,624 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/08 17:23:50 | 000,277,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2013/01/08 17:23:48 | 000,511,984 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2013/01/08 17:23:48 | 000,172,016 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2013/01/08 17:23:46 | 005,905,904 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2013/01/08 17:23:46 | 000,441,840 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2013/01/08 17:23:46 | 000,399,856 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2013/01/08 17:23:46 | 000,254,960 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2013/01/08 17:23:44 | 000,185,840 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2013/01/02 10:09:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/31 10:02:57 | 001,544,448 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207020.003\Cat.DB
[2012/12/27 15:01:50 | 000,597,071 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.MVP
[2012/12/27 10:50:32 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/27 10:23:59 | 000,001,443 | ---- | M] () -- C:\Users\Comet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/01/19 18:03:09 | 000,000,842 | ---- | C] () -- C:\Users\Comet\Documents\cc_20130119_180308.reg
[2013/01/19 17:59:51 | 000,001,476 | ---- | C] () -- C:\Users\Comet\Documents\cc_20130119_175950.reg
[2013/01/19 17:59:39 | 000,005,506 | ---- | C] () -- C:\Users\Comet\Documents\cc_20130119_175938.reg
[2013/01/19 17:10:38 | 000,001,290 | ---- | C] () -- C:\Users\Comet\Documents\cc_20130119_171036.reg
[2013/01/19 14:18:18 | 000,000,166 | ---- | C] () -- C:\Users\Comet\Documents\cc_20130119_141817.reg
[2013/01/19 14:04:58 | 000,000,680 | ---- | C] () -- C:\Users\Comet\Documents\cc_20130119_140456.reg
[2013/01/18 00:55:41 | 000,000,866 | ---- | C] () -- C:\Users\Comet\Documents\cc_20130118_005540.reg
[2013/01/17 20:13:46 | 000,139,574 | ---- | C] () -- C:\Users\Comet\Documents\Receipt for Les Deux Moulin fragrance oil.png
[2013/01/17 18:57:48 | 000,006,014 | ---- | C] () -- C:\Users\Comet\Documents\cc_20130117_185747.reg
[2013/01/16 17:56:06 | 000,001,544 | ---- | C] () -- C:\Users\Comet\Documents\cc_20130116_175604.reg
[2013/01/16 17:43:37 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/01/15 00:01:44 | 000,015,448 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/01/14 10:49:55 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/14 10:49:55 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/02 10:09:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/12/28 13:50:18 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/12/27 11:24:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/27 11:01:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/27 10:50:32 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/27 10:23:59 | 000,001,443 | ---- | C] () -- C:\Users\Comet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/12 16:41:24 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/03/26 09:08:56 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/26 09:08:53 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/26 09:08:51 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/12 09:47:01 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2011/04/16 10:56:37 | 000,765,624 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 1/19/2013 9:49:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Comet\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 64.04% Memory free
3.90 Gb Paging File | 2.44 Gb Available in Paging File | 62.42% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.84 Gb Total Space | 875.93 Gb Free Space | 95.85% Space Free | Partition Type: NTFS

Computer Name: WINDOWS | User Name: Comet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-298761936-1198288888-1608458099-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3CE9AF5C-3184-49E1-A3EB-A4379CFCA824}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{87DDF0AC-8354-49A8-B551-ADB922B16ECD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8EDA14CC-8912-4EFA-B4E6-44B61C9E3FAF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B030E59A-E4F3-4C42-8F3C-7664962B5ED1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01124224-3CB6-4220-B5B9-BD38268917DA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{01CF9D6A-2D12-430B-8668-5381B17E7D76}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9A6060CA-9CD1-476E-847C-FD45C61DAF12}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C6007E97-81CF-4987-B302-1ACA630E8287}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DF83657F-3EF2-4BB9-A80C-F0B8F53B7D96}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE9DDE76-B62E-49E9-B41F-510F83D7706D}" = Acronis True Image Home 2012
"{DE9DDE76-B62E-49E9-B41F-510F83D7706D}Visible" = Acronis True Image Home 2012
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.82
"Audacity_is1" = Audacity 2.0.2
"avast" = avast! Free Antivirus
"DeskUpdate_is1" = DeskUpdate 4.11
"ESET Online Scanner" = ESET Online Scanner v3
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2013 8:52:51 PM | Computer Name = Windows | Source = WinMgmt | ID = 10
Description =

Error - 1/18/2013 5:22:31 AM | Computer Name = Windows | Source = WinMgmt | ID = 10
Description =

Error - 1/18/2013 7:43:46 AM | Computer Name = Windows | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 1/18/2013 2:27:46 PM | Computer Name = Windows | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2013 5:40:25 AM | Computer Name = Windows | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2013 7:16:54 AM | Computer Name = Windows | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 1/19/2013 10:08:18 AM | Computer Name = Windows | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2013 1:58:46 PM | Computer Name = Windows | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'IPC logging process' could not be shut down.

Error - 1/19/2013 2:05:40 PM | Computer Name = Windows | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2013 3:53:53 PM | Computer Name = Windows | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/15/2013 6:01:54 PM | Computer Name = Windows | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 1/15/2013 6:01:54 PM | Computer Name = Windows | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 1/15/2013 6:01:57 PM | Computer Name = Windows | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 1/15/2013 6:01:57 PM | Computer Name = Windows | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 1/15/2013 6:01:57 PM | Computer Name = Windows | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 1/15/2013 6:01:57 PM | Computer Name = Windows | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 1/16/2013 1:43:33 PM | Computer Name = Windows | Source = Service Control Manager | ID = 7030
Description = The SProtection service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/17/2013 5:58:13 PM | Computer Name = Windows | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on cannot be read.

Error - 1/17/2013 7:49:45 PM | Computer Name = Windows | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 1/17/2013 7:49:45 PM | Computer Name = Windows | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >
MESA
Regular Member
 
Posts: 35
Joined: January 17th, 2013, 3:11 pm

Re: Assistance required please.

Unread postby deltalima » January 19th, 2013, 6:30 pm

Hi MESA,

while running Gmer like you said windows just shut down with the advanced start page saying that widows didn't shut down successfully?I restarted windows normally and it booted up ok.


OK, we will run an alternative scan,

Please download TDSSKiller and save it to your Desktop.

  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • Under Additional Options check Verify file digital signatures
  • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

    DO NOT change the default actions.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply

PANDA ONLINE SCAN

Please go Here to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Assistance required please.

Unread postby MESA » January 19th, 2013, 6:43 pm

Hi there was no threats found with TDSSKiller.Just a thought I already have eset online scanner installed,will I scan with that or would you prefer Panda's scanner?Thank you.
MESA
Regular Member
 
Posts: 35
Joined: January 17th, 2013, 3:11 pm

Re: Assistance required please.

Unread postby deltalima » January 19th, 2013, 6:48 pm

Hi MESA,

no threats found with TDSSKiller.Just a thought I already have eset online scanner installed,will I scan with that or would you prefer Panda's scanner?


Please post the log from TDSSKiller then run the Panda scan as a second opinion to confirm the ESET results.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Assistance required please.

Unread postby MESA » January 19th, 2013, 7:34 pm

Hi there
Here's the TDSSKiller results.When the OTL scan rebooted the computer a few settings had been changed to their default status?The Panda Sacan just shows a page that says "today you are not infected" There is no option to export?

22:39:33.0576 4636 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:39:33.0763 4636 ============================================================
22:39:33.0763 4636 Current date / time: 2013/01/19 22:39:33.0763
22:39:33.0763 4636 SystemInfo:
22:39:33.0763 4636
22:39:33.0763 4636 OS Version: 6.1.7601 ServicePack: 1.0
22:39:33.0763 4636 Product type: Workstation
22:39:33.0763 4636 ComputerName: WINDOWS
22:39:33.0763 4636 UserName: Comet
22:39:33.0763 4636 Windows directory: C:\Windows
22:39:33.0763 4636 System windows directory: C:\Windows
22:39:33.0763 4636 Running under WOW64
22:39:33.0763 4636 Processor architecture: Intel x64
22:39:33.0763 4636 Number of processors: 4
22:39:33.0763 4636 Page size: 0x1000
22:39:33.0763 4636 Boot type: Normal boot
22:39:33.0763 4636 ============================================================
22:39:34.0122 4636 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:39:34.0137 4636 ============================================================
22:39:34.0137 4636 \Device\Harddisk0\DR0:
22:39:34.0137 4636 MBR partitions:
22:39:34.0137 4636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x402000, BlocksNum 0x723B0800
22:39:34.0184 4636 ============================================================
22:39:34.0247 4636 C: <-> \Device\Harddisk0\DR0\Partition1
22:39:34.0247 4636 ============================================================
22:39:34.0247 4636 Initialize success
22:39:34.0247 4636 ============================================================
22:40:53.0074 3172 ============================================================
22:40:53.0074 3172 Scan started
22:40:53.0074 3172 Mode: Manual; SigCheck;
22:40:53.0074 3172 ============================================================
22:40:53.0136 3172 ================ Scan system memory ========================
22:40:53.0136 3172 System memory - ok
22:40:53.0136 3172 ================ Scan services =============================
22:40:53.0245 3172 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:40:53.0308 3172 1394ohci - ok
22:40:53.0323 3172 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:40:53.0339 3172 ACPI - ok
22:40:53.0370 3172 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:40:53.0401 3172 AcpiPmi - ok
22:40:53.0495 3172 [ EBD6DA5AF94E4BB4DF475805D6BC3531 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
22:40:53.0526 3172 AcrSch2Svc - ok
22:40:53.0542 3172 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:40:53.0557 3172 adp94xx - ok
22:40:53.0573 3172 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:40:53.0588 3172 adpahci - ok
22:40:53.0588 3172 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:40:53.0604 3172 adpu320 - ok
22:40:53.0620 3172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:40:53.0666 3172 AeLookupSvc - ok
22:40:53.0698 3172 [ B794DD8ACC5CC76177156463DAB4BEBB ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
22:40:53.0713 3172 afcdp - ok
22:40:53.0760 3172 [ D53E0EAF55176E4B3BA407EA084DB8DA ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
22:40:53.0838 3172 afcdpsrv - ok
22:40:53.0900 3172 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:40:53.0932 3172 AFD - ok
22:40:53.0978 3172 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:40:53.0978 3172 agp440 - ok
22:40:53.0994 3172 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:40:54.0025 3172 ALG - ok
22:40:54.0056 3172 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:40:54.0072 3172 aliide - ok
22:40:54.0088 3172 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:40:54.0088 3172 amdide - ok
22:40:54.0103 3172 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:40:54.0119 3172 AmdK8 - ok
22:40:54.0134 3172 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:40:54.0166 3172 AmdPPM - ok
22:40:54.0181 3172 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:40:54.0197 3172 amdsata - ok
22:40:54.0228 3172 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:40:54.0228 3172 amdsbs - ok
22:40:54.0244 3172 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:40:54.0259 3172 amdxata - ok
22:40:54.0290 3172 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:40:54.0337 3172 AppID - ok
22:40:54.0353 3172 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:40:54.0384 3172 AppIDSvc - ok
22:40:54.0384 3172 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:40:54.0431 3172 Appinfo - ok
22:40:54.0446 3172 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:40:54.0462 3172 arc - ok
22:40:54.0478 3172 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:40:54.0478 3172 arcsas - ok
22:40:54.0602 3172 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:40:54.0602 3172 aspnet_state - ok
22:40:54.0665 3172 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:40:54.0680 3172 aswFsBlk - ok
22:40:54.0712 3172 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:40:54.0727 3172 aswMonFlt - ok
22:40:54.0743 3172 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:40:54.0743 3172 aswRdr - ok
22:40:54.0774 3172 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:40:54.0790 3172 aswSnx - ok
22:40:54.0790 3172 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:40:54.0805 3172 aswSP - ok
22:40:54.0821 3172 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:40:54.0821 3172 aswTdi - ok
22:40:54.0868 3172 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:54.0914 3172 AsyncMac - ok
22:40:54.0961 3172 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:40:54.0977 3172 atapi - ok
22:40:54.0992 3172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:40:55.0055 3172 AudioEndpointBuilder - ok
22:40:55.0055 3172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:40:55.0086 3172 AudioSrv - ok
22:40:55.0164 3172 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:40:55.0164 3172 avast! Antivirus - ok
22:40:55.0226 3172 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:40:55.0242 3172 AxInstSV - ok
22:40:55.0304 3172 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:40:55.0320 3172 b06bdrv - ok
22:40:55.0367 3172 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:40:55.0398 3172 b57nd60a - ok
22:40:55.0429 3172 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:40:55.0445 3172 BDESVC - ok
22:40:55.0492 3172 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:40:55.0523 3172 Beep - ok
22:40:55.0570 3172 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:40:55.0616 3172 BFE - ok
22:40:55.0648 3172 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:40:55.0694 3172 BITS - ok
22:40:55.0757 3172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:40:55.0772 3172 blbdrive - ok
22:40:55.0804 3172 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:40:55.0835 3172 bowser - ok
22:40:55.0850 3172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:40:55.0866 3172 BrFiltLo - ok
22:40:55.0866 3172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:40:55.0897 3172 BrFiltUp - ok
22:40:55.0960 3172 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:40:55.0960 3172 Browser - ok
22:40:55.0975 3172 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:40:56.0006 3172 Brserid - ok
22:40:56.0006 3172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:40:56.0038 3172 BrSerWdm - ok
22:40:56.0053 3172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:40:56.0069 3172 BrUsbMdm - ok
22:40:56.0069 3172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:40:56.0100 3172 BrUsbSer - ok
22:40:56.0100 3172 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:40:56.0116 3172 BTHMODEM - ok
22:40:56.0131 3172 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:40:56.0178 3172 bthserv - ok
22:40:56.0225 3172 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:40:56.0272 3172 cdfs - ok
22:40:56.0318 3172 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:40:56.0334 3172 cdrom - ok
22:40:56.0334 3172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:40:56.0365 3172 CertPropSvc - ok
22:40:56.0381 3172 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:40:56.0381 3172 circlass - ok
22:40:56.0396 3172 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:40:56.0412 3172 CLFS - ok
22:40:56.0474 3172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:56.0490 3172 clr_optimization_v2.0.50727_32 - ok
22:40:56.0506 3172 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:40:56.0521 3172 clr_optimization_v2.0.50727_64 - ok
22:40:56.0599 3172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:56.0599 3172 clr_optimization_v4.0.30319_32 - ok
22:40:56.0615 3172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:40:56.0615 3172 clr_optimization_v4.0.30319_64 - ok
22:40:56.0662 3172 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:40:56.0677 3172 CmBatt - ok
22:40:56.0693 3172 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:40:56.0693 3172 cmdide - ok
22:40:56.0724 3172 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
22:40:56.0755 3172 CNG - ok
22:40:56.0771 3172 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:40:56.0771 3172 Compbatt - ok
22:40:56.0802 3172 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:40:56.0833 3172 CompositeBus - ok
22:40:56.0833 3172 COMSysApp - ok
22:40:56.0927 3172 [ 4F19119C392210244FC0108E76939DC5 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:40:56.0927 3172 cphs - ok
22:40:56.0942 3172 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:40:56.0958 3172 crcdisk - ok
22:40:56.0974 3172 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:40:56.0989 3172 CryptSvc - ok
22:40:57.0098 3172 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:40:57.0114 3172 cvhsvc - ok
22:40:57.0176 3172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:40:57.0223 3172 DcomLaunch - ok
22:40:57.0286 3172 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:40:57.0317 3172 defragsvc - ok
22:40:57.0332 3172 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:40:57.0364 3172 DfsC - ok
22:40:57.0410 3172 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:40:57.0442 3172 Dhcp - ok
22:40:57.0473 3172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:40:57.0504 3172 discache - ok
22:40:57.0566 3172 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:40:57.0566 3172 Disk - ok
22:40:57.0598 3172 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:40:57.0613 3172 Dnscache - ok
22:40:57.0629 3172 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:40:57.0660 3172 dot3svc - ok
22:40:57.0676 3172 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:40:57.0707 3172 DPS - ok
22:40:57.0754 3172 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:40:57.0769 3172 drmkaud - ok
22:40:57.0785 3172 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:40:57.0800 3172 DXGKrnl - ok
22:40:57.0816 3172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:40:57.0847 3172 EapHost - ok
22:40:57.0894 3172 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:40:57.0956 3172 ebdrv - ok
22:40:57.0988 3172 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:40:58.0003 3172 EFS - ok
22:40:58.0050 3172 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:40:58.0081 3172 ehRecvr - ok
22:40:58.0097 3172 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:40:58.0112 3172 ehSched - ok
22:40:58.0144 3172 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:40:58.0159 3172 elxstor - ok
22:40:58.0175 3172 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:40:58.0190 3172 ErrDev - ok
22:40:58.0206 3172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:40:58.0237 3172 EventSystem - ok
22:40:58.0300 3172 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:40:58.0346 3172 exfat - ok
22:40:58.0393 3172 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:40:58.0424 3172 fastfat - ok
22:40:58.0471 3172 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:40:58.0502 3172 Fax - ok
22:40:58.0518 3172 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:40:58.0549 3172 fdc - ok
22:40:58.0565 3172 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:40:58.0596 3172 fdPHost - ok
22:40:58.0627 3172 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:40:58.0643 3172 FDResPub - ok
22:40:58.0658 3172 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:40:58.0658 3172 FileInfo - ok
22:40:58.0674 3172 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:40:58.0705 3172 Filetrace - ok
22:40:58.0736 3172 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:40:58.0736 3172 flpydisk - ok
22:40:58.0752 3172 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:40:58.0768 3172 FltMgr - ok
22:40:58.0846 3172 [ D4463A74E1BFBF3FB9B4FC6CF5390152 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
22:40:58.0861 3172 fltsrv - ok
22:40:58.0892 3172 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:40:58.0924 3172 FontCache - ok
22:40:58.0986 3172 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:40:58.0986 3172 FontCache3.0.0.0 - ok
22:40:59.0002 3172 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:40:59.0002 3172 FsDepends - ok
22:40:59.0048 3172 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:40:59.0064 3172 Fs_Rec - ok
22:40:59.0064 3172 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:40:59.0080 3172 fvevol - ok
22:40:59.0095 3172 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:40:59.0111 3172 gagp30kx - ok
22:40:59.0126 3172 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:40:59.0173 3172 gpsvc - ok
22:40:59.0189 3172 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:40:59.0204 3172 hcw85cir - ok
22:40:59.0220 3172 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:40:59.0236 3172 HdAudAddService - ok
22:40:59.0282 3172 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:40:59.0298 3172 HDAudBus - ok
22:40:59.0329 3172 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:40:59.0329 3172 HidBatt - ok
22:40:59.0345 3172 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:40:59.0360 3172 HidBth - ok
22:40:59.0376 3172 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:40:59.0376 3172 HidIr - ok
22:40:59.0392 3172 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:40:59.0423 3172 hidserv - ok
22:40:59.0454 3172 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:40:59.0470 3172 HidUsb - ok
22:40:59.0485 3172 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:40:59.0532 3172 hkmsvc - ok
22:40:59.0548 3172 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:40:59.0563 3172 HomeGroupListener - ok
22:40:59.0579 3172 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:40:59.0594 3172 HomeGroupProvider - ok
22:40:59.0626 3172 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:40:59.0641 3172 HpSAMD - ok
22:40:59.0657 3172 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:40:59.0704 3172 HTTP - ok
22:40:59.0750 3172 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:40:59.0750 3172 hwpolicy - ok
22:40:59.0766 3172 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:40:59.0782 3172 i8042prt - ok
22:40:59.0813 3172 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:40:59.0828 3172 iaStor - ok
22:40:59.0844 3172 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:40:59.0860 3172 iaStorV - ok
22:40:59.0906 3172 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:40:59.0922 3172 idsvc - ok
22:41:00.0016 3172 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:41:00.0125 3172 igfx - ok
22:41:00.0156 3172 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:41:00.0156 3172 iirsp - ok
22:41:00.0187 3172 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:41:00.0234 3172 IKEEXT - ok
22:41:00.0250 3172 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
22:41:00.0281 3172 Impcd - ok
22:41:00.0359 3172 [ 0B21B66574E5478FA10CCA2D36694C2D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:41:00.0390 3172 IntcAzAudAddService - ok
22:41:00.0452 3172 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:41:00.0468 3172 IntcDAud - ok
22:41:00.0484 3172 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:41:00.0499 3172 intelide - ok
22:41:00.0515 3172 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:41:00.0530 3172 intelppm - ok
22:41:00.0546 3172 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:41:00.0577 3172 IPBusEnum - ok
22:41:00.0593 3172 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:41:00.0624 3172 IpFilterDriver - ok
22:41:00.0640 3172 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:41:00.0671 3172 iphlpsvc - ok
22:41:00.0686 3172 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:41:00.0702 3172 IPMIDRV - ok
22:41:00.0733 3172 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:41:00.0764 3172 IPNAT - ok
22:41:00.0811 3172 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:41:00.0827 3172 IRENUM - ok
22:41:00.0842 3172 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:41:00.0842 3172 isapnp - ok
22:41:00.0858 3172 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:41:00.0874 3172 iScsiPrt - ok
22:41:00.0905 3172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:41:00.0920 3172 kbdclass - ok
22:41:00.0936 3172 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:41:00.0952 3172 kbdhid - ok
22:41:00.0998 3172 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:41:00.0998 3172 KeyIso - ok
22:41:01.0014 3172 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:41:01.0030 3172 KSecDD - ok
22:41:01.0045 3172 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:41:01.0061 3172 KSecPkg - ok
22:41:01.0061 3172 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:41:01.0092 3172 ksthunk - ok
22:41:01.0123 3172 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:41:01.0154 3172 KtmRm - ok
22:41:01.0217 3172 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:41:01.0248 3172 LanmanServer - ok
22:41:01.0264 3172 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:41:01.0295 3172 LanmanWorkstation - ok
22:41:01.0310 3172 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:41:01.0342 3172 lltdio - ok
22:41:01.0357 3172 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:41:01.0388 3172 lltdsvc - ok
22:41:01.0388 3172 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:41:01.0435 3172 lmhosts - ok
22:41:01.0482 3172 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:41:01.0482 3172 LSI_FC - ok
22:41:01.0498 3172 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:41:01.0513 3172 LSI_SAS - ok
22:41:01.0529 3172 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:41:01.0544 3172 LSI_SAS2 - ok
22:41:01.0544 3172 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:41:01.0560 3172 LSI_SCSI - ok
22:41:01.0576 3172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:41:01.0591 3172 luafv - ok
22:41:01.0638 3172 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:41:01.0654 3172 Mcx2Svc - ok
22:41:01.0669 3172 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:41:01.0669 3172 megasas - ok
22:41:01.0685 3172 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:41:01.0700 3172 MegaSR - ok
22:41:01.0716 3172 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:41:01.0747 3172 MMCSS - ok
22:41:01.0747 3172 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:41:01.0778 3172 Modem - ok
22:41:01.0778 3172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:41:01.0810 3172 monitor - ok
22:41:01.0825 3172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:41:01.0825 3172 mouclass - ok
22:41:01.0872 3172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:41:01.0888 3172 mouhid - ok
22:41:01.0919 3172 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:41:01.0934 3172 mountmgr - ok
22:41:01.0950 3172 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:41:01.0966 3172 mpio - ok
22:41:01.0966 3172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:41:01.0997 3172 mpsdrv - ok
22:41:02.0012 3172 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:41:02.0044 3172 MpsSvc - ok
22:41:02.0059 3172 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:41:02.0090 3172 MRxDAV - ok
22:41:02.0122 3172 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:41:02.0153 3172 mrxsmb - ok
22:41:02.0168 3172 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:41:02.0184 3172 mrxsmb10 - ok
22:41:02.0200 3172 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:41:02.0231 3172 mrxsmb20 - ok
22:41:02.0246 3172 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:41:02.0262 3172 msahci - ok
22:41:02.0262 3172 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:41:02.0278 3172 msdsm - ok
22:41:02.0293 3172 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:41:02.0309 3172 MSDTC - ok
22:41:02.0324 3172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:41:02.0356 3172 Msfs - ok
22:41:02.0387 3172 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:41:02.0418 3172 mshidkmdf - ok
22:41:02.0418 3172 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:41:02.0434 3172 msisadrv - ok
22:41:02.0434 3172 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:41:02.0465 3172 MSiSCSI - ok
22:41:02.0465 3172 msiserver - ok
22:41:02.0512 3172 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:41:02.0543 3172 MSKSSRV - ok
22:41:02.0590 3172 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:41:02.0621 3172 MSPCLOCK - ok
22:41:02.0636 3172 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:41:02.0668 3172 MSPQM - ok
22:41:02.0683 3172 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:41:02.0699 3172 MsRPC - ok
22:41:02.0699 3172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:41:02.0714 3172 mssmbios - ok
22:41:02.0714 3172 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:41:02.0746 3172 MSTEE - ok
22:41:02.0761 3172 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:41:02.0792 3172 MTConfig - ok
22:41:02.0808 3172 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:41:02.0808 3172 Mup - ok
22:41:02.0824 3172 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:41:02.0855 3172 napagent - ok
22:41:02.0917 3172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:41:02.0948 3172 NativeWifiP - ok
22:41:03.0011 3172 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:41:03.0026 3172 NDIS - ok
22:41:03.0058 3172 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:41:03.0089 3172 NdisCap - ok
22:41:03.0136 3172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:41:03.0167 3172 NdisTapi - ok
22:41:03.0182 3172 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:41:03.0214 3172 Ndisuio - ok
22:41:03.0229 3172 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:41:03.0276 3172 NdisWan - ok
22:41:03.0292 3172 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:41:03.0323 3172 NDProxy - ok
22:41:03.0338 3172 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:41:03.0370 3172 NetBIOS - ok
22:41:03.0385 3172 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:41:03.0416 3172 NetBT - ok
22:41:03.0448 3172 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:41:03.0463 3172 Netlogon - ok
22:41:03.0510 3172 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:41:03.0557 3172 Netman - ok
22:41:03.0604 3172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:41:03.0619 3172 NetMsmqActivator - ok
22:41:03.0635 3172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:41:03.0650 3172 NetPipeActivator - ok
22:41:03.0650 3172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:41:03.0713 3172 netprofm - ok
22:41:03.0713 3172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:41:03.0728 3172 NetTcpActivator - ok
22:41:03.0728 3172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:41:03.0744 3172 NetTcpPortSharing - ok
22:41:03.0775 3172 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:41:03.0791 3172 nfrd960 - ok
22:41:03.0822 3172 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:41:03.0838 3172 NlaSvc - ok
22:41:03.0853 3172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:41:03.0869 3172 Npfs - ok
22:41:03.0884 3172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:41:03.0916 3172 nsi - ok
22:41:03.0916 3172 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:41:03.0947 3172 nsiproxy - ok
22:41:04.0009 3172 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:41:04.0056 3172 Ntfs - ok
22:41:04.0056 3172 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:41:04.0087 3172 Null - ok
22:41:04.0118 3172 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:41:04.0134 3172 nvraid - ok
22:41:04.0150 3172 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:41:04.0165 3172 nvstor - ok
22:41:04.0165 3172 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:41:04.0181 3172 nv_agp - ok
22:41:04.0196 3172 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:41:04.0196 3172 ohci1394 - ok
22:41:04.0259 3172 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:41:04.0259 3172 ose - ok
22:41:04.0399 3172 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:41:04.0508 3172 osppsvc - ok
22:41:04.0508 3172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:41:04.0540 3172 p2pimsvc - ok
22:41:04.0540 3172 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:41:04.0571 3172 p2psvc - ok
22:41:04.0633 3172 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:41:04.0649 3172 Parport - ok
22:41:04.0680 3172 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:41:04.0680 3172 partmgr - ok
22:41:04.0696 3172 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:41:04.0727 3172 PcaSvc - ok
22:41:04.0742 3172 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:41:04.0758 3172 pci - ok
22:41:04.0774 3172 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:41:04.0789 3172 pciide - ok
22:41:04.0805 3172 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:41:04.0820 3172 pcmcia - ok
22:41:04.0836 3172 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:41:04.0852 3172 pcw - ok
22:41:04.0867 3172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:41:04.0898 3172 PEAUTH - ok
22:41:04.0976 3172 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:41:04.0992 3172 PerfHost - ok
22:41:05.0023 3172 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:41:05.0086 3172 pla - ok
22:41:05.0148 3172 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:41:05.0179 3172 PlugPlay - ok
22:41:05.0179 3172 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:41:05.0195 3172 PNRPAutoReg - ok
22:41:05.0210 3172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:41:05.0226 3172 PNRPsvc - ok
22:41:05.0226 3172 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:41:05.0257 3172 PolicyAgent - ok
22:41:05.0288 3172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:41:05.0320 3172 Power - ok
22:41:05.0366 3172 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:41:05.0398 3172 PptpMiniport - ok
22:41:05.0413 3172 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:41:05.0429 3172 Processor - ok
22:41:05.0460 3172 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:41:05.0476 3172 ProfSvc - ok
22:41:05.0491 3172 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:41:05.0491 3172 ProtectedStorage - ok
22:41:05.0538 3172 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:41:05.0569 3172 Psched - ok
22:41:05.0632 3172 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:41:05.0663 3172 ql2300 - ok
22:41:05.0678 3172 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:41:05.0694 3172 ql40xx - ok
22:41:05.0710 3172 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:41:05.0725 3172 QWAVE - ok
22:41:05.0725 3172 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:41:05.0756 3172 QWAVEdrv - ok
22:41:05.0772 3172 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:41:05.0803 3172 RasAcd - ok
22:41:05.0834 3172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:41:05.0866 3172 RasAgileVpn - ok
22:41:05.0866 3172 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:41:05.0912 3172 RasAuto - ok
22:41:05.0912 3172 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:41:05.0959 3172 Rasl2tp - ok
22:41:06.0006 3172 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:41:06.0037 3172 RasMan - ok
22:41:06.0053 3172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:41:06.0068 3172 RasPppoe - ok
22:41:06.0100 3172 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:41:06.0146 3172 RasSstp - ok
22:41:06.0162 3172 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:41:06.0193 3172 rdbss - ok
22:41:06.0209 3172 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:41:06.0224 3172 rdpbus - ok
22:41:06.0224 3172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:41:06.0271 3172 RDPCDD - ok
22:41:06.0318 3172 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:41:06.0349 3172 RDPENCDD - ok
22:41:06.0365 3172 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:41:06.0396 3172 RDPREFMP - ok
22:41:06.0412 3172 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:41:06.0427 3172 RDPWD - ok
22:41:06.0443 3172 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:41:06.0443 3172 rdyboost - ok
22:41:06.0458 3172 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:41:06.0505 3172 RemoteAccess - ok
22:41:06.0521 3172 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:41:06.0568 3172 RemoteRegistry - ok
22:41:06.0568 3172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:41:06.0599 3172 RpcEptMapper - ok
22:41:06.0614 3172 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:41:06.0630 3172 RpcLocator - ok
22:41:06.0646 3172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:41:06.0677 3172 RpcSs - ok
22:41:06.0692 3172 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:41:06.0724 3172 rspndr - ok
22:41:06.0770 3172 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:41:06.0786 3172 RTL8167 - ok
22:41:06.0786 3172 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:41:06.0802 3172 SamSs - ok
22:41:06.0817 3172 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:41:06.0817 3172 sbp2port - ok
22:41:06.0833 3172 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:41:06.0880 3172 SCardSvr - ok
22:41:06.0880 3172 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:41:06.0911 3172 scfilter - ok
22:41:06.0958 3172 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:41:07.0004 3172 Schedule - ok
22:41:07.0020 3172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:41:07.0051 3172 SCPolicySvc - ok
22:41:07.0067 3172 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:41:07.0082 3172 SDRSVC - ok
22:41:07.0129 3172 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:41:07.0160 3172 secdrv - ok
22:41:07.0176 3172 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:41:07.0207 3172 seclogon - ok
22:41:07.0238 3172 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:41:07.0285 3172 SENS - ok
22:41:07.0301 3172 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:41:07.0316 3172 SensrSvc - ok
22:41:07.0332 3172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:41:07.0348 3172 Serenum - ok
22:41:07.0363 3172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:41:07.0379 3172 Serial - ok
22:41:07.0410 3172 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:41:07.0426 3172 sermouse - ok
22:41:07.0457 3172 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:41:07.0488 3172 SessionEnv - ok
22:41:07.0519 3172 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:41:07.0535 3172 sffdisk - ok
22:41:07.0566 3172 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:41:07.0582 3172 sffp_mmc - ok
22:41:07.0597 3172 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:41:07.0613 3172 sffp_sd - ok
22:41:07.0628 3172 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:41:07.0644 3172 sfloppy - ok
22:41:07.0706 3172 [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:41:07.0722 3172 Sftfs - ok
22:41:07.0784 3172 [ BFDB58616FF5EA540A5F58301D50641E ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:41:07.0800 3172 sftlist - ok
22:41:07.0816 3172 [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:41:07.0831 3172 Sftplay - ok
22:41:07.0831 3172 [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:41:07.0831 3172 Sftredir - ok
22:41:07.0847 3172 [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:41:07.0847 3172 Sftvol - ok
22:41:07.0862 3172 [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:41:07.0878 3172 sftvsa - ok
22:41:07.0878 3172 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:41:07.0909 3172 SharedAccess - ok
22:41:07.0925 3172 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:41:07.0972 3172 ShellHWDetection - ok
22:41:08.0018 3172 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:41:08.0034 3172 SiSRaid2 - ok
22:41:08.0034 3172 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:41:08.0050 3172 SiSRaid4 - ok
22:41:08.0081 3172 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:41:08.0112 3172 Smb - ok
22:41:08.0159 3172 [ F26AAD9ADFC9B62AC59A004A913C92DA ] snapman C:\Windows\system32\DRIVERS\snapman.sys
22:41:08.0174 3172 snapman - ok
22:41:08.0174 3172 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:41:08.0190 3172 SNMPTRAP - ok
22:41:08.0206 3172 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:41:08.0206 3172 spldr - ok
22:41:08.0237 3172 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:41:08.0252 3172 Spooler - ok
22:41:08.0315 3172 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:41:08.0424 3172 sppsvc - ok
22:41:08.0440 3172 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:41:08.0471 3172 sppuinotify - ok
22:41:08.0518 3172 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:41:08.0549 3172 srv - ok
22:41:08.0580 3172 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:41:08.0596 3172 srv2 - ok
22:41:08.0596 3172 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:41:08.0611 3172 srvnet - ok
22:41:08.0674 3172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:41:08.0705 3172 SSDPSRV - ok
22:41:08.0705 3172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:41:08.0752 3172 SstpSvc - ok
22:41:08.0767 3172 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:41:08.0767 3172 stexstor - ok
22:41:08.0814 3172 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:41:08.0845 3172 stisvc - ok
22:41:08.0861 3172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:41:08.0876 3172 swenum - ok
22:41:08.0892 3172 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:41:08.0939 3172 swprv - ok
22:41:09.0048 3172 [ 4977DE9158B2ABB400F5039B1F714E13 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
22:41:09.0173 3172 syncagentsrv - ok
22:41:09.0204 3172 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:41:09.0266 3172 SysMain - ok
22:41:09.0266 3172 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:41:09.0282 3172 TabletInputService - ok
22:41:09.0313 3172 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:41:09.0360 3172 TapiSrv - ok
22:41:09.0376 3172 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:41:09.0407 3172 TBS - ok
22:41:09.0454 3172 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:41:09.0516 3172 Tcpip - ok
22:41:09.0578 3172 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:41:09.0610 3172 TCPIP6 - ok
22:41:09.0641 3172 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:41:09.0656 3172 tcpipreg - ok
22:41:09.0672 3172 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:41:09.0688 3172 TDPIPE - ok
22:41:09.0766 3172 [ 7BC43335C778370FD0040D5224D8EDEB ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
22:41:09.0797 3172 tdrpman - ok
22:41:09.0828 3172 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:41:09.0828 3172 TDTCP - ok
22:41:09.0859 3172 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:41:09.0890 3172 tdx - ok
22:41:09.0906 3172 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:41:09.0906 3172 TermDD - ok
22:41:09.0937 3172 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:41:09.0968 3172 TermService - ok
22:41:09.0984 3172 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:41:10.0015 3172 Themes - ok
22:41:10.0031 3172 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:41:10.0046 3172 THREADORDER - ok
22:41:10.0078 3172 [ 7D68EAB50DF8B71408B645BA8581800E ] timounter C:\Windows\system32\DRIVERS\timntr.sys
22:41:10.0093 3172 timounter - ok
22:41:10.0124 3172 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
22:41:10.0140 3172 TPM - ok
22:41:10.0156 3172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:41:10.0187 3172 TrkWks - ok
22:41:10.0234 3172 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:41:10.0265 3172 TrustedInstaller - ok
22:41:10.0280 3172 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:41:10.0296 3172 tssecsrv - ok
22:41:10.0343 3172 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:41:10.0358 3172 TsUsbFlt - ok
22:41:10.0390 3172 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:41:10.0405 3172 TsUsbGD - ok
22:41:10.0421 3172 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:41:10.0436 3172 tunnel - ok
22:41:10.0452 3172 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:41:10.0468 3172 uagp35 - ok
22:41:10.0468 3172 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:41:10.0499 3172 udfs - ok
22:41:10.0514 3172 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:41:10.0530 3172 UI0Detect - ok
22:41:10.0546 3172 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:41:10.0561 3172 uliagpkx - ok
22:41:10.0577 3172 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:41:10.0592 3172 umbus - ok
22:41:10.0639 3172 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:41:10.0639 3172 UmPass - ok
22:41:10.0655 3172 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:41:10.0686 3172 upnphost - ok
22:41:10.0702 3172 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
22:41:10.0733 3172 usbccgp - ok
22:41:10.0748 3172 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:41:10.0764 3172 usbcir - ok
22:41:10.0795 3172 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:41:10.0795 3172 usbehci - ok
22:41:10.0811 3172 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:41:10.0842 3172 usbhub - ok
22:41:10.0858 3172 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:41:10.0873 3172 usbohci - ok
22:41:10.0904 3172 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:41:10.0920 3172 usbprint - ok
22:41:10.0920 3172 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:41:10.0951 3172 USBSTOR - ok
22:41:10.0951 3172 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:41:10.0967 3172 usbuhci - ok
22:41:10.0982 3172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:41:11.0029 3172 UxSms - ok
22:41:11.0045 3172 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:41:11.0060 3172 VaultSvc - ok
22:41:11.0060 3172 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:41:11.0076 3172 vdrvroot - ok
22:41:11.0092 3172 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:41:11.0123 3172 vds - ok
22:41:11.0138 3172 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:41:11.0154 3172 vga - ok
22:41:11.0154 3172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:41:11.0185 3172 VgaSave - ok
22:41:11.0201 3172 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:41:11.0216 3172 vhdmp - ok
22:41:11.0232 3172 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:41:11.0232 3172 viaide - ok
22:41:11.0248 3172 [ ACBCBD8421920D20F1F40B6F76A4C213 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
22:41:11.0263 3172 vididr - ok
22:41:11.0294 3172 [ 905DD422D28A32FACE8AE695B3823843 ] vidsflt67 C:\Windows\system32\DRIVERS\vsflt67.sys
22:41:11.0310 3172 vidsflt67 - ok
22:41:11.0326 3172 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:41:11.0341 3172 volmgr - ok
22:41:11.0357 3172 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:41:11.0372 3172 volmgrx - ok
22:41:11.0372 3172 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:41:11.0388 3172 volsnap - ok
22:41:11.0435 3172 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:41:11.0435 3172 vsmraid - ok
22:41:11.0482 3172 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:41:11.0528 3172 VSS - ok
22:41:11.0560 3172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:41:11.0575 3172 vwifibus - ok
22:41:11.0606 3172 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:41:11.0653 3172 W32Time - ok
22:41:11.0669 3172 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:41:11.0684 3172 WacomPen - ok
22:41:11.0684 3172 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:41:11.0716 3172 WANARP - ok
22:41:11.0716 3172 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:41:11.0731 3172 Wanarpv6 - ok
22:41:11.0778 3172 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:41:11.0825 3172 WatAdminSvc - ok
22:41:11.0856 3172 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:41:11.0903 3172 wbengine - ok
22:41:11.0903 3172 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:41:11.0918 3172 WbioSrvc - ok
22:41:11.0934 3172 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:41:11.0950 3172 wcncsvc - ok
22:41:11.0965 3172 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:41:11.0996 3172 WcsPlugInService - ok
22:41:11.0996 3172 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:41:12.0012 3172 Wd - ok
22:41:12.0043 3172 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:41:12.0059 3172 Wdf01000 - ok
22:41:12.0059 3172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:41:12.0090 3172 WdiServiceHost - ok
22:41:12.0090 3172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:41:12.0106 3172 WdiSystemHost - ok
22:41:12.0121 3172 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:41:12.0137 3172 WebClient - ok
22:41:12.0168 3172 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:41:12.0199 3172 Wecsvc - ok
22:41:12.0199 3172 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:41:12.0230 3172 wercplsupport - ok
22:41:12.0277 3172 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:41:12.0308 3172 WerSvc - ok
22:41:12.0308 3172 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:41:12.0340 3172 WfpLwf - ok
22:41:12.0340 3172 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:41:12.0355 3172 WIMMount - ok
22:41:12.0371 3172 WinDefend - ok
22:41:12.0371 3172 WinHttpAutoProxySvc - ok
22:41:12.0418 3172 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:41:12.0449 3172 Winmgmt - ok
22:41:12.0480 3172 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:41:12.0542 3172 WinRM - ok
22:41:12.0558 3172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:41:12.0589 3172 Wlansvc - ok
22:41:12.0652 3172 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:41:12.0652 3172 wlcrasvc - ok
22:41:12.0730 3172 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:41:12.0792 3172 wlidsvc - ok
22:41:12.0808 3172 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:41:12.0823 3172 WmiAcpi - ok
22:41:12.0854 3172 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:41:12.0870 3172 wmiApSrv - ok
22:41:12.0870 3172 WMPNetworkSvc - ok
22:41:12.0917 3172 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:41:12.0932 3172 WPCSvc - ok
22:41:12.0932 3172 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:41:12.0948 3172 WPDBusEnum - ok
22:41:12.0964 3172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:41:12.0995 3172 ws2ifsl - ok
22:41:13.0010 3172 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:41:13.0026 3172 wscsvc - ok
22:41:13.0042 3172 WSearch - ok
22:41:13.0104 3172 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:41:13.0166 3172 wuauserv - ok
22:41:13.0182 3172 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:41:13.0198 3172 WudfPf - ok
22:41:13.0244 3172 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:41:13.0276 3172 WUDFRd - ok
22:41:13.0291 3172 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:41:13.0307 3172 wudfsvc - ok
22:41:13.0322 3172 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:41:13.0354 3172 WwanSvc - ok
22:41:13.0385 3172 ================ Scan global ===============================
22:41:13.0400 3172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:41:13.0416 3172 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:41:13.0432 3172 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:41:13.0447 3172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:41:13.0463 3172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:41:13.0478 3172 [Global] - ok
22:41:13.0478 3172 ================ Scan MBR ==================================
22:41:13.0478 3172 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:41:13.0681 3172 \Device\Harddisk0\DR0 - ok
22:41:13.0681 3172 ================ Scan VBR ==================================
22:41:13.0728 3172 [ 318B8BFF9F3A3E576615C059DDE9D313 ] \Device\Harddisk0\DR0\Partition1
22:41:13.0728 3172 \Device\Harddisk0\DR0\Partition1 - ok
22:41:13.0728 3172 ============================================================
22:41:13.0728 3172 Scan finished
22:41:13.0728 3172 ============================================================
22:41:13.0744 5016 Detected object count: 0
22:41:13.0744 5016 Actual detected object count: 0
22:42:07.0361 4628 Deinitialize success
MESA
Regular Member
 
Posts: 35
Joined: January 17th, 2013, 3:11 pm

Re: Assistance required please.

Unread postby deltalima » January 19th, 2013, 7:41 pm

Hi MESA,

When the OTL scan rebooted the computer a few settings had been changed to their default status


The cleanup below should return those settings.

I'm a bit worried it may have compromised my system?I would really appreciate if you could have a look over and help to clear any possible remnants


The logs look clean, there are no signs of active malware on the computer.

Please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Assistance required please.

Unread postby MESA » January 19th, 2013, 7:52 pm

Thank you for your help.I do adhere to those rules and practice safe computing!Is there anything left over/invalid entries from deleting the toolbars that could be cleaned up at all?Thanks.
MESA
Regular Member
 
Posts: 35
Joined: January 17th, 2013, 3:11 pm

Re: Assistance required please.

Unread postby deltalima » January 20th, 2013, 9:35 am

MESA wrote:Is there anything left over/invalid entries from deleting the toolbars that could be cleaned up at all?


No, nothing to clear.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware