Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Infection.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Infection.

Unread postby Cas34 » June 25th, 2013, 4:45 am

Hi,

I have recently noticed that strange files have been popping up on my PC and that my browser has been acting strangely at times. For example my emails are taking forever to load, if they load at all and I keep getting the load icon appearing for no reason and refusing to go away which makes me suspicious that I have an infection. In addition, I use a programme called Sandboxie to run my browser and normally when I delete it and my PC is clean from infection there are only around 20-40 files deleted. However, now when I delete the Sandboxie I am deleting 70+ files and often in the hundreds. Therefore, I would greatly appreciate it if someone could take a look at my logs and see if they can spot any nasties lurking in the background. Please find my logs below:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Computa at 9:37:22 on 2013-06-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4094.2264 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe6
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Windows\DAODx.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\AUDIODG.EXE
E:\Key Pass\KeePass.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A3E7D795-95FF-418A-B054-7B8AB5451598} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Computa\AppData\Roaming\Mozilla\Firefox\Profiles\7kki11en.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-1 52856]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-19 202752]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-7-27 96896]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-27 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-27 325664]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-7-27 1301504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-8-15 2438696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-6 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-29 1255736]
.
=============== Created Last 30 ================
.
2013-06-25 00:35:56 -------- d-----w- C:\Users\Computa\AppData\Local\Programs
2013-06-25 00:15:53 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F4C1DD6-9625-4276-ABCD-A5632E96777B}\offreg.dll
2013-06-24 23:58:36 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F4C1DD6-9625-4276-ABCD-A5632E96777B}\mpengine.dll
2013-06-24 22:42:27 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-24 00:25:00 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 15:48:00 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE20585F-2308-4056-BCB3-71A6295E2128}\gapaengine.dll
2013-06-09 17:04:35 -------- d-----w- C:\Users\Computa\AppData\Roaming\KeePass
2013-06-09 16:57:06 -------- d-----w- C:\Windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
.
==================== Find3M ====================
.
2013-05-17 06:14:05 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-05-16 18:21:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-16 17:10:29 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 16:44:21 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-15 19:12:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-15 19:12:59 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 9:37:49.42 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 27/07/2010 22:37:29
System Uptime: 25/06/2013 07:36:59 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 22.301 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 33.738 GiB free.
E: is FIXED (NTFS) - 814 GiB total, 696.886 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\FFFFFFFFFFFFFFFF00
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\FFFFFFFFFFFFFFFF00
Service:
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_A2ACC\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_A2ACC\0000
Service:
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_A2INJECTIONDRIVER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_A2INJECTIONDRIVER\0000
Service:
.
==== System Restore Points ===================
.
RP666: 20/06/2013 08:54:21 - Windows Update
RP667: 23/06/2013 12:22:19 - Windows Update
RP668: 24/06/2013 18:30:14 - Revo Uninstaller's restore point - Room Arranger
RP669: 24/06/2013 18:31:38 - Revo Uninstaller's restore point - League of Legends
RP670: 24/06/2013 18:31:55 - Removed League of Legends
RP671: 24/06/2013 18:42:31 - Windows Update
RP672: 25/06/2013 01:04:05 - Removed Microsoft SQL Server 2012 Command Line Utilities RC0
RP673: 25/06/2013 01:05:05 - Removed Microsoft SQL Server 2012 Data-Tier App Framework
RP674: 25/06/2013 01:05:50 - Removed Microsoft SQL Server 2012 Express LocalDB RC0
RP675: 25/06/2013 01:07:26 - Removed Microsoft SQL Server 2012 Management Objects RC0 (x64)
RP676: 25/06/2013 01:09:10 - Removed Microsoft SQL Server 2012 Native Client RC0
RP677: 25/06/2013 01:09:51 - Removed Microsoft SQL Server 2012 Transact-SQL Compiler Service RC0
RP678: 25/06/2013 01:10:45 - Removed Microsoft SQL Server 2012 Transact-SQL ScriptDom RC0
RP679: 25/06/2013 01:11:25 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
RP680: 25/06/2013 01:12:32 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
RP681: 25/06/2013 01:13:36 - Removed Microsoft Visual C++ 2005 Redistributable
RP682: 25/06/2013 01:14:29 - Removed Path of Exile
RP683: 25/06/2013 01:18:36 - Removed Microsoft Visual C++ 2005 Redistributable (x64)
RP684: 25/06/2013 01:20:54 - Removed Microsoft Visual C++ 2005 Redistributable (x64)
RP685: 25/06/2013 01:21:37 - Removed Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
RP686: 25/06/2013 01:23:11 - Removed Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
RP687: 25/06/2013 01:25:28 - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help English
CDDRV_Installer
CyberGhost VPN
D3DX10
Dev-C++
EPD_free-7.3-2
EPU
erLT
ERUNT 1.1j
ESET Online Scanner v3
Exact Audio Copy 0.99pb5
Express Gate
foobar2000 v1.0.3
Football Manager 2009
HydraVision
KhalInstallWrapper
Logitech SetPoint
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4.5 Beta
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
Microsoft System CLR Types for SQL Server 2012 RC0 (x64)
Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Web Deploy 3.0
Microsoft Web Platform Installer 4.0
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML4 Parser
Mumble 1.2.3
Notepad++
Philips Songbird
Platform
PrimoPDF -- brought to you by Nitro PDF Software
Python 2.7.3
Realtek Ethernet Controller Driver For Windows 7
Revo Uninstaller 1.89
Sandboxie 3.72 (64-bit)
Secunia PSI (3.0.0.2004)
Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Spybot - Search & Destroy
STDU Viewer version 1.5.427.0
Steam
The Elder Scrolls V: Skyrim
TurboV EVO
Ubuntu
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client for Windows x64
VIA Platform Device Manager
VLC media player 2.0.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
25/06/2013 00:57:11, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm
Advertisement
Register to Remove

Re: Possible Infection.

Unread postby nunped » June 27th, 2013, 6:12 am

Hello Cas34, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Infection.

Unread postby Cas34 » June 27th, 2013, 4:54 pm

Numped, I would like to thank you for your response. I have read the forum sticky prior to posting and can confirm that the help I have requested is for this PC only and that I have administrator rights. I shall also make sure that I do not run any removal tools or install any new software or hardware. I shall also ensure that I do not post at other sites and keep this topic contained to this post.

Will keep checking for your next response.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Infection.

Unread postby nunped » June 29th, 2013, 7:22 am

Hi Cas34,

Step 1 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 2 - TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select "run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Infection.

Unread postby Cas34 » June 29th, 2013, 12:51 pm

OTL logfile created on: 29/06/2013 17:28:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computa\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.31% Memory free
7.99 Gb Paging File | 5.67 Gb Available in Paging File | 70.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78.13 Gb Total Space | 24.09 Gb Free Space | 30.83% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 33.74 Gb Free Space | 86.37% Space Free | Partition Type: NTFS
Drive E: | 814.31 Gb Total Space | 696.89 Gb Free Space | 85.58% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 7.45 Gb Total Space | 3.67 Gb Free Space | 49.24% Space Free | Partition Type: FAT32

Computer Name: COMPUTA-PC | User Name: Computa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/29 17:27:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computa\Desktop\OTL.exe
PRC - [2013/05/11 23:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/27 08:25:06 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/06/27 08:25:04 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/06/27 08:25:04 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/06/17 08:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\32\SbieSvc.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/03 09:38:32 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2010/04/07 18:24:46 | 009,919,104 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/04/02 15:21:50 | 001,109,632 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/03/16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009/12/28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/10/16 07:12:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/03/30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/15 16:25:28 | 000,756,736 | ---- | M] (Dominik Reichl) -- E:\Key Pass\KeePass.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/11 23:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/03 09:38:32 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010/01/08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010/01/08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009/09/30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009/06/24 08:47:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll
MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll
MOD - [2009/03/30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2008/12/10 20:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/06/17 08:52:14 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/05/04 15:26:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2009/09/19 03:17:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/06 23:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/15 20:12:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/01 07:29:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/27 08:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/06/27 08:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/01/30 18:59:44 | 000,103,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/10/16 07:12:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/01 07:26:42 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/06/17 08:52:12 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/12/15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/09 04:42:14 | 000,325,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/19 05:32:36 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/23 15:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/03/02 12:06:50 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE DD F2 5E 65 59 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {C2B811B5-E60F-4DC1-9576-EDFA385F5459}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C2B811B5-E60F-4DC1-9576-EDFA385F5459}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... =937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/25 00:57:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/19 19:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computa\AppData\Roaming\Mozilla\Extensions
[2012/09/19 19:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computa\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/01/29 21:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computa\AppData\Roaming\Mozilla\Firefox\Profiles\7kki11en.default\extensions
[2013/06/24 23:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/24 23:42:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/07/21 06:53:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3E7D795-95FF-418A-B054-7B8AB5451598}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/27 20:54:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 10:29:38 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/29 17:27:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Computa\Desktop\OTL.exe
[2013/06/29 13:08:02 | 000,000,000 | ---D | C] -- C:\Users\Computa\Documents\Tech Docs
[2013/06/29 07:52:37 | 000,000,000 | ---D | C] -- C:\Users\Computa\Documents\Letters
[2013/06/25 09:35:21 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Computa\Desktop\dds.scr
[2013/06/25 01:35:56 | 000,000,000 | ---D | C] -- C:\Users\Computa\AppData\Local\Programs
[2013/06/24 18:42:21 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/24 18:42:20 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/24 18:42:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/24 18:42:20 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/24 18:42:20 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/24 18:42:20 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/24 18:42:20 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/24 18:42:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/24 18:42:17 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/24 18:42:17 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/24 18:42:17 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/24 18:42:17 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/24 18:42:16 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/24 18:42:09 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/24 18:42:09 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/09 18:04:35 | 000,000,000 | ---D | C] -- C:\Users\Computa\AppData\Roaming\KeePass
[2013/06/09 08:02:29 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/06/09 08:02:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/06/09 08:02:28 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/06/09 08:02:28 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/06/09 08:02:17 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/06/09 08:02:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/06/09 08:02:16 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/29 17:27:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computa\Desktop\OTL.exe
[2013/06/29 17:25:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/29 17:25:38 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/29 07:47:17 | 000,001,086 | ---- | M] () -- C:\Users\Computa\Desktop\regedit.lnk
[2013/06/28 20:56:43 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/06/28 20:53:48 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/28 20:53:48 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/28 20:52:22 | 000,780,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/28 20:52:22 | 000,665,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/28 20:52:22 | 000,125,790 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/28 20:46:31 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/25 09:35:24 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Computa\Desktop\dds.scr
[2013/06/24 23:42:38 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/09 18:07:16 | 000,313,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/29 07:47:00 | 000,001,086 | ---- | C] () -- C:\Users\Computa\Desktop\regedit.lnk
[2013/06/24 23:42:38 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/16 15:33:33 | 000,176,235 | ---- | C] () -- C:\Windows\SysWow64\Primomonnt.dll
[2012/09/01 07:26:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/06/25 20:50:13 | 000,001,944 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/06/19 23:46:06 | 000,004,605 | ---- | C] () -- C:\Users\Computa\AppData\Local\recently-used.xbel
[2012/05/07 16:39:32 | 000,036,382 | ---- | C] () -- C:\Users\Computa\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/01/31 00:46:53 | 000,005,632 | ---- | C] () -- C:\Users\Computa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/16 14:06:02 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 29/06/2013 17:28:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computa\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.31% Memory free
7.99 Gb Paging File | 5.67 Gb Available in Paging File | 70.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78.13 Gb Total Space | 24.09 Gb Free Space | 30.83% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 33.74 Gb Free Space | 86.37% Space Free | Partition Type: NTFS
Drive E: | 814.31 Gb Total Space | 696.89 Gb Free Space | 85.58% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 7.45 Gb Total Space | 3.67 Gb Free Space | 49.24% Space Free | Partition Type: FAT32

Computer Name: COMPUTA-PC | User Name: Computa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17700CB1-CF0E-4EE9-8173-6BEF75D9F580}" = lport=138 | protocol=17 | dir=in | app=system |
"{19BAEB47-47EF-43DE-B5F6-7A21C53E86F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28E157F8-76E4-422D-B19C-E9918C652405}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A3CFAA7-32B4-4357-B72A-CBC17DD6E2EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B1EF1F6-BB20-401E-A1DD-D36D2382D5E9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3C493DC5-65E7-4E3D-8568-66A32D0446EC}" = rport=139 | protocol=6 | dir=out | app=system |
"{40B2CE2B-2CE7-47F3-B3FD-9DB74B4AA929}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4198C1B3-EB1D-4517-B3E2-F89048856447}" = lport=139 | protocol=6 | dir=in | app=system |
"{5F5DBA3E-E821-4F2E-BB9E-15DFB439AC21}" = lport=50011 | protocol=6 | dir=in | name=possible trojans2 |
"{61D8DB0C-4FA7-49E8-A4E7-B41A63B9F9E9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{683B83F4-C60C-4541-9F20-E7FE05E431F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71D35FE6-034E-4DD1-B48E-4AFB3A3FC727}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{736EA59E-6BB4-4A2A-819D-C3C42B36DC7D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74731F06-69D9-41F2-AB7A-72F97A7580DF}" = lport=40012 | protocol=6 | dir=in | name=possible trojans |
"{772303E1-A670-40D2-8971-31F6F496AB92}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7E03535F-74F6-478D-9CCD-37842CF73FE5}" = rport=138 | protocol=17 | dir=out | app=system |
"{9280F28B-AED7-4747-9D27-55A93F68F523}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B3DEF0C-7632-4383-B074-6DA8B89C1639}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AD8835E5-4885-4441-B217-A649D081369B}" = rport=137 | protocol=17 | dir=out | app=system |
"{AE4DADD1-6C09-4A16-9BF9-3DD06B6C692B}" = lport=445 | protocol=6 | dir=in | app=system |
"{B087692B-AE7B-4751-B87B-D2FB226159CE}" = rport=445 | protocol=6 | dir=out | app=system |
"{B77DEC6B-F2DB-446A-9782-D19EB279E460}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C28C2A8E-256B-41BB-BF83-621EE93098EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD08AFD7-B814-45B4-B9B1-603F6F255895}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE1A38DC-AF83-4E7A-9B7A-69FA94D4764A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EDBB1566-BB70-474B-A7FD-4D5241A1FC9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1ACBFAD-C121-49D3-B49D-9EC0FF3D43A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF5D23E9-A6A8-4378-9954-DFCB052ABEFB}" = rport=50011 | protocol=6 | dir=out | name=possible trojans |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B4611D-E0DA-4E35-AD60-0ACE6EA044A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2009\fm.exe |
"{0B97087A-CA97-4611-AE12-C3DD23C0A3A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{22008E52-85C3-4595-B346-3B07C2153A7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26411495-3163-4278-B2F7-9FE9B3E5C8B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{26933825-1AC6-40ED-90BD-3646687300B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{26EB139B-B0E4-497B-8EC3-82B526C18DFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2DEA360E-836D-4422-B0B2-B74076A7365A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{37DAC7DC-8C34-4FB5-897F-D2BAF8BBD011}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3E5926C8-2DD6-422B-A107-E0F70833721A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41BD1030-1F96-4BD4-9C4C-C6FA3B909891}" = protocol=6 | dir=out | app=system |
"{451DE5B3-CB70-4251-AF0F-CF8D58723289}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{67224FDD-CFE3-4C8A-8C9D-FE3C14A9D235}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{676EC4E1-D203-400A-B3F4-57EA7FC65304}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8EC83022-D0F3-434F-BB97-61F667E157C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D67D71C-C027-4DC0-952A-797600247DB4}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9F3259AA-4054-4B75-9720-91B290263F8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2009\fm.exe |
"{A1793F55-6F59-47FA-A87F-18F494C9F76F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A636AA59-6EED-4D51-9A95-4AB22852A848}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB6371B3-9F93-4795-A0B4-B6A1354BAFBF}" = protocol=6 | dir=out | name=possible trojans2 |
"{BBE21C07-D0D1-4E30-A49B-976C75951DCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD57A485-B067-4BDE-A2B1-7E4153B44BFE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3C8EB2D-9B0D-4809-B7DE-FB03705AC330}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EB7D6236-5E6B-4DF6-B2AF-17D33732AD2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EC58B5B3-743D-42B3-824B-FBB77235FCD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEFB79D1-F5B8-4B5E-92B5-A9FC2A8F5429}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0D37C61-9563-45B5-89DD-6B0828EB2BEF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F2717BE6-E256-40DB-8C5C-68FB9A8DD845}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F39B5E8D-5895-4D8B-81EB-0A93EC85C6C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2009\fm.exe |
"{F55E114D-ABB5-4429-B41A-BE65EC69770B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6304230-FCC3-4EB4-9400-7CE53DAA3618}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FABAA155-DFA0-4C44-A10A-E1D261B8353D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2009\fm.exe |
"TCP Query User{3E37419E-0AE0-4B87-908A-50B03847312F}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{7C7F229C-AF52-4870-BAFD-BE4AA139C83B}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{8D9D09C6-E2E7-4DED-A6E0-13583A21EFF0}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{D884C6F5-EE4C-456C-ACAC-B394A4B5383F}E:\ptr\ptr-installer-en_gb.exe" = protocol=6 | dir=in | app=e:\ptr\ptr-installer-en_gb.exe |
"UDP Query User{613E4C4E-D2A6-4E80-BC65-B2161A40A16E}E:\ptr\ptr-installer-en_gb.exe" = protocol=17 | dir=in | app=e:\ptr\ptr-installer-en_gb.exe |
"UDP Query User{78D153AC-7158-451D-A440-9478188D2817}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{9F708B06-C0C2-417F-AC3B-1BC5F9E5CB80}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{DF93C0AB-959F-4574-B645-172647A87F12}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{38145F6E-041F-69AE-59B4-37CA06F33D67}" = ccc-utility64
"{3F263601-92CC-4DA5-813A-BE6A3E94F84E}" = Microsoft System CLR Types for SQL Server 2012 RC0 (x64)
"{54AC5197-9CE4-4C42-B191-16F5918479EC}" = Microsoft Web Platform Installer 4.0
"{795AE7FA-334A-3348-A358-6F56377B8639}" = Microsoft .NET Framework 4.5 Beta
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 Beta
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F95E499-93DA-41C5-8D12-6BE59C0867F6}" = Microsoft Web Deploy 3.0
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B85D868D-1415-FDA5-8DB9-D4D457080885}" = ATI Catalyst Install Manager
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{FAF57A91-58B3-490C-9D0C-66337DAD3F11}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
"CyberGhost VPN_is1" = CyberGhost VPN
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Sandboxie" = Sandboxie 3.72 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
"{42CA2096-C607-7F71-5550-F19BCD9A4100}" = Catalyst Control Center InstallProxy
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
"{615A5951-A1FA-42DD-B786-842926DDC27D}" = EPD_free-7.3-2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F187617-80E6-3D65-8FE5-85D73472EC6E}" = Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
"{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
"{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
"{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Dev-C++" = Dev-C++
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"foobar2000" = foobar2000 v1.0.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Philips Songbird" = Philips Songbird
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Revo Uninstaller" = Revo Uninstaller 1.89
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"STANDARDR" = Microsoft Office Standard 2007
"STDU Viewer_is1" = STDU Viewer version 1.5.427.0
"Steam App 10540" = Football Manager 2009
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/06/2013 13:42:41 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Computa\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 26/06/2013 16:48:36 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Computa\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 26/06/2013 17:57:50 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 26/06/2013 17:58:39 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 27/06/2013 14:50:18 | Computer Name = Computa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SetPoint.exe, version: 4.80.103.0, time
stamp: 0x4a64c062 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000532d0 Faulting
process id: 0xc18 Faulting application start time: 0x01ce713696cdc117 Faulting application
path: C:\Program Files\Logitech\SetPoint\SetPoint.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 68ecb04b-df5a-11e2-9603-485b39c96804

Error - 27/06/2013 14:51:26 | Computer Name = Computa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SetPoint.exe, version: 4.80.103.0, time
stamp: 0x4a64c062 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0150010 Fault offset: 0x000000000006f892 Faulting
process id: 0xc18 Faulting application start time: 0x01ce713696cdc117 Faulting application
path: C:\Program Files\Logitech\SetPoint\SetPoint.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 91991e71-df5a-11e2-9603-485b39c96804

Error - 28/06/2013 16:25:01 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 28/06/2013 16:25:44 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 29/06/2013 03:30:32 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 29/06/2013 05:17:53 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 21/06/2013 11:36:55 | Computer Name = Computa-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 24/06/2013 13:48:24 | Computer Name = Computa-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 24/06/2013 19:57:11 | Computer Name = Computa-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 25/06/2013 09:54:26 | Computer Name = Computa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 25/06/2013 09:54:33 | Computer Name = Computa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 25/06/2013 09:54:33 | Computer Name = Computa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 26/06/2013 13:17:03 | Computer Name = Computa-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 26/06/2013 17:58:07 | Computer Name = Computa-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 27/06/2013 14:47:59 | Computer Name = Computa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.153.667.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 28/06/2013 15:46:30 | Computer Name = Computa-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.


< End of report >
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Infection.

Unread postby Cas34 » June 29th, 2013, 12:52 pm

17:36:35.0976 5340 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:36:36.0338 5340 ============================================================
17:36:36.0338 5340 Current date / time: 2013/06/29 17:36:36.0338
17:36:36.0338 5340 SystemInfo:
17:36:36.0338 5340
17:36:36.0338 5340 OS Version: 6.1.7601 ServicePack: 1.0
17:36:36.0338 5340 Product type: Workstation
17:36:36.0338 5340 ComputerName: COMPUTA-PC
17:36:36.0339 5340 UserName: Computa
17:36:36.0339 5340 Windows directory: C:\Windows
17:36:36.0339 5340 System windows directory: C:\Windows
17:36:36.0339 5340 Running under WOW64
17:36:36.0339 5340 Processor architecture: Intel x64
17:36:36.0339 5340 Number of processors: 4
17:36:36.0339 5340 Page size: 0x1000
17:36:36.0339 5340 Boot type: Normal boot
17:36:36.0339 5340 ============================================================
17:36:37.0379 5340 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:36:37.0395 5340 Drive \Device\Harddisk1\DR1 - Size: 0x1DD2EA000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:36:37.0397 5340 ============================================================
17:36:37.0397 5340 \Device\Harddisk0\DR0:
17:36:37.0397 5340 MBR partitions:
17:36:37.0397 5340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
17:36:37.0404 5340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x4E1EDEC
17:36:37.0410 5340 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0x65CA117F
17:36:37.0410 5340 \Device\Harddisk1\DR1:
17:36:37.0411 5340 MBR partitions:
17:36:37.0411 5340 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEE9641
17:36:37.0411 5340 ============================================================
17:36:37.0440 5340 C: <-> \Device\Harddisk0\DR0\Partition1
17:36:37.0471 5340 D: <-> \Device\Harddisk0\DR0\Partition2
17:36:37.0510 5340 E: <-> \Device\Harddisk0\DR0\Partition3
17:36:37.0510 5340 ============================================================
17:36:37.0510 5340 Initialize success
17:36:37.0510 5340 ============================================================
17:36:54.0732 3268 ============================================================
17:36:54.0732 3268 Scan started
17:36:54.0732 3268 Mode: Manual;
17:36:54.0732 3268 ============================================================
17:36:55.0124 3268 ================ Scan system memory ========================
17:36:55.0124 3268 System memory - ok
17:36:55.0125 3268 ================ Scan services =============================
17:36:55.0221 3268 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:36:55.0226 3268 1394ohci - ok
17:36:55.0265 3268 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:36:55.0272 3268 ACPI - ok
17:36:55.0291 3268 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:36:55.0292 3268 AcpiPmi - ok
17:36:55.0349 3268 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
17:36:55.0353 3268 AdobeActiveFileMonitor6.0 - ok
17:36:55.0450 3268 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:36:55.0455 3268 AdobeFlashPlayerUpdateSvc - ok
17:36:55.0505 3268 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:36:55.0516 3268 adp94xx - ok
17:36:55.0546 3268 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:36:55.0553 3268 adpahci - ok
17:36:55.0573 3268 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:36:55.0577 3268 adpu320 - ok
17:36:55.0610 3268 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:36:55.0612 3268 AeLookupSvc - ok
17:36:55.0650 3268 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:36:55.0661 3268 AFD - ok
17:36:55.0684 3268 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:36:55.0686 3268 agp440 - ok
17:36:55.0707 3268 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:36:55.0710 3268 ALG - ok
17:36:55.0728 3268 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:36:55.0729 3268 aliide - ok
17:36:55.0754 3268 [ 0D3E12216D6F956F05B0B555D53D7ABB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:36:55.0757 3268 AMD External Events Utility - ok
17:36:55.0761 3268 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:36:55.0761 3268 amdide - ok
17:36:55.0775 3268 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:36:55.0776 3268 AmdK8 - ok
17:36:55.0787 3268 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:36:55.0787 3268 AmdPPM - ok
17:36:55.0802 3268 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:36:55.0804 3268 amdsata - ok
17:36:55.0822 3268 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:36:55.0824 3268 amdsbs - ok
17:36:55.0841 3268 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:36:55.0841 3268 amdxata - ok
17:36:55.0860 3268 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:36:55.0861 3268 AppID - ok
17:36:55.0870 3268 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:36:55.0871 3268 AppIDSvc - ok
17:36:55.0885 3268 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
17:36:55.0886 3268 Appinfo - ok
17:36:55.0912 3268 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:36:55.0915 3268 AppMgmt - ok
17:36:55.0920 3268 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:36:55.0921 3268 arc - ok
17:36:55.0933 3268 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:36:55.0934 3268 arcsas - ok
17:36:55.0971 3268 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
17:36:55.0972 3268 AsIO - ok
17:36:56.0079 3268 [ FA558B04F900EF9801534D20F24FF2BF ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:36:56.0081 3268 aspnet_state - ok
17:36:56.0105 3268 [ 954FFBFF05B0B60EB63B52AF561436C4 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
17:36:56.0108 3268 AsSysCtrlService - ok
17:36:56.0129 3268 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:36:56.0131 3268 AsyncMac - ok
17:36:56.0148 3268 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:36:56.0149 3268 atapi - ok
17:36:56.0180 3268 [ 506934DF94E3197F4A1BBE8FBEAB0CCD ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:36:56.0182 3268 AtiHdmiService - ok
17:36:56.0289 3268 [ 79CEB8D4F25CABE69F3762C90F5B06B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:36:56.0372 3268 atikmdag - ok
17:36:56.0421 3268 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:36:56.0435 3268 AudioEndpointBuilder - ok
17:36:56.0448 3268 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:36:56.0453 3268 AudioSrv - ok
17:36:56.0481 3268 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:36:56.0482 3268 AxInstSV - ok
17:36:56.0515 3268 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:36:56.0520 3268 b06bdrv - ok
17:36:56.0541 3268 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:36:56.0544 3268 b57nd60a - ok
17:36:56.0580 3268 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:36:56.0581 3268 BDESVC - ok
17:36:56.0594 3268 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:36:56.0595 3268 Beep - ok
17:36:56.0632 3268 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:36:56.0640 3268 BFE - ok
17:36:56.0661 3268 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:36:56.0671 3268 BITS - ok
17:36:56.0688 3268 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:36:56.0689 3268 blbdrive - ok
17:36:56.0721 3268 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:36:56.0723 3268 bowser - ok
17:36:56.0741 3268 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:36:56.0742 3268 BrFiltLo - ok
17:36:56.0761 3268 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:36:56.0762 3268 BrFiltUp - ok
17:36:56.0781 3268 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:36:56.0784 3268 BridgeMP - ok
17:36:56.0809 3268 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:36:56.0811 3268 Browser - ok
17:36:56.0828 3268 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:36:56.0832 3268 Brserid - ok
17:36:56.0836 3268 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:36:56.0838 3268 BrSerWdm - ok
17:36:56.0841 3268 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:36:56.0842 3268 BrUsbMdm - ok
17:36:56.0858 3268 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:36:56.0859 3268 BrUsbSer - ok
17:36:56.0873 3268 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:36:56.0874 3268 BTHMODEM - ok
17:36:56.0890 3268 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:36:56.0892 3268 bthserv - ok
17:36:56.0928 3268 catchme - ok
17:36:56.0946 3268 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:36:56.0949 3268 cdfs - ok
17:36:56.0977 3268 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:36:56.0979 3268 cdrom - ok
17:36:57.0003 3268 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:36:57.0005 3268 CertPropSvc - ok
17:36:57.0117 3268 [ 1EDBC1DBDEAAB7B185B4491BF6129701 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
17:36:57.0139 3268 CGVPNCliSrvc - ok
17:36:57.0145 3268 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:36:57.0146 3268 circlass - ok
17:36:57.0170 3268 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:36:57.0174 3268 CLFS - ok
17:36:57.0225 3268 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:36:57.0228 3268 clr_optimization_v2.0.50727_32 - ok
17:36:57.0259 3268 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:36:57.0261 3268 clr_optimization_v2.0.50727_64 - ok
17:36:57.0328 3268 [ F53E15A89675B7489FABE74F2091568E ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:36:57.0331 3268 clr_optimization_v4.0.30319_32 - ok
17:36:57.0355 3268 [ 101D397632B9007DF13E9A957EA68E04 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:36:57.0359 3268 clr_optimization_v4.0.30319_64 - ok
17:36:57.0396 3268 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:36:57.0396 3268 CmBatt - ok
17:36:57.0416 3268 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:36:57.0416 3268 cmdide - ok
17:36:57.0443 3268 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:36:57.0452 3268 CNG - ok
17:36:57.0462 3268 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:36:57.0464 3268 Compbatt - ok
17:36:57.0486 3268 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:36:57.0488 3268 CompositeBus - ok
17:36:57.0495 3268 COMSysApp - ok
17:36:57.0507 3268 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:36:57.0508 3268 crcdisk - ok
17:36:57.0540 3268 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:36:57.0543 3268 CryptSvc - ok
17:36:57.0563 3268 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:36:57.0570 3268 CSC - ok
17:36:57.0605 3268 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:36:57.0612 3268 CscService - ok
17:36:57.0634 3268 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:36:57.0641 3268 DcomLaunch - ok
17:36:57.0660 3268 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:36:57.0663 3268 defragsvc - ok
17:36:57.0691 3268 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:36:57.0692 3268 DfsC - ok
17:36:57.0713 3268 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:36:57.0717 3268 Dhcp - ok
17:36:57.0729 3268 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:36:57.0730 3268 discache - ok
17:36:57.0757 3268 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:36:57.0758 3268 Disk - ok
17:36:57.0780 3268 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:36:57.0782 3268 Dnscache - ok
17:36:57.0809 3268 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:36:57.0813 3268 dot3svc - ok
17:36:57.0836 3268 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:36:57.0838 3268 DPS - ok
17:36:57.0857 3268 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:36:57.0858 3268 drmkaud - ok
17:36:57.0902 3268 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
17:36:57.0904 3268 DvmMDES - ok
17:36:57.0947 3268 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:36:57.0967 3268 DXGKrnl - ok
17:36:57.0988 3268 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:36:57.0992 3268 EapHost - ok
17:36:58.0069 3268 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:36:58.0103 3268 ebdrv - ok
17:36:58.0119 3268 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:36:58.0120 3268 EFS - ok
17:36:58.0177 3268 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:36:58.0191 3268 ehRecvr - ok
17:36:58.0214 3268 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:36:58.0217 3268 ehSched - ok
17:36:58.0241 3268 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:36:58.0247 3268 elxstor - ok
17:36:58.0269 3268 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:36:58.0269 3268 ErrDev - ok
17:36:58.0300 3268 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:36:58.0305 3268 EventSystem - ok
17:36:58.0316 3268 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:36:58.0318 3268 exfat - ok
17:36:58.0335 3268 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:36:58.0338 3268 fastfat - ok
17:36:58.0381 3268 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:36:58.0389 3268 Fax - ok
17:36:58.0406 3268 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:36:58.0406 3268 fdc - ok
17:36:58.0434 3268 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:36:58.0435 3268 fdPHost - ok
17:36:58.0457 3268 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:36:58.0459 3268 FDResPub - ok
17:36:58.0472 3268 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:36:58.0474 3268 FileInfo - ok
17:36:58.0491 3268 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:36:58.0492 3268 Filetrace - ok
17:36:58.0518 3268 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:36:58.0525 3268 FLEXnet Licensing Service - ok
17:36:58.0530 3268 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:36:58.0530 3268 flpydisk - ok
17:36:58.0548 3268 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:36:58.0551 3268 FltMgr - ok
17:36:58.0577 3268 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
17:36:58.0590 3268 FontCache - ok
17:36:58.0627 3268 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:36:58.0628 3268 FontCache3.0.0.0 - ok
17:36:58.0651 3268 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:36:58.0653 3268 FsDepends - ok
17:36:58.0692 3268 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:36:58.0693 3268 Fs_Rec - ok
17:36:58.0724 3268 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:36:58.0728 3268 fvevol - ok
17:36:58.0753 3268 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:36:58.0754 3268 gagp30kx - ok
17:36:58.0768 3268 GEARAspiWDM - ok
17:36:58.0794 3268 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:36:58.0802 3268 gpsvc - ok
17:36:58.0807 3268 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:36:58.0808 3268 hcw85cir - ok
17:36:58.0849 3268 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:36:58.0853 3268 HdAudAddService - ok
17:36:58.0881 3268 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:36:58.0882 3268 HDAudBus - ok
17:36:58.0886 3268 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:36:58.0887 3268 HidBatt - ok
17:36:58.0897 3268 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:36:58.0898 3268 HidBth - ok
17:36:58.0903 3268 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:36:58.0904 3268 HidIr - ok
17:36:58.0925 3268 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:36:58.0926 3268 hidserv - ok
17:36:58.0944 3268 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:36:58.0945 3268 HidUsb - ok
17:36:58.0962 3268 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:36:58.0964 3268 hkmsvc - ok
17:36:58.0994 3268 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:36:58.0998 3268 HomeGroupListener - ok
17:36:59.0007 3268 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:36:59.0010 3268 HomeGroupProvider - ok
17:36:59.0019 3268 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:36:59.0020 3268 HpSAMD - ok
17:36:59.0048 3268 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:36:59.0056 3268 HTTP - ok
17:36:59.0071 3268 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:36:59.0071 3268 hwpolicy - ok
17:36:59.0093 3268 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:36:59.0094 3268 i8042prt - ok
17:36:59.0112 3268 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:36:59.0120 3268 iaStorV - ok
17:36:59.0163 3268 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:36:59.0180 3268 idsvc - ok
17:36:59.0191 3268 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:36:59.0193 3268 iirsp - ok
17:36:59.0221 3268 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:36:59.0231 3268 IKEEXT - ok
17:36:59.0247 3268 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:36:59.0248 3268 intelide - ok
17:36:59.0272 3268 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:36:59.0274 3268 intelppm - ok
17:36:59.0290 3268 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:36:59.0292 3268 IPBusEnum - ok
17:36:59.0309 3268 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:36:59.0310 3268 IpFilterDriver - ok
17:36:59.0328 3268 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:36:59.0335 3268 iphlpsvc - ok
17:36:59.0345 3268 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:36:59.0346 3268 IPMIDRV - ok
17:36:59.0358 3268 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:36:59.0360 3268 IPNAT - ok
17:36:59.0364 3268 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:36:59.0365 3268 IRENUM - ok
17:36:59.0375 3268 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:36:59.0376 3268 isapnp - ok
17:36:59.0390 3268 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:36:59.0394 3268 iScsiPrt - ok
17:36:59.0411 3268 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:36:59.0412 3268 kbdclass - ok
17:36:59.0424 3268 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:36:59.0424 3268 kbdhid - ok
17:36:59.0435 3268 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:36:59.0437 3268 KeyIso - ok
17:36:59.0454 3268 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:36:59.0455 3268 KSecDD - ok
17:36:59.0469 3268 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:36:59.0471 3268 KSecPkg - ok
17:36:59.0484 3268 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:36:59.0484 3268 ksthunk - ok
17:36:59.0508 3268 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:36:59.0513 3268 KtmRm - ok
17:36:59.0543 3268 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:36:59.0547 3268 LanmanServer - ok
17:36:59.0564 3268 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:36:59.0567 3268 LanmanWorkstation - ok
17:36:59.0627 3268 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
17:36:59.0631 3268 LBTServ - ok
17:36:59.0686 3268 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:36:59.0688 3268 LHidFilt - ok
17:36:59.0714 3268 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:36:59.0716 3268 lltdio - ok
17:36:59.0747 3268 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:36:59.0756 3268 lltdsvc - ok
17:36:59.0769 3268 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:36:59.0771 3268 lmhosts - ok
17:36:59.0781 3268 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:36:59.0782 3268 LMouFilt - ok
17:36:59.0799 3268 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:36:59.0800 3268 LSI_FC - ok
17:36:59.0807 3268 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:36:59.0809 3268 LSI_SAS - ok
17:36:59.0820 3268 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:36:59.0821 3268 LSI_SAS2 - ok
17:36:59.0833 3268 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:36:59.0834 3268 LSI_SCSI - ok
17:36:59.0851 3268 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:36:59.0852 3268 luafv - ok
17:36:59.0873 3268 [ 9D9714E78EAC9E5368208649489C920E ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
17:36:59.0874 3268 LUsbFilt - ok
17:36:59.0895 3268 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:36:59.0897 3268 Mcx2Svc - ok
17:36:59.0905 3268 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:36:59.0906 3268 megasas - ok
17:36:59.0917 3268 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:36:59.0920 3268 MegaSR - ok
17:36:59.0938 3268 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:36:59.0940 3268 MMCSS - ok
17:36:59.0944 3268 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:36:59.0945 3268 Modem - ok
17:36:59.0964 3268 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:36:59.0964 3268 monitor - ok
17:36:59.0972 3268 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:36:59.0973 3268 mouclass - ok
17:36:59.0989 3268 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:36:59.0990 3268 mouhid - ok
17:37:00.0010 3268 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:37:00.0011 3268 mountmgr - ok
17:37:00.0047 3268 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:37:00.0049 3268 MozillaMaintenance - ok
17:37:00.0100 3268 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:37:00.0105 3268 MpFilter - ok
17:37:00.0124 3268 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:37:00.0128 3268 mpio - ok
17:37:00.0144 3268 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:37:00.0147 3268 mpsdrv - ok
17:37:00.0177 3268 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:37:00.0186 3268 MpsSvc - ok
17:37:00.0203 3268 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:37:00.0205 3268 MRxDAV - ok
17:37:00.0226 3268 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:37:00.0228 3268 mrxsmb - ok
17:37:00.0250 3268 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:37:00.0254 3268 mrxsmb10 - ok
17:37:00.0264 3268 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:37:00.0266 3268 mrxsmb20 - ok
17:37:00.0291 3268 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:37:00.0291 3268 msahci - ok
17:37:00.0317 3268 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:37:00.0319 3268 msdsm - ok
17:37:00.0333 3268 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:37:00.0336 3268 MSDTC - ok
17:37:00.0360 3268 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:37:00.0361 3268 Msfs - ok
17:37:00.0378 3268 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:37:00.0379 3268 mshidkmdf - ok
17:37:00.0400 3268 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:37:00.0400 3268 msisadrv - ok
17:37:00.0441 3268 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:37:00.0446 3268 MSiSCSI - ok
17:37:00.0456 3268 msiserver - ok
17:37:00.0472 3268 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:37:00.0473 3268 MSKSSRV - ok
17:37:00.0525 3268 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:37:00.0526 3268 MsMpSvc - ok
17:37:00.0539 3268 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:37:00.0540 3268 MSPCLOCK - ok
17:37:00.0557 3268 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:37:00.0558 3268 MSPQM - ok
17:37:00.0586 3268 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:37:00.0590 3268 MsRPC - ok
17:37:00.0596 3268 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:37:00.0597 3268 mssmbios - ok
17:37:00.0607 3268 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:37:00.0608 3268 MSTEE - ok
17:37:00.0611 3268 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:37:00.0612 3268 MTConfig - ok
17:37:00.0649 3268 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:37:00.0649 3268 MTsensor - ok
17:37:00.0671 3268 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:37:00.0672 3268 Mup - ok
17:37:00.0695 3268 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:37:00.0701 3268 napagent - ok
17:37:00.0719 3268 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:37:00.0723 3268 NativeWifiP - ok
17:37:00.0755 3268 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:37:00.0765 3268 NDIS - ok
17:37:00.0785 3268 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:37:00.0786 3268 NdisCap - ok
17:37:00.0804 3268 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:37:00.0805 3268 NdisTapi - ok
17:37:00.0828 3268 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:37:00.0830 3268 Ndisuio - ok
17:37:00.0857 3268 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:37:00.0861 3268 NdisWan - ok
17:37:00.0891 3268 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:37:00.0892 3268 NDProxy - ok
17:37:00.0905 3268 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:37:00.0905 3268 NetBIOS - ok
17:37:00.0916 3268 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:37:00.0919 3268 NetBT - ok
17:37:00.0926 3268 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:37:00.0927 3268 Netlogon - ok
17:37:00.0953 3268 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:37:00.0958 3268 Netman - ok
17:37:00.0990 3268 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:37:00.0992 3268 NetMsmqActivator - ok
17:37:00.0996 3268 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:37:00.0997 3268 NetPipeActivator - ok
17:37:01.0013 3268 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:37:01.0019 3268 netprofm - ok
17:37:01.0024 3268 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:37:01.0025 3268 NetTcpActivator - ok
17:37:01.0029 3268 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:37:01.0030 3268 NetTcpPortSharing - ok
17:37:01.0055 3268 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:37:01.0056 3268 nfrd960 - ok
17:37:01.0090 3268 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:37:01.0093 3268 NisDrv - ok
17:37:01.0124 3268 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
17:37:01.0133 3268 NisSrv - ok
17:37:01.0168 3268 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:37:01.0177 3268 NlaSvc - ok
17:37:01.0196 3268 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:37:01.0198 3268 Npfs - ok
17:37:01.0224 3268 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:37:01.0226 3268 nsi - ok
17:37:01.0233 3268 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:37:01.0234 3268 nsiproxy - ok
17:37:01.0295 3268 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:37:01.0315 3268 Ntfs - ok
17:37:01.0329 3268 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:37:01.0330 3268 Null - ok
17:37:01.0355 3268 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:37:01.0357 3268 nvraid - ok
17:37:01.0372 3268 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:37:01.0375 3268 nvstor - ok
17:37:01.0391 3268 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:37:01.0393 3268 nv_agp - ok
17:37:01.0445 3268 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:37:01.0455 3268 odserv - ok
17:37:01.0475 3268 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:37:01.0478 3268 ohci1394 - ok
17:37:01.0513 3268 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:37:01.0514 3268 ose - ok
17:37:01.0538 3268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:37:01.0542 3268 p2pimsvc - ok
17:37:01.0569 3268 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:37:01.0575 3268 p2psvc - ok
17:37:01.0586 3268 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:37:01.0587 3268 Parport - ok
17:37:01.0603 3268 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:37:01.0604 3268 partmgr - ok
17:37:01.0614 3268 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:37:01.0617 3268 PcaSvc - ok
17:37:01.0626 3268 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:37:01.0628 3268 pci - ok
17:37:01.0640 3268 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:37:01.0641 3268 pciide - ok
17:37:01.0669 3268 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:37:01.0672 3268 pcmcia - ok
17:37:01.0683 3268 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:37:01.0684 3268 pcw - ok
17:37:01.0706 3268 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:37:01.0713 3268 PEAUTH - ok
17:37:01.0751 3268 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:37:01.0766 3268 PeerDistSvc - ok
17:37:01.0814 3268 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:37:01.0815 3268 PerfHost - ok
17:37:01.0860 3268 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:37:01.0877 3268 pla - ok
17:37:01.0914 3268 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:37:01.0919 3268 PlugPlay - ok
17:37:01.0943 3268 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:37:01.0945 3268 PNRPAutoReg - ok
17:37:01.0952 3268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:37:01.0955 3268 PNRPsvc - ok
17:37:01.0964 3268 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:37:01.0970 3268 PolicyAgent - ok
17:37:01.0996 3268 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:37:01.0999 3268 Power - ok
17:37:02.0025 3268 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:37:02.0026 3268 PptpMiniport - ok
17:37:02.0039 3268 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:37:02.0040 3268 Processor - ok
17:37:02.0059 3268 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
17:37:02.0063 3268 ProfSvc - ok
17:37:02.0067 3268 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:37:02.0068 3268 ProtectedStorage - ok
17:37:02.0098 3268 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:37:02.0099 3268 Psched - ok
17:37:02.0138 3268 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
17:37:02.0138 3268 PSI - ok
17:37:02.0169 3268 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:37:02.0170 3268 PxHlpa64 - ok
17:37:02.0221 3268 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:37:02.0253 3268 ql2300 - ok
17:37:02.0269 3268 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:37:02.0271 3268 ql40xx - ok
17:37:02.0289 3268 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:37:02.0293 3268 QWAVE - ok
17:37:02.0302 3268 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:37:02.0303 3268 QWAVEdrv - ok
17:37:02.0317 3268 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:37:02.0317 3268 RasAcd - ok
17:37:02.0336 3268 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:37:02.0337 3268 RasAgileVpn - ok
17:37:02.0350 3268 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:37:02.0352 3268 RasAuto - ok
17:37:02.0364 3268 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:37:02.0366 3268 Rasl2tp - ok
17:37:02.0399 3268 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:37:02.0404 3268 RasMan - ok
17:37:02.0422 3268 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:37:02.0423 3268 RasPppoe - ok
17:37:02.0435 3268 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:37:02.0437 3268 RasSstp - ok
17:37:02.0461 3268 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:37:02.0464 3268 rdbss - ok
17:37:02.0471 3268 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:37:02.0472 3268 rdpbus - ok
17:37:02.0480 3268 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:37:02.0481 3268 RDPCDD - ok
17:37:02.0509 3268 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:37:02.0511 3268 RDPDR - ok
17:37:02.0545 3268 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:37:02.0546 3268 RDPENCDD - ok
17:37:02.0551 3268 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:37:02.0552 3268 RDPREFMP - ok
17:37:02.0580 3268 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:37:02.0582 3268 RDPWD - ok
17:37:02.0608 3268 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:37:02.0610 3268 rdyboost - ok
17:37:02.0631 3268 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:37:02.0633 3268 RemoteAccess - ok
17:37:02.0644 3268 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:37:02.0647 3268 RemoteRegistry - ok
17:37:02.0673 3268 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:37:02.0675 3268 RpcEptMapper - ok
17:37:02.0678 3268 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:37:02.0680 3268 RpcLocator - ok
17:37:02.0709 3268 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
17:37:02.0713 3268 RpcSs - ok
17:37:02.0728 3268 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:37:02.0729 3268 rspndr - ok
17:37:02.0753 3268 [ 8DE1701AFCC1855C6A9DF28A25A0EF3E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:37:02.0757 3268 RTL8167 - ok
17:37:02.0777 3268 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:37:02.0777 3268 s3cap - ok
17:37:02.0781 3268 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:37:02.0782 3268 SamSs - ok
17:37:02.0856 3268 [ 495588414F5C62C333F1A69E17E5FB9F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
17:37:02.0860 3268 SbieDrv - ok
17:37:02.0889 3268 [ 099007B7A80E1917FFA110CE7785A3C9 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
17:37:02.0892 3268 SbieSvc - ok
17:37:02.0909 3268 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:37:02.0912 3268 sbp2port - ok
17:37:02.0949 3268 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:37:02.0962 3268 SBSDWSCService - ok
17:37:02.0975 3268 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:37:02.0978 3268 SCardSvr - ok
17:37:03.0000 3268 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:37:03.0001 3268 scfilter - ok
17:37:03.0027 3268 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:37:03.0041 3268 Schedule - ok
17:37:03.0064 3268 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:37:03.0065 3268 SCPolicySvc - ok
17:37:03.0076 3268 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:37:03.0079 3268 SDRSVC - ok
17:37:03.0092 3268 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:37:03.0093 3268 secdrv - ok
17:37:03.0118 3268 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:37:03.0120 3268 seclogon - ok
17:37:03.0188 3268 [ F70A51EB03EE7046784EF62EFCE9528E ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
17:37:03.0203 3268 Secunia PSI Agent - ok
17:37:03.0225 3268 [ AD56CEB08EEB517332355FDE9E5939C8 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
17:37:03.0231 3268 Secunia Update Agent - ok
17:37:03.0246 3268 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:37:03.0248 3268 SENS - ok
17:37:03.0261 3268 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:37:03.0263 3268 SensrSvc - ok
17:37:03.0280 3268 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:37:03.0281 3268 Serenum - ok
17:37:03.0305 3268 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:37:03.0306 3268 Serial - ok
17:37:03.0326 3268 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:37:03.0327 3268 sermouse - ok
17:37:03.0356 3268 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:37:03.0359 3268 SessionEnv - ok
17:37:03.0369 3268 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:37:03.0369 3268 sffdisk - ok
17:37:03.0376 3268 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:37:03.0377 3268 sffp_mmc - ok
17:37:03.0387 3268 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:37:03.0388 3268 sffp_sd - ok
17:37:03.0401 3268 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:37:03.0402 3268 sfloppy - ok
17:37:03.0433 3268 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:37:03.0442 3268 SharedAccess - ok
17:37:03.0476 3268 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:37:03.0487 3268 ShellHWDetection - ok
17:37:03.0518 3268 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:37:03.0520 3268 SiSRaid2 - ok
17:37:03.0539 3268 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:37:03.0542 3268 SiSRaid4 - ok
17:37:03.0561 3268 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:37:03.0563 3268 Smb - ok
17:37:03.0597 3268 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:37:03.0599 3268 SNMPTRAP - ok
17:37:03.0606 3268 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:37:03.0606 3268 spldr - ok
17:37:03.0627 3268 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
17:37:03.0634 3268 Spooler - ok
17:37:03.0704 3268 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:37:03.0744 3268 sppsvc - ok
17:37:03.0760 3268 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:37:03.0762 3268 sppuinotify - ok
17:37:03.0795 3268 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:37:03.0805 3268 srv - ok
17:37:03.0826 3268 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:37:03.0830 3268 srv2 - ok
17:37:03.0847 3268 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:37:03.0849 3268 srvnet - ok
17:37:03.0887 3268 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:37:03.0895 3268 SSDPSRV - ok
17:37:03.0910 3268 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:37:03.0916 3268 SstpSvc - ok
17:37:03.0938 3268 Steam Client Service - ok
17:37:03.0951 3268 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:37:03.0952 3268 stexstor - ok
17:37:03.0987 3268 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:37:03.0995 3268 stisvc - ok
17:37:04.0028 3268 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:37:04.0029 3268 storflt - ok
17:37:04.0052 3268 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
17:37:04.0057 3268 StorSvc - ok
17:37:04.0081 3268 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:37:04.0082 3268 storvsc - ok
17:37:04.0091 3268 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:37:04.0093 3268 swenum - ok
17:37:04.0120 3268 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:37:04.0134 3268 swprv - ok
17:37:04.0202 3268 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:37:04.0226 3268 SysMain - ok
17:37:04.0242 3268 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:37:04.0244 3268 TabletInputService - ok
17:37:04.0277 3268 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
17:37:04.0278 3268 tap0901 - ok
17:37:04.0289 3268 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:37:04.0294 3268 TapiSrv - ok
17:37:04.0314 3268 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:37:04.0317 3268 TBS - ok
17:37:04.0362 3268 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:37:04.0382 3268 Tcpip - ok
17:37:04.0419 3268 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:37:04.0430 3268 TCPIP6 - ok
17:37:04.0453 3268 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:37:04.0454 3268 tcpipreg - ok
17:37:04.0466 3268 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:37:04.0467 3268 TDPIPE - ok
17:37:04.0489 3268 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:37:04.0490 3268 TDTCP - ok
17:37:04.0508 3268 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:37:04.0510 3268 tdx - ok
17:37:04.0522 3268 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:37:04.0523 3268 TermDD - ok
17:37:04.0548 3268 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:37:04.0557 3268 TermService - ok
17:37:04.0567 3268 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:37:04.0569 3268 Themes - ok
17:37:04.0591 3268 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:37:04.0593 3268 THREADORDER - ok
17:37:04.0605 3268 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:37:04.0608 3268 TrkWks - ok
17:37:04.0639 3268 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:37:04.0644 3268 TrustedInstaller - ok
17:37:04.0677 3268 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:37:04.0679 3268 tssecsrv - ok
17:37:04.0700 3268 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:37:04.0702 3268 TsUsbFlt - ok
17:37:04.0741 3268 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:37:04.0743 3268 tunnel - ok
17:37:04.0767 3268 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:37:04.0768 3268 uagp35 - ok
17:37:04.0786 3268 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:37:04.0790 3268 udfs - ok
17:37:04.0819 3268 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:37:04.0822 3268 UI0Detect - ok
17:37:04.0831 3268 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:37:04.0832 3268 uliagpkx - ok
17:37:04.0857 3268 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:37:04.0858 3268 umbus - ok
17:37:04.0867 3268 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:37:04.0868 3268 UmPass - ok
17:37:04.0878 3268 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:37:04.0882 3268 UmRdpService - ok
17:37:04.0894 3268 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:37:04.0900 3268 upnphost - ok
17:37:04.0912 3268 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:37:04.0913 3268 usbccgp - ok
17:37:04.0932 3268 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:37:04.0934 3268 usbcir - ok
17:37:04.0946 3268 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:37:04.0947 3268 usbehci - ok
17:37:04.0964 3268 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:37:04.0968 3268 usbhub - ok
17:37:04.0978 3268 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:37:04.0979 3268 usbohci - ok
17:37:04.0990 3268 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:37:04.0991 3268 usbprint - ok
17:37:05.0001 3268 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:37:05.0003 3268 USBSTOR - ok
17:37:05.0007 3268 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:37:05.0008 3268 usbuhci - ok
17:37:05.0034 3268 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:37:05.0036 3268 UxSms - ok
17:37:05.0049 3268 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:37:05.0050 3268 VaultSvc - ok
17:37:05.0053 3268 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:37:05.0054 3268 vdrvroot - ok
17:37:05.0079 3268 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:37:05.0086 3268 vds - ok
17:37:05.0099 3268 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:37:05.0100 3268 vga - ok
17:37:05.0113 3268 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:37:05.0114 3268 VgaSave - ok
17:37:05.0128 3268 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:37:05.0131 3268 vhdmp - ok
17:37:05.0178 3268 [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
17:37:05.0192 3268 VIAHdAudAddService - ok
17:37:05.0208 3268 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:37:05.0208 3268 viaide - ok
17:37:05.0230 3268 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:37:05.0234 3268 vmbus - ok
17:37:05.0254 3268 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:37:05.0256 3268 VMBusHID - ok
17:37:05.0268 3268 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:37:05.0269 3268 volmgr - ok
17:37:05.0299 3268 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:37:05.0303 3268 volmgrx - ok
17:37:05.0316 3268 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:37:05.0319 3268 volsnap - ok
17:37:05.0349 3268 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:37:05.0351 3268 vsmraid - ok
17:37:05.0411 3268 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:37:05.0430 3268 VSS - ok
17:37:05.0445 3268 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:37:05.0445 3268 vwifibus - ok
17:37:05.0465 3268 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:37:05.0471 3268 W32Time - ok
17:37:05.0487 3268 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:37:05.0488 3268 WacomPen - ok
17:37:05.0510 3268 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:37:05.0511 3268 WANARP - ok
17:37:05.0521 3268 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:37:05.0522 3268 Wanarpv6 - ok
17:37:05.0577 3268 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:37:05.0596 3268 WatAdminSvc - ok
17:37:05.0636 3268 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:37:05.0653 3268 wbengine - ok
17:37:05.0681 3268 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:37:05.0685 3268 WbioSrvc - ok
17:37:05.0697 3268 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:37:05.0703 3268 wcncsvc - ok
17:37:05.0711 3268 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:37:05.0713 3268 WcsPlugInService - ok
17:37:05.0733 3268 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:37:05.0734 3268 Wd - ok
17:37:05.0755 3268 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:37:05.0762 3268 Wdf01000 - ok
17:37:05.0773 3268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:37:05.0776 3268 WdiServiceHost - ok
17:37:05.0779 3268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:37:05.0781 3268 WdiSystemHost - ok
17:37:05.0804 3268 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:37:05.0808 3268 WebClient - ok
17:37:05.0817 3268 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:37:05.0821 3268 Wecsvc - ok
17:37:05.0825 3268 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:37:05.0828 3268 wercplsupport - ok
17:37:05.0844 3268 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:37:05.0846 3268 WerSvc - ok
17:37:05.0856 3268 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:37:05.0857 3268 WfpLwf - ok
17:37:05.0860 3268 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:37:05.0861 3268 WIMMount - ok
17:37:05.0873 3268 WinDefend - ok
17:37:05.0879 3268 WinHttpAutoProxySvc - ok
17:37:05.0933 3268 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:37:05.0939 3268 Winmgmt - ok
17:37:05.0999 3268 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:37:06.0043 3268 WinRM - ok
17:37:06.0082 3268 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:37:06.0093 3268 Wlansvc - ok
17:37:06.0207 3268 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:37:06.0235 3268 wlidsvc - ok
17:37:06.0260 3268 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:37:06.0261 3268 WmiAcpi - ok
17:37:06.0275 3268 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:37:06.0278 3268 wmiApSrv - ok
17:37:06.0287 3268 WMPNetworkSvc - ok
17:37:06.0301 3268 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:37:06.0303 3268 WPCSvc - ok
17:37:06.0326 3268 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:37:06.0329 3268 WPDBusEnum - ok
17:37:06.0340 3268 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:37:06.0341 3268 ws2ifsl - ok
17:37:06.0345 3268 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:37:06.0348 3268 wscsvc - ok
17:37:06.0352 3268 WSearch - ok
17:37:06.0401 3268 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:37:06.0424 3268 wuauserv - ok
17:37:06.0443 3268 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:37:06.0444 3268 WudfPf - ok
17:37:06.0468 3268 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:37:06.0472 3268 WUDFRd - ok
17:37:06.0489 3268 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:37:06.0495 3268 wudfsvc - ok
17:37:06.0514 3268 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:37:06.0522 3268 WwanSvc - ok
17:37:06.0534 3268 ================ Scan global ===============================
17:37:06.0555 3268 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:37:06.0575 3268 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:37:06.0583 3268 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:37:06.0603 3268 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:37:06.0635 3268 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:37:06.0640 3268 [Global] - ok
17:37:06.0640 3268 ================ Scan MBR ==================================
17:37:06.0647 3268 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:37:06.0786 3268 \Device\Harddisk0\DR0 - ok
17:37:06.0791 3268 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
17:37:06.0810 3268 \Device\Harddisk1\DR1 - ok
17:37:06.0810 3268 ================ Scan VBR ==================================
17:37:06.0812 3268 [ 8652AC0D9E5C7529BC4FBCD7D0F5888A ] \Device\Harddisk0\DR0\Partition1
17:37:06.0813 3268 \Device\Harddisk0\DR0\Partition1 - ok
17:37:06.0829 3268 [ E32C2652F0793175E9A8EF3F85D94E62 ] \Device\Harddisk0\DR0\Partition2
17:37:06.0830 3268 \Device\Harddisk0\DR0\Partition2 - ok
17:37:06.0844 3268 [ 8837F4B6DBA37A697ED921B3121F7504 ] \Device\Harddisk0\DR0\Partition3
17:37:06.0845 3268 \Device\Harddisk0\DR0\Partition3 - ok
17:37:06.0849 3268 [ E4C0390EF1889B28F831D7E88BF7058C ] \Device\Harddisk1\DR1\Partition1
17:37:06.0850 3268 \Device\Harddisk1\DR1\Partition1 - ok
17:37:06.0850 3268 ============================================================
17:37:06.0850 3268 Scan finished
17:37:06.0850 3268 ============================================================
17:37:06.0858 5884 Detected object count: 0
17:37:06.0858 5884 Actual detected object count: 0
17:38:53.0094 5812 Deinitialize success
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Infection.

Unread postby nunped » June 30th, 2013, 10:52 am

Hi Cas34,

ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then right click on it and select "run as administrator" to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  • Click the [Run ESET Online Scanner] button.
  • Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  • Click the green [Start] button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  • Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  • When the scan completes, press the text: Image
  • Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  • Press the [Back] button, then press the [Finish] button.
  • Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Infection.

Unread postby Cas34 » July 1st, 2013, 5:36 pm

C:\$RECYCLE.BIN\S-1-5-21-3986575112-1917475841-2936605180-1000\$R5427WO.exe a variant of Win32/InstallCore.D application
C:\$RECYCLE.BIN\S-1-5-21-3986575112-1917475841-2936605180-1000\$R691FFM.exe Win32/OpenCandy application
C:\$RECYCLE.BIN\S-1-5-21-3986575112-1917475841-2936605180-1000\$RVZ3OJD.exe a variant of Win32/InstallCore.D application


***sorry the response took so long but was away from home there.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Infection.

Unread postby nunped » July 2nd, 2013, 12:33 pm

Hi Cas34,

Step 1
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Processes
TeaTimer.exe

:commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {C2B811B5-E60F-4DC1-9576-EDFA385F5459}

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2
How is your computer behaving?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Infection.

Unread postby Cas34 » July 2nd, 2013, 3:15 pm

All processes killed
========== PROCESSES ==========
No active process named TeaTimer.exe was found!
No active process named :commands was found!
No active process named [createrestorepoint] was found!
No active process named :OTL was found!
No active process named SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} was found!
No active process named SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} was found!
No active process named SearchScopes,DefaultScope = {C2B811B5-E60F-4DC1-9576-EDFA385F5459} was found!
No active process named :commands was found!
No active process named [emptytemp] was found!

OTL by OldTimer - Version 3.2.69.0 log created on 07022013_200637

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

In answer to question 2, I am still getting a larger number of files deleted when I delete my Sandbox and my browser often crashes when I go into my hotmail.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Infection.

Unread postby nunped » July 3rd, 2013, 11:48 am

Hi Cas34,

The fix didn't work.
Try again with a slight cange and tell me if it helps:

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the words Code: Select all
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes,DefaultScope = {C2B811B5-E60F-4DC1-9576-EDFA385F5459}
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Infection.

Unread postby Cas34 » July 3rd, 2013, 3:03 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Computa\Desktop\cmd.bat deleted successfully.
C:\Users\Computa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Computa
->Temp folder emptied: 14303279 bytes
->Temporary Internet Files folder emptied: 12432859 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70295404 bytes
->Flash cache emptied: 602 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 203169 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7363083 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66784 bytes
RecycleBin emptied: 7839473296 bytes

Total Files Cleaned = 7,576.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07032013_195017

Files\Folders moved on Reboot...
C:\Users\Computa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\MpCmdRun.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Infection.

Unread postby nunped » July 4th, 2013, 4:51 am

Hi Cas34,

Your computer appears to be free from malware.
Do you still have the same issues?
Which browser do you use to access hotmail?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Infection.

Unread postby Cas34 » July 4th, 2013, 2:38 pm

Hi Nunped,

First of all I would like to thank you for taking time to help me. I just tried my hotmail there and it did not crash my browser. In answer to your other question, I am using Firefox but once I am done here I will be switching to Chrome as I did not want to install anything while you were helping me. Out of interest, did you find any malware on my PC?
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Infection.

Unread postby nunped » July 5th, 2013, 8:23 am

Hi Cas34,

First of all I would like to thank you for taking time to help me

No problem. You're very welcome.

did you find any malware on my PC?

No, not really. We just cleaned some unnecessary stuff. The good news is your logs appear to be clean.

OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 309 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware