Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC cannot connect to the network anymore [Solved]


  • This topic is locked This topic is locked

#1
Paul432220

Paul432220

    Member

  • Member
  • PipPip
  • 62 posts
My PC (Win 7 Pro 32 bit) cannot connect to the internet since a couple of days, here's what i already tried up to now:
- new network cable
- used the same router port with another PC to be sure it works
- full Norton AV scan (nothing found)
- full MalwareBytes scan (nothing found)
- ran TDSSKiller (nothing found)
- ran Combofix (nothing found)
- ran Esets Service repair (issue still the same)
- booted in save mode with networking, but no internet access
- rolled back to last good configuration but no internet access
- copied following files from a different W7 Pro PC (renamed the original ones to "OLD") but issue remains
netbt.sys
dhcpcore6.dll
dhcpcore.dll
dhcpsvc.dll
dhcpsvc6.dll
dhcpsapi.dll

- I am seeing a message in the Windows event log that the Ancillary Function Driver for Winsock cannot be started...
- Am seeing in the registry LocalMAchines\System\CurrentControlset\Services\NetBT\Enum following parameter "Initstartfailed" 00000001

DHCP is not working, so i believe there is something wrong with DHCP, AFD and NteBT but i cannot get it clarified what this might be.
Posted this into the networking forum, and was asked to run the OTL tool, of which i will paste the logs below:

OTL.txt
========
OTL logfile created on: 3/30/2013 10:44:47 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 66.72% Memory free
5.86 Gb Paging File | 4.83 Gb Available in Paging File | 82.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.95 Gb Total Space | 69.15 Gb Free Space | 51.62% Space Free | Partition Type: NTFS
Drive D: | 134.04 Gb Total Space | 131.72 Gb Free Space | 98.27% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 0.52 Gb Free Space | 27.86% Space Free | Partition Type: FAT32

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/30 09:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2013/03/19 17:23:09 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/03/14 16:54:10 | 001,103,768 | ---- | M] (Spotify Ltd) -- C:\Users\Computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/01/04 03:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/04/11 22:51:00 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/07/29 21:05:42 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/05/23 12:36:30 | 002,068,480 | ---- | M] (Belgian Government) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
PRC - [2011/03/25 21:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/08 16:46:58 | 001,115,568 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/14 14:52:30 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTIONX86\USBS3S4Detection.exe
PRC - [2009/12/09 09:50:00 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 09:49:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/11/17 15:18:10 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/10/02 22:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 22:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/05/12 19:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
PRC - [2009/05/12 19:05:32 | 000,376,832 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe
PRC - [2009/02/18 01:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/21 13:45:02 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/03/21 13:44:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/03/21 13:44:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/03/21 13:44:07 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll
MOD - [2013/03/21 13:44:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/03/21 13:43:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/03/21 13:43:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/03/21 13:43:52 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/03/21 13:43:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/22 14:53:41 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/11/17 15:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/08/14 15:05:40 | 000,135,168 | ---- | M] () -- C:\Program Files\Belgium Identity Card\imageformats\qjpeg4.dll
MOD - [2009/08/14 14:53:52 | 007,495,680 | ---- | M] () -- C:\Program Files\Belgium Identity Card\QtGui4.dll
MOD - [2009/08/14 14:32:24 | 001,961,984 | ---- | M] () -- C:\Program Files\Belgium Identity Card\QtCore4.dll


========== Services (SafeList) ==========

SRV - [2013/03/12 12:01:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)
SRV - [2012/04/11 22:51:00 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011/05/06 10:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/25 21:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/07 03:02:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTIONX86\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/12/09 09:50:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 09:49:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/02 22:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/12 19:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/18 01:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - [2013/01/24 22:24:46 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130320.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/24 22:24:46 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/01/24 22:24:46 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130320.017\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/24 22:03:12 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/01/23 16:37:50 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130320.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/01/16 03:22:36 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ccsetx86.sys -- (ccSet_NAV)
DRV - [2012/05/22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symefa.sys -- (SymEFA)
DRV - [2012/04/18 03:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symnets.sys -- (SymNetS)
DRV - [2012/04/18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ironx86.sys -- (SymIRON)
DRV - [2011/08/15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symds.sys -- (SymDS)
DRV - [2010/02/02 23:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/12/31 10:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/09/23 10:09:56 | 000,208,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/09/23 02:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/23 02:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/23 02:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/25 09:32:08 | 000,078,848 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2009/06/25 09:32:00 | 000,055,424 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxpserx.sys -- (SNXPSERX)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/05/04 05:48:00 | 000,090,229 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1130Vid.sys -- (P1130VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\URLSearchHook: {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{A248FA21-D74B-4958-A64C-9300C9B3C717}: "URL" = http://websearch.ask...13-96515C78CA53
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=NUYmvtL5QW
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected] [2011/06/03 10:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/02/10 09:17:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2013/01/24 22:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/03/12 12:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/03/12 12:01:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/02/11 23:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2011/02/11 23:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/03 10:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/03 10:14:35 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.be/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Docs = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: PicMonkey Extension = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl\1.4_0\
CHR - Extension: SiteAdvisor = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Lightshot (screenshot tool) = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\3.0.9_0\
CHR - Extension: Gmail = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IncrediMail MediaBar Nederlands 2 Toolbar) - {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Nederlands 2 Toolbar) - {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [EmbassySecurityCheck] ";C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\Computer\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Computer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.co...gamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.4 195.130.130.132
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7f8d31cd-37f9-11e2-b96a-1078d2a4e77f}\Shell - "" = AutoRun
O33 - MountPoints2\{7f8d31cd-37f9-11e2-b96a-1078d2a4e77f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f603ae41-361b-11e0-ba95-1078d2a4e77f}\Shell - "" = AutoRun
O33 - MountPoints2\{f603ae41-361b-11e0-ba95-1078d2a4e77f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - msh263.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/30 10:36:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/29 19:21:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/03/29 18:49:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/29 18:43:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/29 18:41:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/29 18:41:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/29 18:41:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/29 18:40:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/03/29 18:40:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/29 18:40:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/29 18:34:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/03/29 14:50:47 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2013/03/29 14:50:47 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll
[2013/03/29 14:50:47 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013/03/29 14:02:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Old
[2013/03/28 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Malwarebytes
[2013/03/28 21:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/21 03:01:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013/03/21 03:00:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013/03/20 20:43:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/14 03:01:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/14 03:01:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/14 03:01:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/14 03:01:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/14 03:01:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/14 03:01:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/14 03:01:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/14 03:01:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/12 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/03/11 13:01:31 | 000,000,000 | ---D | C] -- C:\Users\Computer\Documents\My Weblog Posts
[2013/03/11 13:01:30 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Windows Live Writer
[2013/03/11 13:01:30 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Windows Live Writer
[2013/03/06 18:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/06 18:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/03/06 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Google
[2013/03/06 17:59:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Deployment
[2013/03/06 17:59:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2013/03/30 10:47:04 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/30 10:47:04 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/30 10:44:00 | 000,744,860 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013/03/30 10:44:00 | 000,652,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/30 10:44:00 | 000,152,844 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013/03/30 10:44:00 | 000,121,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/30 10:39:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/30 10:39:33 | 2358,566,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/30 10:24:27 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/03/29 19:21:46 | 160,508,442 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/29 18:35:07 | 000,000,000 | ---- | M] () -- C:\Users\Computer\AppData\Local\WavXMapDrive.bat
[2013/03/21 13:34:14 | 000,354,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/03/21 13:25:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2013/03/21 03:05:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 18:05:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 17:29:29 | 000,000,390 | ---- | M] () -- C:\Users\Computer\Desktop\HTC.website
[2013/03/14 17:06:32 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/14 16:54:00 | 000,002,229 | ---- | M] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/12 12:11:07 | 000,002,060 | ---- | M] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

========== Files Created - No Company Name ==========

[2013/03/29 19:21:46 | 160,508,442 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/29 18:41:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/29 18:41:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/29 18:41:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/29 18:41:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/29 18:41:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/21 13:20:54 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/03/06 18:00:46 | 000,002,229 | ---- | C] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/06 18:00:46 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/06 18:00:28 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 18:00:27 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/05 17:05:43 | 000,119,628 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/02/05 21:24:03 | 000,000,000 | ---- | C] () -- C:\Users\Computer\AppData\Local\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: WDC WD3200AAJS-22L7A0
Partitions: 4
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: FLASH Drive UT_USB20 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 30.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 32213303296
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 134.00GB
Starting Offset: 32318160896
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 134.00GB
Starting Offset: 176147136512
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/02/11 21:30:02 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Adobe
[2013/03/03 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Apple Computer
[2011/02/22 21:35:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ArcSoft
[2013/03/23 19:54:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Dropbox
[2012/05/07 19:50:51 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoft
[2012/05/07 19:50:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/05 21:23:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Identities
[2011/02/05 21:24:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Intel Corporation
[2011/02/05 21:24:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Macromedia
[2013/03/28 21:34:14 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Malwarebytes
[2009/07/14 08:49:10 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Media Center Programs
[2012/01/14 17:33:45 | 000,000,000 | --SD | M] -- C:\Users\Computer\AppData\Roaming\Microsoft
[2011/02/11 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Mozilla
[2012/05/07 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenCandy
[2012/09/23 02:16:34 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Skype
[2013/03/30 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Spotify
[2011/02/11 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Thunderbird
[2011/02/20 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Tific
[2011/02/11 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\U3
[2011/12/29 23:33:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\vlc
[2012/02/08 07:50:53 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Wave Systems Corp
[2013/03/11 13:01:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Windows Live Writer

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2010/07/14 14:52:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2010/07/14 14:52:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2010/02/04 11:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/04 11:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/07/14 14:52:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll
[2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 13:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\System32\nlaapi.dll
[2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
[2010/11/20 13:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/07/14 14:52:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/07/14 14:52:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/07/14 14:52:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/24 12:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/24 12:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/24 12:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/02/02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/02/02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/24 12:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/24 12:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/24 12:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/02/02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/02/02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/06/29 05:57:58 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/07/14 02:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll
[2010/12/22 14:53:50 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\nl-NL\wordpad.exe.mui
[2009/07/14 02:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 22:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 22:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 22:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 22:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 22:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 22:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 22:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2010/12/22 14:53:39 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\nl-NL\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >


Extra.TXT
==========

OTL Extras logfile created on: 3/30/2013 10:44:47 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 66.72% Memory free
5.86 Gb Paging File | 4.83 Gb Available in Paging File | 82.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.95 Gb Total Space | 69.15 Gb Free Space | 51.62% Space Free | Partition Type: NTFS
Drive D: | 134.04 Gb Total Space | 131.72 Gb Free Space | 98.27% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 0.52 Gb Free Space | 27.86% Space Free | Partition Type: FAT32

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A73DF18-C80B-486E-BFE3-B3FAA5F87F15}" = rport=445 | protocol=6 | dir=out | app=system |
"{290D86D3-41B6-4F54-9D74-39C00508E182}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32D8C5FF-7BF6-4401-9298-9253B22D8AC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{35049AF1-4E0F-40E6-BDDF-514BD664C983}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{54F7D805-337F-4D7E-84C1-F419E0DE9EF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70012085-1641-4DEE-B93F-D27732FDEBEA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EF6A916-DAB7-4086-A1D1-22F3FE2DF6A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{83F9A794-C6C2-4F99-B686-BB8856D8B00D}" = lport=138 | protocol=17 | dir=in | app=system |
"{926310A6-AECB-4B3C-B0B0-E0AB04E19438}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3CAC058-2DF3-4680-8E77-1549FBE42EAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8B1E9BC-8CED-4C64-8A1B-72AAC5002F13}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC0E4850-F9DD-4791-9E24-5FD62974074E}" = rport=138 | protocol=17 | dir=out | app=system |
"{B39232EF-58A6-4E1E-BEC5-4AA2F37619B9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BC1B0F93-9CAC-4468-B28B-9FD7E3925E7C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D36FB886-A4F2-4197-A4A5-AFC48C4D3A1F}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3DE191D-9531-47A7-94B1-2545DD6E9583}" = lport=137 | protocol=17 | dir=in | app=system |
"{DA92A731-B354-4B42-B743-D254F72D726A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E910009F-9765-45AF-8A29-35047A5F7DE1}" = rport=139 | protocol=6 | dir=out | app=system |
"{F2213612-C2F0-4BE0-AECC-A8026B699CBE}" = lport=445 | protocol=6 | dir=in | app=system |
"{FB530DA4-1C2C-47D1-939E-39454F55DBD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8D66BA14-78DB-41ED-B8E3-AC39D3750B58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B007C912-CCB5-4A3D-8F07-379324F4EB15}" = protocol=1 | dir=out | [email protected],-28544 |
"{BED84125-DE6A-48FD-A58B-2CA4AA8FEAA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{E6B17BCC-4B7E-442A-9919-ED88D60D60B8}" = protocol=58 | dir=in | [email protected],-28545 |
"{EF32F994-E3D6-4099-B395-F2AA3B6A241E}" = protocol=58 | dir=out | [email protected],-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series" = Canon iP4900 series Printer Driver
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D44D783-D027-4135-AC39-81E320ED2D3A}" = Windows Live Family Safety
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE}" = Microsoft .NET Framework 4 Extended NLD Language Pack
"{50E735FE-2EFC-4694-9ED3-6826E0B0C13B}" = Bing Bar
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{824563DE-75AD-4166-9DC0-B6482F206954}" = Belgium e-ID middleware 3.5.6 (build 6954)
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D853998-1055-4E45-B99E-F5039C502831}" = Photo Notifier and Animation Creator
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Framework
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.SingleImage_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0413-0000-0000000FF1CE}_Office14.SingleImage_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0413-0000-0000000FF1CE}_Office14.SingleImage_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E65215B-9DE9-401A-8541-C82FE2D2BC66}" = Acer SmartBoot
"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D3DE876B-97FC-4380-8902-468FE51395B4}" = Nitro Reader 2
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"C22EC48700B9B9C08DDC2C12DA3BD6F8EA0DFFDE" = Stuurprogrammapakket voor Windows - Fedict SmartCard (12/08/2009 4.0.0.3)
"Creative PD1130" = Creative WebCam NX Pro Driver (1.03.03.0326)
"eMindMaps" = eMindMaps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.21.504
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"iLivid" = iLivid
"iMesh" = iMesh
"iMesh 1 MediaBar" = MediaBar
"IncrediMail_MediaBar_Nederlands_2 Toolbar" = IncrediMail MediaBar Nederlands 2 Toolbar
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
"Mozilla Thunderbird 17.0.4 (x86 nl)" = Mozilla Thunderbird 17.0.4 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2013 2:43:43 PM | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: rundll32.exe_shell32.dll, versie: 6.1.7600.16385,
tijdstempel: 0x4a5bc637 Naam van module met fout: ntdll.dll, versie: 6.1.7600.16915,
tijdstempel: 0x4ec49caf Uitzonderingscode: 0xc0000005 Foutoffset: 0x0002f963 Id van
proces met fout: 0x67c Starttijd van toepassing met fout: 0x01ce27f6573b3142 Pad
naar toepassing met fout: C:\Windows\System32\rundll32.exe Pad naar module met fout:
C:\Windows\SYSTEM32\ntdll.dll Rapport-id: 95f4b7a1-93e9-11e2-b7ea-1078d2a4e77f

Error - 3/23/2013 2:48:29 PM | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: rundll32.exe_shell32.dll, versie: 6.1.7600.16385,
tijdstempel: 0x4a5bc637 Naam van module met fout: ntdll.dll, versie: 6.1.7600.16915,
tijdstempel: 0x4ec49caf Uitzonderingscode: 0xc0000005 Foutoffset: 0x0002f963 Id van
proces met fout: 0x11c4 Starttijd van toepassing met fout: 0x01ce27f7023609ad Pad
naar toepassing met fout: C:\Windows\System32\rundll32.exe Pad naar module met fout:
C:\Windows\SYSTEM32\ntdll.dll Rapport-id: 406ca45d-93ea-11e2-b7ea-1078d2a4e77f

Error - 3/23/2013 2:53:51 PM | Computer Name = Computer-PC | Source = Schedule | ID = 0
Description =

Error - 3/23/2013 2:54:03 PM | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: AtService.exe, versie: 8.4.2.5, tijdstempel:
0x4a0ddea4 Naam van module met fout: AtService.exe, versie: 8.4.2.5, tijdstempel:
0x4a0ddea4 Uitzonderingscode: 0x40000015 Foutoffset: 0x000b1adb Id van proces met
fout: 0x340 Starttijd van toepassing met fout: 0x01ce27f7c0b01f57 Pad naar toepassing
met fout: C:\Program Files\Fingerprint Sensor\AtService.exe Pad naar module met
fout: C:\Program Files\Fingerprint Sensor\AtService.exe Rapport-id: 075cde40-93eb-11e2-b924-1078d2a4e77f

Error - 3/23/2013 3:00:25 PM | Computer Name = Computer-PC | Source = Schedule | ID = 0
Description =

Error - 3/23/2013 3:00:37 PM | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: AtService.exe, versie: 8.4.2.5, tijdstempel:
0x4a0ddea4 Naam van module met fout: AtService.exe, versie: 8.4.2.5, tijdstempel:
0x4a0ddea4 Uitzonderingscode: 0xc0000005 Foutoffset: 0x0001be16 Id van proces met
fout: 0x348 Starttijd van toepassing met fout: 0x01ce27f8ad1fb66f Pad naar toepassing
met fout: C:\Program Files\Fingerprint Sensor\AtService.exe Pad naar module met
fout: C:\Program Files\Fingerprint Sensor\AtService.exe Rapport-id: f2790a86-93eb-11e2-b72f-1078d2a4e77f

Error - 3/23/2013 3:02:55 PM | Computer Name = Computer-PC | Source = Schedule | ID = 0
Description =

Error - 3/28/2013 3:24:18 PM | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: rundll32.exe_shell32.dll, versie: 6.1.7600.16385,
tijdstempel: 0x4a5bc637 Naam van module met fout: ntdll.dll, versie: 6.1.7600.16915,
tijdstempel: 0x4ec49caf Uitzonderingscode: 0xc0000005 Foutoffset: 0x0002f963 Id van
proces met fout: 0x10ac Starttijd van toepassing met fout: 0x01ce2be9d72fe28f Pad
naar toepassing met fout: C:\Windows\System32\rundll32.exe Pad naar module met fout:
C:\Windows\SYSTEM32\ntdll.dll Rapport-id: 15830dc3-97dd-11e2-b72f-1078d2a4e77f

Error - 3/28/2013 3:36:33 PM | Computer Name = Computer-PC | Source = Schedule | ID = 0
Description =

Error - 3/28/2013 3:36:44 PM | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: AtService.exe, versie: 8.4.2.5, tijdstempel:
0x4a0ddea4 Naam van module met fout: AtService.exe, versie: 8.4.2.5, tijdstempel:
0x4a0ddea4 Uitzonderingscode: 0x40000015 Foutoffset: 0x000b1adb Id van proces met
fout: 0x348 Starttijd van toepassing met fout: 0x01ce2beb8b7a7c8f Pad naar toepassing
met fout: C:\Program Files\Fingerprint Sensor\AtService.exe Pad naar module met
fout: C:\Program Files\Fingerprint Sensor\AtService.exe Rapport-id: d22b524d-97de-11e2-aa34-1078d2a4e77f

[ System Events ]
Error - 3/30/2013 5:57:02 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk
van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart:
%%1068

Error - 3/30/2013 5:57:07 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7000
Description = De Ancillary Function Driver for Winsock-service kan vanwege de volgende
fout niet worden gestart: %%1058

Error - 3/30/2013 5:57:07 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = De DHCP-client-service is afhankelijk van de Ancillary Function Driver
for Winsock-service, die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 3/30/2013 5:57:07 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk
van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart:
%%1068

Error - 3/30/2013 5:57:23 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7000
Description = De Ancillary Function Driver for Winsock-service kan vanwege de volgende
fout niet worden gestart: %%1058

Error - 3/30/2013 5:57:23 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = De DHCP-client-service is afhankelijk van de Ancillary Function Driver
for Winsock-service, die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 3/30/2013 5:57:23 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk
van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart:
%%1068

Error - 3/30/2013 5:57:54 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7000
Description = De Ancillary Function Driver for Winsock-service kan vanwege de volgende
fout niet worden gestart: %%1058

Error - 3/30/2013 5:57:54 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = De DHCP-client-service is afhankelijk van de Ancillary Function Driver
for Winsock-service, die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 3/30/2013 5:57:54 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk
van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart:
%%1068


< End of report >
  • 0

Advertisements


#2
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hello Paul432220 and welcome to GeeksToGo .

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Satchfan
  • 0

#3
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hello again

You have a lot of undesirable programs on your computer which have helped to corrupt some of your files/settings.


Uninstall programs

Uninstall these programs:

iLivid
iMesh
iMesh 1 MediaBar
IncrediMail_MediaBar_Nederlands_2 Toolbar
Ask.com


  • click Start, Control Panel, Programs and Features
  • click on iLivid and then Uninstall
  • repeat this for the other programs listed above.
================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop.

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad
If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply
===================================================

Download and run Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.
  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.
Logs to include in the next post:

RKreport.txt
AdwCleaner log
JRT.txt


Thanks

Satchfan
  • 0

#4
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Satchfan,
thanks for your quick reply, i uninstalled the requested programs, and i attach the requested files below
thanks

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7600 ) 32 bits version
Gestart vanuit : Normale modus
Gebruiker : Computer [Administrator rechten]
Modus : Scan -- Datum : 04/01/2013 17:07:07
| ARK || FAK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Register verwijzingen : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

¤¤¤ Speciale Files / Folders: ¤¤¤

¤¤¤ Driver : [Geladen] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x84119F75 -> HOOKED (Unknown @ 0x89B96818)
SSDT[14] : NtAlertThread @ 0x840C7CF8 -> HOOKED (Unknown @ 0x89B968F8)
SSDT[19] : NtAllocateVirtualMemory @ 0x84088D8F -> HOOKED (Unknown @ 0x89DD9A00)
SSDT[22] : NtAlpcConnectPort @ 0x84090E21 -> HOOKED (Unknown @ 0x892F5580)
SSDT[43] : NtAssignProcessToJobObject @ 0x840347FA -> HOOKED (Unknown @ 0x89F578E8)
SSDT[74] : NtCreateMutant @ 0x840BC1F8 -> HOOKED (Unknown @ 0x89B96568)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x8404C487 -> HOOKED (Unknown @ 0x89F67FC0)
SSDT[87] : NtCreateThread @ 0x841181AE -> HOOKED (Unknown @ 0x89DD9E48)
SSDT[88] : NtCreateThreadEx @ 0x84076331 -> HOOKED (Unknown @ 0x89F576F8)
SSDT[96] : NtDebugActiveProcess @ 0x840ED792 -> HOOKED (Unknown @ 0x89F579F0)
SSDT[111] : NtDuplicateObject @ 0x840B96A5 -> HOOKED (Unknown @ 0x89DD9B90)
SSDT[131] : NtFreeVirtualMemory @ 0x83EF0AC4 -> HOOKED (Unknown @ 0x89DD9818)
SSDT[145] : NtImpersonateAnonymousToken @ 0x84030046 -> HOOKED (Unknown @ 0x89B96658)
SSDT[147] : NtImpersonateThread @ 0x84095C87 -> HOOKED (Unknown @ 0x89B96738)
SSDT[155] : NtLoadDriver @ 0x83FDE313 -> HOOKED (Unknown @ 0x89312DB8)
SSDT[168] : NtMapViewOfSection @ 0x840BC4BA -> HOOKED (Unknown @ 0x89B96F28)
SSDT[177] : NtOpenEvent @ 0x840BEB4A -> HOOKED (Unknown @ 0x89B96488)
SSDT[190] : NtOpenProcess @ 0x840BEB14 -> HOOKED (Unknown @ 0x89DD9D30)
SSDT[191] : NtOpenProcessToken @ 0x84079ED1 -> HOOKED (Unknown @ 0x89DD9AD0)
SSDT[194] : NtOpenSection @ 0x840BC79D -> HOOKED (Unknown @ 0x89F57C18)
SSDT[198] : NtOpenThread @ 0x840BD46B -> HOOKED (Unknown @ 0x89DD9C60)
SSDT[215] : NtProtectVirtualMemory @ 0x840BD224 -> HOOKED (Unknown @ 0x89F577F8)
SSDT[304] : NtResumeThread @ 0x840AF5B2 -> HOOKED (Unknown @ 0x89B969D8)
SSDT[316] : NtSetContextThread @ 0x84119A23 -> HOOKED (Unknown @ 0x89B96C78)
SSDT[333] : NtSetInformationProcess @ 0x8408A389 -> HOOKED (Unknown @ 0x89B96D58)
SSDT[350] : NtSetSystemInformation @ 0x840C83D5 -> HOOKED (Unknown @ 0x89F57AD0)
SSDT[366] : NtSuspendProcess @ 0x84119EAF -> HOOKED (Unknown @ 0x89F57CF8)
SSDT[367] : NtSuspendThread @ 0x840D6C36 -> HOOKED (Unknown @ 0x89B96AB8)
SSDT[370] : NtTerminateProcess @ 0x8409F165 -> HOOKED (Unknown @ 0x89DD9F28)
SSDT[371] : NtTerminateThread @ 0x840B1EC7 -> HOOKED (Unknown @ 0x89B96B98)
SSDT[385] : NtUnmapViewOfSection @ 0x840B92BF -> HOOKED (Unknown @ 0x89B96E48)
SSDT[399] : NtWriteVirtualMemory @ 0x840C4B95 -> HOOKED (Unknown @ 0x89DD98E8)
S_SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8925B130)
S_SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89226F90)
S_SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x89226ED0)
S_SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89225360)
S_SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89225420)
S_SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x89226C00)
S_SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x89226DE0)
S_SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89226CF0)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x86740028)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x89217110)

¤¤¤ HOSTS Bestand: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Controle: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-22L7A0 +++++
--- User ---
[MBR] ba863e770f82fa4d4bb6fe1c02a07309
[BSP] 882a247d63661cfd8b83afa9357ab6b5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 30720 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 62916608 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63121408 | Size: 137166 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 344037376 | Size: 137257 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Gereed : << RKreport[1]_S_04012013_02d1707.txt >>
RKreport[1]_S_04012013_02d1707.txt




# AdwCleaner v2.115 - Verslag gemaakt op 01/04/2013 om 17:10:32
# Geactualiseerd op 17/03/2013 door Xplode
# Besturingssysteem : Windows 7 Professional (32 bits)
# Gebruiker : Computer - COMPUTER-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Instexe\adwcleaner.exe
# Optie [Verwijderen]


***** [Diensten] *****


***** [Files / Mappen] *****

Map Verwijdert : C:\Program Files\Conduit
Map Verwijdert : C:\Program Files\iMesh Applications\Mediabar
Map Verwijdert : C:\Users\Computer\AppData\Local\Conduit
Map Verwijdert : C:\Users\Computer\AppData\Local\PackageAware
Map Verwijdert : C:\Users\Computer\AppData\LocalLow\Conduit
Map Verwijdert : C:\Users\Computer\AppData\LocalLow\mediabarim
Map Verwijdert : C:\Users\Computer\AppData\Roaming\dvdvideosoftiehelpers
Map Verwijdert : C:\Users\Computer\AppData\Roaming\OpenCandy

***** [Register] *****

Data Verwijdert : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll
Data Verwijdert : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
Sleutel Verwijdert : HKCU\Software\DataMngr
Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar
Sleutel Verwijdert : HKCU\Software\ilivid
Sleutel Verwijdert : HKCU\Software\IM
Sleutel Verwijdert : HKCU\Software\ImInstaller
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Sleutel Verwijdert : HKCU\Software\Softonic
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2727678
Sleutel Verwijdert : HKLM\Software\Conduit
Sleutel Verwijdert : HKLM\Software\DataMngr
Sleutel Verwijdert : HKLM\Software\ImInstaller
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[S1].txt - [4752 octets] - [01/04/2013 17:10:32]

########## EOF - C:\AdwCleaner[S1].txt - [4812 octets] ##########



Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.8 (03.31.2013:1)
OS: Windows 7 Professional x86
Ran by Computer on ma 01/04/2013 at 17:15:26,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\imesh applications"
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{F59CF5D3-1C93-476D-B7CD-E1E7BC863BDA}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{F0A1EF0E-9DBC-4CBC-BBCB-D5058A6493B0}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{E9CF4777-A958-4803-9093-4DFBA3DE0C25}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{E3DF3F1A-6728-45DD-A653-51107C9B7C20}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{DCCE3701-151D-4032-B968-FA875DE19FFD}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{D8754085-B5DC-477E-98DE-AB2DD24CF7C0}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{D159781C-7054-4FD7-8F7D-084F21834538}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{CC11AC9E-D984-4B11-BAAD-1CD25C6D5861}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{CBDEB568-FE0C-4F15-8DA6-07836A5A766F}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{CB1705CB-2A3A-4952-9381-8A4153C57E17}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{CAC097DC-0754-40A9-998B-B252AE286A92}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{CA2D8C66-A036-42A0-B45E-91E8C475B663}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{C6796BBF-986A-4D5D-9D66-4D34C2803939}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{B762C5DA-8982-4D89-9A4A-A70843104B7A}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{B65D2FE7-AC06-4C49-855F-D8ACE8CE6350}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{AD92B2CE-002A-4473-AE50-63C5A8B5C14A}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{AD8803FA-2CCC-4D12-AC0E-9FE0930DB5D1}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{A880796D-B074-48EE-AD1E-2BCDB7A3C213}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{A84A9ACE-77DF-4401-A9D2-E6B6B3EE74F8}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{A7523B20-C4A2-4B2E-AB4B-87F3C3D5595F}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{A46EDD1A-E0B3-4B22-8BDA-075BA6351914}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{9E7D8B6A-845F-45D7-8291-D9DBDD25A2D8}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{91068DD9-B9AD-48D1-8A56-993FE09C8915}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{908EBCAD-7E78-495C-AB0C-0B9CEAE261F8}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{8C34167A-42A9-4AC8-B215-5EC566020C9E}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{88A8706F-DE62-480F-9FC9-0382FAA4CA22}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{80503F42-B2E5-495C-9BF3-3C338E558CC1}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{5DE623DE-64DF-4AD3-81C2-1DD24A6F2F22}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{5A91521C-FDF0-48A5-B245-685796F5865B}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{5666AF7B-F07E-4F7E-BF68-B94196C6CAC3}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{552A7173-8D0A-47C3-964F-A93EF396C992}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{54FC4630-F657-44B6-81BC-EAD3B784CD1F}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{454040BD-FF97-4668-A1DC-EFC50EEDB213}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{44A378C8-93DA-4663-AF9D-4A98D5202D20}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{3FCCF007-BCBA-4218-B9CF-5B8CDC7F9C4A}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{34FDCA46-9792-4898-8A6D-4FC275BEB89C}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{2EBD6BE1-43B8-4576-9C53-FCAD455B2B30}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{2AE98126-0105-4BFC-8A2E-191067DB89F2}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{1C581FA3-0968-4329-BCA4-B9C7A0C5C7C2}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{19498433-DA21-4AAA-AE51-3A01503A022E}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{15B02C0A-48D8-4001-A8BB-1E5EFFE08899}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{1216A7F1-4528-436F-8A26-99A036A86D97}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{0B680BE4-AD71-4506-9707-11794B7ED18E}
Successfully deleted: [Empty Folder] C:\Users\Computer\appdata\local\{0725A69B-3991-4210-867B-4BA233290BAD}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ma 01/04/2013 at 17:17:47,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#5
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Please download Farbar Service Scanner and run it on the computer with the issue.

  • make sure the following options are checked:


    Internet Services
    Windows Firewallsfc
    System Restore
    Security Center
    Windows Update

  • press "Scan".
  • it will create a log (FSS.txt) in the same directory the tool is run.
  • please copy and paste the log to your reply.
Please also run OTL again and send a new log.

Logs to include in the next post:

FSS.txt
New OTL log


Thanks

Satchfan
  • 0

#6
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
I attach the requested logs below, one other thing i looked at is the result of the command "netstat -s" and right after the reboot, i saw the following statistics
for the IPV4

Packets received: 52
Received address errors: 14
Received packets discarded: 37
Received packets delivered: 1
all other values are zero.

Finally, i have to add that this PC runs with Windows updates set to off, on purpose. From time to time, an update is done, but this has not happened in the last couple of months, so out of scope for this problem i guess



Farbar Service Scanner Version: 03-03-2013
Ran by Computer (administrator) on 02-04-2013 at 18:44:47
Running from "F:\"
Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-13 08:45] - [2013-01-04 06:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 16:16] - [2012-06-02 06:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit




OTL logfile created on: 4/2/2013 6:48:57 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 64.94% Memory free
5.86 Gb Paging File | 4.81 Gb Available in Paging File | 82.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.95 Gb Total Space | 70.32 Gb Free Space | 52.50% Space Free | Partition Type: NTFS
Drive D: | 134.04 Gb Total Space | 131.72 Gb Free Space | 98.27% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 0.52 Gb Free Space | 27.51% Space Free | Partition Type: FAT32

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/30 09:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2013/03/19 18:23:09 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/03/14 17:54:10 | 001,103,768 | ---- | M] (Spotify Ltd) -- C:\Users\Computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/01/04 04:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/04/11 23:51:00 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/05/23 13:36:30 | 002,068,480 | ---- | M] (Belgian Government) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
PRC - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/14 15:52:30 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/12/09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTIONX86\USBS3S4Detection.exe
PRC - [2009/12/09 10:50:00 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 10:49:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/11/17 16:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/11/17 16:18:10 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/10/02 23:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 23:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/05/12 20:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
PRC - [2009/05/12 20:05:32 | 000,376,832 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe
PRC - [2009/02/18 02:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/21 14:45:02 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/03/21 14:44:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/03/21 14:44:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/03/21 14:44:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/03/21 14:43:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/03/21 14:43:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/03/21 14:43:52 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/03/21 14:43:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/22 15:53:41 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/11/17 16:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/08/14 16:05:40 | 000,135,168 | ---- | M] () -- C:\Program Files\Belgium Identity Card\imageformats\qjpeg4.dll
MOD - [2009/08/14 15:53:52 | 007,495,680 | ---- | M] () -- C:\Program Files\Belgium Identity Card\QtGui4.dll
MOD - [2009/08/14 15:32:24 | 001,961,984 | ---- | M] () -- C:\Program Files\Belgium Identity Card\QtCore4.dll


========== Services (SafeList) ==========

SRV - [2013/03/12 13:01:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)
SRV - [2012/04/11 23:51:00 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011/05/06 11:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/07 04:02:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTIONX86\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/12/09 10:50:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 10:49:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/11/17 16:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/02 23:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/12 20:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/18 02:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - [2013/01/24 23:24:46 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130320.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/24 23:24:46 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/01/24 23:24:46 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130320.017\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/24 23:03:12 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/01/23 17:37:50 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130320.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/01/16 04:22:36 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ccsetx86.sys -- (ccSet_NAV)
DRV - [2012/05/22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symefa.sys -- (SymEFA)
DRV - [2012/04/18 04:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symnets.sys -- (SymNetS)
DRV - [2012/04/18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ironx86.sys -- (SymIRON)
DRV - [2011/08/16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symds.sys -- (SymDS)
DRV - [2010/02/03 00:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/12/31 11:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/09/23 11:09:56 | 000,208,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/09/23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/17 21:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/25 10:32:08 | 000,078,848 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2009/06/25 10:32:00 | 000,055,424 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxpserx.sys -- (SNXPSERX)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/05/04 06:48:00 | 000,090,229 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1130Vid.sys -- (P1130VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {95324e44-4b0a-47a9-8f77-9c6415e51c29} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A248FA21-D74B-4958-A64C-9300C9B3C717}: "URL" = http://websearch.ask...13-96515C78CA53
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected] [2011/06/03 11:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/02/10 10:17:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2013/01/24 23:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/03/12 13:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/03/12 13:01:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/02/12 00:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2011/02/12 00:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/03 11:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/03 11:14:35 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.be/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Docs = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: PicMonkey Extension = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl\1.4_0\
CHR - Extension: SiteAdvisor = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Lightshot (screenshot tool) = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\3.0.9_0\
CHR - Extension: Gmail = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [EmbassySecurityCheck] ";C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\Computer\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Computer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.co...gamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.4 195.130.130.132
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7f8d31cd-37f9-11e2-b96a-1078d2a4e77f}\Shell - "" = AutoRun
O33 - MountPoints2\{7f8d31cd-37f9-11e2-b96a-1078d2a4e77f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f603ae41-361b-11e0-ba95-1078d2a4e77f}\Shell - "" = AutoRun
O33 - MountPoints2\{f603ae41-361b-11e0-ba95-1078d2a4e77f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - msh263.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/01 17:15:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/01 17:15:15 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/01 17:05:19 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\RK_Quarantine
[2013/04/01 17:01:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013/03/30 13:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/30 13:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/29 20:21:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/03/29 19:49:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/29 19:43:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/29 19:41:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/29 19:41:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/29 19:41:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/29 19:40:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/03/29 19:40:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/29 19:40:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/29 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/03/29 15:50:47 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2013/03/29 15:50:47 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll
[2013/03/29 15:50:47 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013/03/29 15:02:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Old
[2013/03/28 22:34:14 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Malwarebytes
[2013/03/28 22:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/21 04:01:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013/03/21 04:00:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013/03/20 21:43:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/14 04:01:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/14 04:01:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/14 04:01:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/14 04:01:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/14 04:01:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/14 04:01:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/14 04:01:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/14 04:01:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/12 13:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/03/11 14:01:31 | 000,000,000 | ---D | C] -- C:\Users\Computer\Documents\My Weblog Posts
[2013/03/11 14:01:30 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Windows Live Writer
[2013/03/11 14:01:30 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Windows Live Writer
[2013/03/06 19:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/06 19:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/03/06 19:00:22 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Google
[2013/03/06 18:59:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Deployment
[2013/03/06 18:59:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2013/04/02 18:47:02 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 18:47:02 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 18:45:16 | 000,744,860 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013/04/02 18:45:16 | 000,652,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/02 18:45:16 | 000,152,844 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013/04/02 18:45:16 | 000,121,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/02 18:39:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/02 18:39:35 | 2358,566,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/30 13:43:49 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/30 11:24:27 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/03/29 19:35:07 | 000,000,000 | ---- | M] () -- C:\Users\Computer\AppData\Local\WavXMapDrive.bat
[2013/03/21 14:34:14 | 000,354,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/03/21 14:25:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2013/03/21 04:05:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 19:05:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 18:29:29 | 000,000,390 | ---- | M] () -- C:\Users\Computer\Desktop\HTC.website
[2013/03/14 18:06:32 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/14 17:54:00 | 000,002,229 | ---- | M] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/12 13:11:07 | 000,002,060 | ---- | M] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

========== Files Created - No Company Name ==========

[2013/03/30 13:43:48 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/29 19:41:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/29 19:41:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/29 19:41:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/29 19:41:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/29 19:41:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/21 14:20:54 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/03/06 19:00:46 | 000,002,229 | ---- | C] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/06 19:00:46 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/06 19:00:28 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 19:00:27 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/05 18:05:43 | 000,119,628 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/02/05 22:24:03 | 000,000,000 | ---- | C] () -- C:\Users\Computer\AppData\Local\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: WDC WD3200AAJS-22L7A0
Partitions: 4
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: FLASH Drive UT_USB20 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 30.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 32213303296
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 134.00GB
Starting Offset: 32318160896
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 134.00GB
Starting Offset: 176147136512
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/02/11 22:30:02 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Adobe
[2013/03/03 18:59:55 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Apple Computer
[2011/02/22 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ArcSoft
[2013/03/23 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Dropbox
[2012/05/07 20:50:51 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoft
[2011/02/05 22:23:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Identities
[2011/02/05 22:24:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Intel Corporation
[2011/02/05 22:24:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Macromedia
[2013/03/28 22:34:14 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Malwarebytes
[2009/07/14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Media Center Programs
[2012/01/14 18:33:45 | 000,000,000 | --SD | M] -- C:\Users\Computer\AppData\Roaming\Microsoft
[2011/02/12 00:04:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Mozilla
[2012/09/23 03:16:34 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Skype
[2013/04/02 18:40:31 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Spotify
[2011/02/12 00:04:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Thunderbird
[2011/02/20 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Tific
[2011/02/11 22:26:13 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\U3
[2011/12/30 00:33:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\vlc
[2012/02/08 08:50:53 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Wave Systems Corp
[2013/03/11 14:01:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Windows Live Writer

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2010/07/14 15:52:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2010/07/14 15:52:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2010/02/04 12:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/04 12:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/07/14 15:52:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/14 03:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll
[2009/07/14 03:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 14:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/14 03:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\System32\nlaapi.dll
[2009/07/14 03:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
[2010/11/20 14:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/07/14 15:52:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/07/14 15:52:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/07/14 15:52:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/03/11 02:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/03/11 02:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/03/11 02:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/03/11 02:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/24 13:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/24 13:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/24 13:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/02/02 06:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/02/02 06:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/03/11 02:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/03/11 02:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/03/11 02:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/03/11 02:22:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/24 13:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/24 13:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/24 13:45:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/02/02 06:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/02/02 06:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/06/29 06:57:58 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/07/14 03:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll
[2010/12/22 15:53:50 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\nl-NL\wordpad.exe.mui
[2009/07/14 03:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 23:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 23:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 23:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 23:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 23:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 23:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 23:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2010/12/22 15:53:39 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\nl-NL\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
  • 0

#7
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Can you tell me if you installed/uninstalled something just before this happened.

I’d also like a look at the previous logs you ran. Can you send the results of TDSSKiller and ComboFix If you still have them.

  • the old TDSSKiller report can be found in your root directory, (usually C:\ folder) and will reflect the date that it was run
  • the ComboFix log will be found at C:\Qoobox\ComboFix-quarantined-files.txt
Thanks

Satchfan
  • 0

#8
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Satchfan,
No, i did not install / uninstall any files just before this issue started to occur...
I attach below the TDSSKiller log, but i could not find a txt file in the C:\Qoobox directory...

16:00:31.0386 1776 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
16:00:31.0402 1776 ============================================================
16:00:31.0402 1776 Current date / time: 2013/03/29 16:00:31.0402
16:00:31.0402 1776 SystemInfo:
16:00:31.0402 1776
16:00:31.0402 1776 OS Version: 6.1.7600 ServicePack: 0.0
16:00:31.0402 1776 Product type: Workstation
16:00:31.0402 1776 ComputerName: COMPUTER-PC
16:00:31.0402 1776 UserName: Computer
16:00:31.0402 1776 Windows directory: C:\Windows
16:00:31.0402 1776 System windows directory: C:\Windows
16:00:31.0402 1776 Processor architecture: Intel x86
16:00:31.0402 1776 Number of processors: 4
16:00:31.0402 1776 Page size: 0x1000
16:00:31.0402 1776 Boot type: Normal boot
16:00:31.0402 1776 ============================================================
16:00:31.0886 1776 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:00:31.0948 1776 Drive \Device\Harddisk1\DR1 - Size: 0x78380000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:00:31.0948 1776 ============================================================
16:00:31.0948 1776 \Device\Harddisk0\DR0:
16:00:31.0948 1776 MBR partitions:
16:00:31.0948 1776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3C00800, BlocksNum 0x32000
16:00:31.0948 1776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3C32800, BlocksNum 0x10BE7000
16:00:31.0948 1776 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14819800, BlocksNum 0x10C14800
16:00:31.0948 1776 \Device\Harddisk1\DR1:
16:00:31.0948 1776 MBR partitions:
16:00:31.0948 1776 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3C1BC1
16:00:31.0948 1776 ============================================================
16:00:31.0979 1776 C: <-> \Device\Harddisk0\DR0\Partition2
16:00:32.0010 1776 D: <-> \Device\Harddisk0\DR0\Partition3
16:00:32.0010 1776 ============================================================
16:00:32.0010 1776 Initialize success
16:00:32.0010 1776 ============================================================
16:00:40.0341 3924 ============================================================
16:00:40.0341 3924 Scan started
16:00:40.0341 3924 Mode: Manual;
16:00:40.0341 3924 ============================================================
16:00:40.0528 3924 ================ Scan system memory ========================
16:00:40.0528 3924 System memory - ok
16:00:40.0528 3924 ================ Scan services =============================
16:00:40.0684 3924 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:00:40.0700 3924 1394ohci - ok
16:00:40.0762 3924 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:00:40.0778 3924 ACDaemon - ok
16:00:40.0809 3924 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:00:40.0809 3924 ACPI - ok
16:00:40.0840 3924 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:00:40.0856 3924 AcpiPmi - ok
16:00:40.0887 3924 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:00:40.0902 3924 adp94xx - ok
16:00:40.0918 3924 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:00:40.0934 3924 adpahci - ok
16:00:40.0965 3924 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:00:40.0965 3924 adpu320 - ok
16:00:40.0980 3924 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:00:40.0996 3924 AeLookupSvc - ok
16:00:41.0012 3924 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
16:00:41.0012 3924 Afc - ok
16:00:41.0058 3924 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
16:00:41.0058 3924 AFD - ok
16:00:41.0090 3924 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:00:41.0105 3924 agp440 - ok
16:00:41.0136 3924 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:00:41.0152 3924 aic78xx - ok
16:00:41.0183 3924 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:00:41.0199 3924 ALG - ok
16:00:41.0214 3924 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:00:41.0230 3924 aliide - ok
16:00:41.0277 3924 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:00:41.0277 3924 amdagp - ok
16:00:41.0292 3924 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:00:41.0308 3924 amdide - ok
16:00:41.0324 3924 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:00:41.0339 3924 AmdK8 - ok
16:00:41.0355 3924 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:00:41.0370 3924 AmdPPM - ok
16:00:41.0402 3924 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:00:41.0402 3924 amdsata - ok
16:00:41.0433 3924 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:00:41.0433 3924 amdsbs - ok
16:00:41.0464 3924 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:00:41.0464 3924 amdxata - ok
16:00:41.0495 3924 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
16:00:41.0511 3924 AppID - ok
16:00:41.0526 3924 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:00:41.0526 3924 AppIDSvc - ok
16:00:41.0542 3924 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
16:00:41.0542 3924 Appinfo - ok
16:00:41.0620 3924 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:00:41.0620 3924 Apple Mobile Device - ok
16:00:41.0620 3924 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:00:41.0620 3924 AppMgmt - ok
16:00:41.0636 3924 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:00:41.0651 3924 arc - ok
16:00:41.0651 3924 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:00:41.0667 3924 arcsas - ok
16:00:41.0714 3924 [ 1738EAC9C95AE14E471F51778940C111 ] ASLSvc C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
16:00:41.0714 3924 ASLSvc - ok
16:00:41.0792 3924 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:00:41.0807 3924 aspnet_state - ok
16:00:41.0823 3924 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:00:41.0838 3924 AsyncMac - ok
16:00:41.0885 3924 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:00:41.0885 3924 atapi - ok
16:00:41.0948 3924 [ F6E8CCF14B84507497D3108518DBB4CC ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
16:00:41.0963 3924 ATService - ok
16:00:41.0994 3924 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:00:42.0010 3924 AudioEndpointBuilder - ok
16:00:42.0010 3924 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:00:42.0010 3924 Audiosrv - ok
16:00:42.0041 3924 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:00:42.0041 3924 AxInstSV - ok
16:00:42.0072 3924 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:00:42.0072 3924 b06bdrv - ok
16:00:42.0104 3924 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:00:42.0104 3924 b57nd60x - ok
16:00:42.0150 3924 [ B98C4EFAD723F9E18CBF68AA2B63D225 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:00:42.0166 3924 BBSvc - ok
16:00:42.0197 3924 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:00:42.0197 3924 BDESVC - ok
16:00:42.0244 3924 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:00:42.0244 3924 Beep - ok
16:00:42.0275 3924 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
16:00:42.0291 3924 BFE - ok
16:00:42.0447 3924 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
16:00:42.0447 3924 BHDrvx86 - ok
16:00:42.0509 3924 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
16:00:42.0525 3924 BITS - ok
16:00:42.0556 3924 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:00:42.0556 3924 blbdrive - ok
16:00:42.0618 3924 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:00:42.0634 3924 Bonjour Service - ok
16:00:42.0650 3924 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:00:42.0665 3924 bowser - ok
16:00:42.0681 3924 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:00:42.0696 3924 BrFiltLo - ok
16:00:42.0728 3924 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:00:42.0728 3924 BrFiltUp - ok
16:00:42.0759 3924 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
16:00:42.0759 3924 Browser - ok
16:00:42.0774 3924 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:00:42.0790 3924 Brserid - ok
16:00:42.0806 3924 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:00:42.0806 3924 BrSerWdm - ok
16:00:42.0837 3924 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:00:42.0837 3924 BrUsbMdm - ok
16:00:42.0852 3924 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:00:42.0852 3924 BrUsbSer - ok
16:00:42.0884 3924 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:00:42.0884 3924 BthEnum - ok
16:00:42.0899 3924 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:00:42.0899 3924 BTHMODEM - ok
16:00:42.0915 3924 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:00:42.0930 3924 BthPan - ok
16:00:42.0962 3924 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:00:42.0962 3924 BTHPORT - ok
16:00:43.0008 3924 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:00:43.0008 3924 bthserv - ok
16:00:43.0024 3924 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:00:43.0024 3924 BTHUSB - ok
16:00:43.0086 3924 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NAV C:\Windows\system32\drivers\NAV\1309010.00E\ccSetx86.sys
16:00:43.0102 3924 ccSet_NAV - ok
16:00:43.0133 3924 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:00:43.0133 3924 cdfs - ok
16:00:43.0164 3924 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:00:43.0164 3924 cdrom - ok
16:00:43.0196 3924 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
16:00:43.0196 3924 CertPropSvc - ok
16:00:43.0211 3924 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:00:43.0227 3924 circlass - ok
16:00:43.0258 3924 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:00:43.0258 3924 CLFS - ok
16:00:43.0289 3924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:00:43.0305 3924 clr_optimization_v2.0.50727_32 - ok
16:00:43.0320 3924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:00:43.0320 3924 clr_optimization_v4.0.30319_32 - ok
16:00:43.0352 3924 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:00:43.0367 3924 CmBatt - ok
16:00:43.0383 3924 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:00:43.0383 3924 cmdide - ok
16:00:43.0430 3924 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
16:00:43.0445 3924 CNG - ok
16:00:43.0476 3924 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:00:43.0476 3924 Compbatt - ok
16:00:43.0508 3924 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:00:43.0508 3924 CompositeBus - ok
16:00:43.0523 3924 COMSysApp - ok
16:00:43.0539 3924 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:00:43.0554 3924 crcdisk - ok
16:00:43.0601 3924 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:00:43.0601 3924 CryptSvc - ok
16:00:43.0632 3924 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
16:00:43.0632 3924 CSC - ok
16:00:43.0664 3924 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
16:00:43.0679 3924 CscService - ok
16:00:43.0695 3924 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
16:00:43.0695 3924 DcomLaunch - ok
16:00:43.0726 3924 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:00:43.0726 3924 defragsvc - ok
16:00:43.0757 3924 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:00:43.0773 3924 DfsC - ok
16:00:43.0804 3924 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:00:43.0804 3924 Dhcp - ok
16:00:43.0835 3924 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:00:43.0851 3924 discache - ok
16:00:43.0866 3924 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:00:43.0866 3924 Disk - ok
16:00:43.0882 3924 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:00:43.0882 3924 Dnscache - ok
16:00:43.0913 3924 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
16:00:43.0913 3924 dot3svc - ok
16:00:43.0913 3924 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
16:00:43.0913 3924 DPS - ok
16:00:43.0929 3924 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:00:43.0944 3924 drmkaud - ok
16:00:43.0976 3924 [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:00:43.0991 3924 DXGKrnl - ok
16:00:44.0022 3924 [ BFD58DE8912EAB4F9995A8ADD08BC51C ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
16:00:44.0038 3924 e1kexpress - ok
16:00:44.0054 3924 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:00:44.0054 3924 EapHost - ok
16:00:44.0116 3924 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:00:44.0178 3924 ebdrv - ok
16:00:44.0256 3924 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:00:44.0256 3924 eeCtrl - ok
16:00:44.0288 3924 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
16:00:44.0288 3924 EFS - ok
16:00:44.0334 3924 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:00:44.0366 3924 ehRecvr - ok
16:00:44.0381 3924 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:00:44.0381 3924 ehSched - ok
16:00:44.0397 3924 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:00:44.0397 3924 elxstor - ok
16:00:44.0444 3924 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:00:44.0444 3924 EraserUtilRebootDrv - ok
16:00:44.0475 3924 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:00:44.0475 3924 ErrDev - ok
16:00:44.0522 3924 [ 2360C025FBA88951DAB9149191033128 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
16:00:44.0522 3924 ETService - ok
16:00:44.0553 3924 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:00:44.0553 3924 EventSystem - ok
16:00:44.0568 3924 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:00:44.0568 3924 exfat - ok
16:00:44.0584 3924 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:00:44.0584 3924 fastfat - ok
16:00:44.0615 3924 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
16:00:44.0646 3924 Fax - ok
16:00:44.0662 3924 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:00:44.0662 3924 fdc - ok
16:00:44.0693 3924 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:00:44.0693 3924 fdPHost - ok
16:00:44.0709 3924 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:00:44.0709 3924 FDResPub - ok
16:00:44.0724 3924 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:00:44.0724 3924 FileInfo - ok
16:00:44.0756 3924 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:00:44.0756 3924 Filetrace - ok
16:00:44.0787 3924 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:00:44.0787 3924 flpydisk - ok
16:00:44.0802 3924 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:00:44.0802 3924 FltMgr - ok
16:00:44.0834 3924 [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache C:\Windows\system32\FntCache.dll
16:00:44.0849 3924 FontCache - ok
16:00:44.0896 3924 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:00:44.0912 3924 FontCache3.0.0.0 - ok
16:00:44.0927 3924 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:00:44.0943 3924 FsDepends - ok
16:00:44.0958 3924 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:00:44.0974 3924 fssfltr - ok
16:00:45.0068 3924 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:00:45.0099 3924 fsssvc - ok
16:00:45.0130 3924 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:00:45.0146 3924 Fs_Rec - ok
16:00:45.0161 3924 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:00:45.0177 3924 fvevol - ok
16:00:45.0177 3924 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:00:45.0177 3924 gagp30kx - ok
16:00:45.0208 3924 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:00:45.0224 3924 GEARAspiWDM - ok
16:00:45.0255 3924 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
16:00:45.0255 3924 gpsvc - ok
16:00:45.0302 3924 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files\Acer\Registration\GREGsvc.exe
16:00:45.0302 3924 GREGService - ok
16:00:45.0348 3924 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:00:45.0348 3924 gupdate - ok
16:00:45.0348 3924 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:00:45.0348 3924 gupdatem - ok
16:00:45.0380 3924 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:00:45.0395 3924 hcw85cir - ok
16:00:45.0426 3924 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:00:45.0426 3924 HdAudAddService - ok
16:00:45.0458 3924 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:00:45.0458 3924 HDAudBus - ok
16:00:45.0520 3924 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
16:00:45.0536 3924 HECI - ok
16:00:45.0551 3924 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:00:45.0551 3924 HidBatt - ok
16:00:45.0567 3924 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:00:45.0567 3924 HidBth - ok
16:00:45.0582 3924 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:00:45.0582 3924 HidIr - ok
16:00:45.0598 3924 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:00:45.0598 3924 hidserv - ok
16:00:45.0629 3924 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:00:45.0629 3924 HidUsb - ok
16:00:45.0660 3924 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:00:45.0660 3924 hkmsvc - ok
16:00:45.0676 3924 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:00:45.0676 3924 HomeGroupListener - ok
16:00:45.0692 3924 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:00:45.0692 3924 HomeGroupProvider - ok
16:00:45.0707 3924 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:00:45.0707 3924 HpSAMD - ok
16:00:45.0738 3924 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:00:45.0754 3924 HTTP - ok
16:00:45.0770 3924 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:00:45.0770 3924 hwpolicy - ok
16:00:45.0785 3924 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:00:45.0785 3924 i8042prt - ok
16:00:45.0816 3924 [ D5EDB998656E6ECF1A17C78DAB019A3C ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:00:45.0816 3924 iaStor - ok
16:00:45.0863 3924 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:00:45.0879 3924 IAStorDataMgrSvc - ok
16:00:45.0894 3924 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:00:45.0894 3924 iaStorV - ok
16:00:45.0941 3924 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:00:45.0972 3924 idsvc - ok
16:00:46.0019 3924 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130320.001\IDSvix86.sys
16:00:46.0019 3924 IDSVix86 - ok
16:00:46.0175 3924 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:00:46.0316 3924 igfx - ok
16:00:46.0347 3924 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:00:46.0347 3924 iirsp - ok
16:00:46.0378 3924 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
16:00:46.0394 3924 IKEEXT - ok
16:00:46.0456 3924 [ 7CB41A5E5C24F9F50E6533693E2BB74D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:00:46.0472 3924 IntcAzAudAddService - ok
16:00:46.0503 3924 [ BF31740828A26AB451803E3B35432651 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:00:46.0534 3924 IntcDAud - ok
16:00:46.0550 3924 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:00:46.0550 3924 intelide - ok
16:00:46.0596 3924 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:00:46.0596 3924 intelppm - ok
16:00:46.0612 3924 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:00:46.0612 3924 IPBusEnum - ok
16:00:46.0628 3924 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:00:46.0643 3924 IpFilterDriver - ok
16:00:46.0659 3924 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:00:46.0659 3924 iphlpsvc - ok
16:00:46.0690 3924 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:00:46.0690 3924 IPMIDRV - ok
16:00:46.0721 3924 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:00:46.0721 3924 IPNAT - ok
16:00:46.0752 3924 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:00:46.0768 3924 iPod Service - ok
16:00:46.0784 3924 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:00:46.0784 3924 IRENUM - ok
16:00:46.0799 3924 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:00:46.0799 3924 isapnp - ok
16:00:46.0862 3924 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:00:46.0862 3924 iScsiPrt - ok
16:00:46.0877 3924 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:00:46.0877 3924 kbdclass - ok
16:00:46.0924 3924 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:00:46.0924 3924 kbdhid - ok
16:00:46.0940 3924 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
16:00:46.0940 3924 KeyIso - ok
16:00:47.0002 3924 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:00:47.0002 3924 KSecDD - ok
16:00:47.0049 3924 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:00:47.0064 3924 KSecPkg - ok
16:00:47.0096 3924 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:00:47.0096 3924 KtmRm - ok
16:00:47.0158 3924 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
16:00:47.0158 3924 LanmanServer - ok
16:00:47.0174 3924 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:00:47.0174 3924 LanmanWorkstation - ok
16:00:47.0189 3924 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:00:47.0205 3924 lltdio - ok
16:00:47.0236 3924 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:00:47.0236 3924 lltdsvc - ok
16:00:47.0252 3924 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:00:47.0252 3924 lmhosts - ok
16:00:47.0298 3924 [ 1D82A01A368255FE78C65CF66B5B8281 ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:00:47.0298 3924 LMS - ok
16:00:47.0314 3924 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:00:47.0314 3924 LSI_FC - ok
16:00:47.0330 3924 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:00:47.0345 3924 LSI_SAS - ok
16:00:47.0361 3924 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:00:47.0361 3924 LSI_SAS2 - ok
16:00:47.0361 3924 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:00:47.0361 3924 LSI_SCSI - ok
16:00:47.0376 3924 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:00:47.0392 3924 luafv - ok
16:00:47.0454 3924 [ AA44024C1796F40D43F2E6C08B47A564 ] McAfee SiteAdvisor Service c:\progra~1\mcafee\sitead~1\McSACore.exe
16:00:47.0454 3924 McAfee SiteAdvisor Service - ok
16:00:47.0486 3924 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:00:47.0486 3924 Mcx2Svc - ok
16:00:47.0501 3924 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:00:47.0501 3924 megasas - ok
16:00:47.0517 3924 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:00:47.0517 3924 MegaSR - ok
16:00:47.0532 3924 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:00:47.0532 3924 MMCSS - ok
16:00:47.0548 3924 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:00:47.0564 3924 Modem - ok
16:00:47.0595 3924 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:00:47.0595 3924 monitor - ok
16:00:47.0610 3924 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:00:47.0610 3924 mouclass - ok
16:00:47.0626 3924 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:00:47.0642 3924 mouhid - ok
16:00:47.0657 3924 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:00:47.0657 3924 mountmgr - ok
16:00:47.0720 3924 [ 2024F4CC36D1954ECD00C07C3BCE6BE3 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:00:47.0735 3924 MozillaMaintenance - ok
16:00:47.0782 3924 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\drivers\mpio.sys
16:00:47.0798 3924 mpio - ok
16:00:47.0829 3924 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:00:47.0829 3924 mpsdrv - ok
16:00:47.0860 3924 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
16:00:47.0860 3924 MpsSvc - ok
16:00:47.0876 3924 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:00:47.0876 3924 MRxDAV - ok
16:00:47.0891 3924 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:00:47.0907 3924 mrxsmb - ok
16:00:47.0938 3924 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:00:47.0954 3924 mrxsmb10 - ok
16:00:48.0000 3924 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:00:48.0016 3924 mrxsmb20 - ok
16:00:48.0047 3924 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
16:00:48.0047 3924 msahci - ok
16:00:48.0094 3924 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:00:48.0094 3924 msdsm - ok
16:00:48.0110 3924 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:00:48.0125 3924 MSDTC - ok
16:00:48.0156 3924 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:00:48.0156 3924 Msfs - ok
16:00:48.0172 3924 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:00:48.0188 3924 mshidkmdf - ok
16:00:48.0219 3924 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:00:48.0219 3924 msisadrv - ok
16:00:48.0234 3924 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:00:48.0234 3924 MSiSCSI - ok
16:00:48.0234 3924 msiserver - ok
16:00:48.0250 3924 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:00:48.0250 3924 MSKSSRV - ok
16:00:48.0266 3924 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:00:48.0266 3924 MSPCLOCK - ok
16:00:48.0266 3924 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:00:48.0281 3924 MSPQM - ok
16:00:48.0297 3924 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:00:48.0312 3924 MsRPC - ok
16:00:48.0344 3924 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:00:48.0344 3924 mssmbios - ok
16:00:48.0375 3924 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:00:48.0375 3924 MSTEE - ok
16:00:48.0390 3924 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:00:48.0390 3924 MTConfig - ok
16:00:48.0406 3924 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:00:48.0406 3924 Mup - ok
16:00:48.0437 3924 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
16:00:48.0437 3924 napagent - ok
16:00:48.0453 3924 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:00:48.0468 3924 NativeWifiP - ok
16:00:48.0515 3924 [ F2840DBFE9322F35557219AE82CC4597 ] NAV C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
16:00:48.0515 3924 NAV - ok
16:00:48.0593 3924 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130320.017\NAVENG.SYS
16:00:48.0593 3924 NAVENG - ok
16:00:48.0624 3924 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130320.017\NAVEX15.SYS
16:00:48.0624 3924 NAVEX15 - ok
16:00:48.0671 3924 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:00:48.0687 3924 NDIS - ok
16:00:48.0702 3924 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:00:48.0702 3924 NdisCap - ok
16:00:48.0718 3924 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:00:48.0734 3924 NdisTapi - ok
16:00:48.0749 3924 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:00:48.0749 3924 Ndisuio - ok
16:00:48.0765 3924 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:00:48.0765 3924 NdisWan - ok
16:00:48.0765 3924 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:00:48.0780 3924 NDProxy - ok
16:00:48.0812 3924 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:00:48.0812 3924 NetBIOS - ok
16:00:48.0827 3924 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:00:48.0827 3924 NetBT - ok
16:00:48.0843 3924 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
16:00:48.0843 3924 Netlogon - ok
16:00:48.0874 3924 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:00:48.0874 3924 Netman - ok
16:00:48.0905 3924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:00:48.0921 3924 NetMsmqActivator - ok
16:00:48.0921 3924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:00:48.0921 3924 NetPipeActivator - ok
16:00:48.0936 3924 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:00:48.0952 3924 netprofm - ok
16:00:48.0952 3924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:00:48.0952 3924 NetTcpActivator - ok
16:00:48.0952 3924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:00:48.0952 3924 NetTcpPortSharing - ok
16:00:48.0968 3924 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:00:48.0983 3924 nfrd960 - ok
16:00:49.0046 3924 [ 03B715E6C78036B1552B0CA842FC6F4D ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
16:00:49.0046 3924 NitroReaderDriverReadSpool2 - ok
16:00:49.0061 3924 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
16:00:49.0061 3924 NlaSvc - ok
16:00:49.0077 3924 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:00:49.0077 3924 Npfs - ok
16:00:49.0077 3924 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:00:49.0077 3924 nsi - ok
16:00:49.0108 3924 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:00:49.0108 3924 nsiproxy - ok
16:00:49.0139 3924 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:00:49.0155 3924 Ntfs - ok
16:00:49.0202 3924 [ 070EC05D5B1447E9BBF4167980AD7518 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
16:00:49.0202 3924 NTI IScheduleSvc - ok
16:00:49.0233 3924 [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
16:00:49.0248 3924 NTIDrvr - ok
16:00:49.0280 3924 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:00:49.0280 3924 Null - ok
16:00:49.0311 3924 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:00:49.0311 3924 nvraid - ok
16:00:49.0326 3924 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:00:49.0326 3924 nvstor - ok
16:00:49.0373 3924 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:00:49.0389 3924 nv_agp - ok
16:00:49.0389 3924 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:00:49.0389 3924 ohci1394 - ok
16:00:49.0436 3924 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:00:49.0467 3924 ose - ok
16:00:49.0560 3924 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:00:49.0623 3924 osppsvc - ok
16:00:49.0638 3924 [ 37D3E66567E5082A783BEA33CF69837C ] P1130VID C:\Windows\system32\DRIVERS\P1130Vid.sys
16:00:49.0654 3924 P1130VID - ok
16:00:49.0685 3924 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:00:49.0701 3924 p2pimsvc - ok
16:00:49.0716 3924 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:00:49.0716 3924 p2psvc - ok
16:00:49.0748 3924 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:00:49.0748 3924 Parport - ok
16:00:49.0779 3924 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:00:49.0794 3924 partmgr - ok
16:00:49.0810 3924 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:00:49.0810 3924 Parvdm - ok
16:00:49.0826 3924 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:00:49.0826 3924 PcaSvc - ok
16:00:49.0841 3924 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\drivers\pci.sys
16:00:49.0841 3924 pci - ok
16:00:49.0872 3924 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:00:49.0888 3924 pciide - ok
16:00:49.0919 3924 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:00:49.0935 3924 pcmcia - ok
16:00:49.0950 3924 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:00:49.0950 3924 pcw - ok
16:00:49.0982 3924 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:00:49.0997 3924 PEAUTH - ok
16:00:50.0013 3924 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:00:50.0044 3924 PeerDistSvc - ok
16:00:50.0091 3924 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
16:00:50.0122 3924 pla - ok
16:00:50.0138 3924 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:00:50.0138 3924 PlugPlay - ok
16:00:50.0153 3924 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:00:50.0153 3924 PNRPAutoReg - ok
16:00:50.0153 3924 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:00:50.0169 3924 PNRPsvc - ok
16:00:50.0184 3924 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:00:50.0184 3924 PolicyAgent - ok
16:00:50.0216 3924 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
16:00:50.0216 3924 Power - ok
16:00:50.0231 3924 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:00:50.0247 3924 PptpMiniport - ok
16:00:50.0247 3924 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:00:50.0262 3924 Processor - ok
16:00:50.0294 3924 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
16:00:50.0294 3924 ProfSvc - ok
16:00:50.0294 3924 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:00:50.0309 3924 ProtectedStorage - ok
16:00:50.0309 3924 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:00:50.0309 3924 Psched - ok
16:00:50.0356 3924 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:00:50.0403 3924 ql2300 - ok
16:00:50.0418 3924 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:00:50.0418 3924 ql40xx - ok
16:00:50.0450 3924 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:00:50.0450 3924 QWAVE - ok
16:00:50.0465 3924 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:00:50.0465 3924 QWAVEdrv - ok
16:00:50.0496 3924 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:00:50.0496 3924 RasAcd - ok
16:00:50.0528 3924 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:00:50.0528 3924 RasAgileVpn - ok
16:00:50.0543 3924 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:00:50.0543 3924 RasAuto - ok
16:00:50.0559 3924 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:00:50.0559 3924 Rasl2tp - ok
16:00:50.0574 3924 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
16:00:50.0574 3924 RasMan - ok
16:00:50.0590 3924 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:00:50.0590 3924 RasPppoe - ok
16:00:50.0606 3924 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:00:50.0606 3924 RasSstp - ok
16:00:50.0652 3924 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:00:50.0652 3924 rdbss - ok
16:00:50.0668 3924 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:00:50.0668 3924 rdpbus - ok
16:00:50.0668 3924 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:00:50.0684 3924 RDPCDD - ok
16:00:50.0699 3924 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:00:50.0699 3924 RDPDR - ok
16:00:50.0715 3924 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:00:50.0730 3924 RDPENCDD - ok
16:00:50.0730 3924 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:00:50.0730 3924 RDPREFMP - ok
16:00:50.0762 3924 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:00:50.0762 3924 RDPWD - ok
16:00:50.0777 3924 [ 65DB288F7372B1F632891FC32BF908B7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:00:50.0777 3924 rdyboost - ok
16:00:50.0824 3924 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:00:50.0824 3924 RemoteAccess - ok
16:00:50.0855 3924 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:00:50.0855 3924 RemoteRegistry - ok
16:00:50.0871 3924 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:00:50.0871 3924 RFCOMM - ok
16:00:50.0886 3924 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:00:50.0886 3924 RpcEptMapper - ok
16:00:50.0902 3924 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:00:50.0902 3924 RpcLocator - ok
16:00:50.0918 3924 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
16:00:50.0933 3924 RpcSs - ok
16:00:50.0949 3924 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:00:50.0964 3924 rspndr - ok
16:00:50.0996 3924 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:00:50.0996 3924 s3cap - ok
16:00:51.0011 3924 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
16:00:51.0011 3924 SamSs - ok
16:00:51.0042 3924 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:00:51.0042 3924 sbp2port - ok
16:00:51.0058 3924 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:00:51.0058 3924 SCardSvr - ok
16:00:51.0074 3924 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:00:51.0074 3924 scfilter - ok
16:00:51.0105 3924 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
16:00:51.0120 3924 Schedule - ok
16:00:51.0136 3924 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:00:51.0136 3924 SCPolicySvc - ok
16:00:51.0152 3924 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:00:51.0152 3924 SDRSVC - ok
16:00:51.0198 3924 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:00:51.0198 3924 SeaPort - ok
16:00:51.0230 3924 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:00:51.0230 3924 secdrv - ok
16:00:51.0245 3924 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:00:51.0245 3924 seclogon - ok
16:00:51.0292 3924 [ 9EA693D8F147402A1AE3C3A050FA3DC7 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
16:00:51.0339 3924 SecureStorageService - ok
16:00:51.0354 3924 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:00:51.0354 3924 SENS - ok
16:00:51.0370 3924 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:00:51.0370 3924 SensrSvc - ok
16:00:51.0386 3924 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:00:51.0386 3924 Serenum - ok
16:00:51.0417 3924 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:00:51.0432 3924 Serial - ok
16:00:51.0448 3924 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:00:51.0448 3924 sermouse - ok
16:00:51.0479 3924 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
16:00:51.0479 3924 SessionEnv - ok
16:00:51.0510 3924 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:00:51.0510 3924 sffdisk - ok
16:00:51.0526 3924 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:00:51.0526 3924 sffp_mmc - ok
16:00:51.0542 3924 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:00:51.0542 3924 sffp_sd - ok
16:00:51.0557 3924 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:00:51.0573 3924 sfloppy - ok
16:00:51.0604 3924 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:00:51.0604 3924 SharedAccess - ok
16:00:51.0651 3924 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:00:51.0666 3924 ShellHWDetection - ok
16:00:51.0682 3924 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:00:51.0682 3924 sisagp - ok
16:00:51.0713 3924 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:00:51.0729 3924 SiSRaid2 - ok
16:00:51.0760 3924 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:00:51.0760 3924 SiSRaid4 - ok
16:00:51.0776 3924 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:00:51.0776 3924 SkypeUpdate - ok
16:00:51.0791 3924 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:00:51.0791 3924 Smb - ok
16:00:51.0807 3924 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:00:51.0807 3924 SNMPTRAP - ok
16:00:51.0822 3924 [ 68875C06978DE61BF86112D5A154B04B ] SNXPPALX C:\Windows\system32\DRIVERS\snxppalx.sys
16:00:51.0838 3924 SNXPPALX - ok
16:00:51.0854 3924 [ 818BDC4057BEE7E92EB88510728895D8 ] SNXPSERX C:\Windows\system32\DRIVERS\snxpserx.sys
16:00:51.0869 3924 SNXPSERX - ok
16:00:51.0900 3924 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:00:51.0916 3924 spldr - ok
16:00:51.0932 3924 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
16:00:51.0932 3924 Spooler - ok
16:00:51.0994 3924 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
16:00:52.0056 3924 sppsvc - ok
16:00:52.0072 3924 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:00:52.0072 3924 sppuinotify - ok
16:00:52.0134 3924 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NAV\1309010.00E\SRTSP.SYS
16:00:52.0150 3924 SRTSP - ok
16:00:52.0166 3924 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NAV\1309010.00E\SRTSPX.SYS
16:00:52.0166 3924 SRTSPX - ok
16:00:52.0197 3924 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:00:52.0212 3924 srv - ok
16:00:52.0228 3924 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:00:52.0244 3924 srv2 - ok
16:00:52.0275 3924 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:00:52.0275 3924 srvnet - ok
16:00:52.0290 3924 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:00:52.0290 3924 SSDPSRV - ok
16:00:52.0322 3924 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:00:52.0322 3924 SstpSvc - ok
16:00:52.0337 3924 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:00:52.0353 3924 stexstor - ok
16:00:52.0384 3924 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
16:00:52.0384 3924 StiSvc - ok
16:00:52.0415 3924 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:00:52.0415 3924 storflt - ok
16:00:52.0415 3924 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
16:00:52.0415 3924 StorSvc - ok
16:00:52.0446 3924 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:00:52.0446 3924 storvsc - ok
16:00:52.0478 3924 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:00:52.0478 3924 swenum - ok
16:00:52.0493 3924 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:00:52.0493 3924 swprv - ok
16:00:52.0524 3924 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NAV\1309010.00E\SYMDS.SYS
16:00:52.0524 3924 SymDS - ok
16:00:52.0556 3924 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NAV\1309010.00E\SYMEFA.SYS
16:00:52.0571 3924 SymEFA - ok
16:00:52.0618 3924 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
16:00:52.0634 3924 SymEvent - ok
16:00:52.0665 3924 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NAV\1309010.00E\Ironx86.SYS
16:00:52.0665 3924 SymIRON - ok
16:00:52.0727 3924 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\NAV\1309010.00E\SYMNETS.SYS
16:00:52.0727 3924 SymNetS - ok
16:00:52.0758 3924 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
16:00:52.0774 3924 SysMain - ok
16:00:52.0790 3924 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:00:52.0790 3924 TabletInputService - ok
16:00:52.0805 3924 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
16:00:52.0805 3924 TapiSrv - ok
16:00:52.0821 3924 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:00:52.0821 3924 TBS - ok
16:00:52.0899 3924 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:00:52.0946 3924 Tcpip - ok
16:00:52.0977 3924 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:00:52.0977 3924 TCPIP6 - ok
16:00:53.0008 3924 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:00:53.0008 3924 tcpipreg - ok
16:00:53.0024 3924 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:00:53.0039 3924 TDPIPE - ok
16:00:53.0055 3924 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:00:53.0070 3924 TDTCP - ok
16:00:53.0086 3924 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:00:53.0102 3924 tdx - ok
16:00:53.0117 3924 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:00:53.0117 3924 TermDD - ok
16:00:53.0148 3924 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
16:00:53.0164 3924 TermService - ok
16:00:53.0164 3924 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:00:53.0164 3924 Themes - ok
16:00:53.0180 3924 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:00:53.0180 3924 THREADORDER - ok
16:00:53.0211 3924 [ CE92B84ED806F1C5C340A51DFD3E49BC ] TlntSvr C:\Windows\System32\tlntsvr.exe
16:00:53.0226 3924 TlntSvr - ok
16:00:53.0258 3924 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:00:53.0258 3924 TrkWks - ok
16:00:53.0289 3924 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:00:53.0304 3924 TrustedInstaller - ok
16:00:53.0336 3924 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:00:53.0351 3924 tssecsrv - ok
16:00:53.0367 3924 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:00:53.0367 3924 tunnel - ok
16:00:53.0382 3924 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:00:53.0398 3924 uagp35 - ok
16:00:53.0429 3924 [ D79C0B9BB011218B93705CBF77FA3E5E ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
16:00:53.0429 3924 UBHelper - ok
16:00:53.0460 3924 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:00:53.0460 3924 udfs - ok
16:00:53.0492 3924 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:00:53.0492 3924 UI0Detect - ok
16:00:53.0507 3924 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:00:53.0507 3924 uliagpkx - ok
16:00:53.0538 3924 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\drivers\umbus.sys
16:00:53.0538 3924 umbus - ok
16:00:53.0554 3924 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:00:53.0554 3924 UmPass - ok
16:00:53.0570 3924 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
16:00:53.0570 3924 UmRdpService - ok
16:00:53.0632 3924 [ C6142B8CB72558D91CEA8E38F1B7D905 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:00:53.0679 3924 UNS - ok
16:00:53.0710 3924 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:00:53.0710 3924 Updater Service - ok
16:00:53.0741 3924 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:00:53.0741 3924 upnphost - ok
16:00:53.0757 3924 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:00:53.0772 3924 USBAAPL - ok
16:00:53.0804 3924 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:00:53.0804 3924 usbccgp - ok
16:00:53.0835 3924 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:00:53.0835 3924 usbcir - ok
16:00:53.0866 3924 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:00:53.0866 3924 usbehci - ok
16:00:53.0866 3924 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\drivers\usbhub.sys
16:00:53.0882 3924 usbhub - ok
16:00:53.0882 3924 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:00:53.0897 3924 usbohci - ok
16:00:53.0928 3924 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:00:53.0944 3924 usbprint - ok
16:00:53.0991 3924 [ B5E6C4F280EBF0B16F74A5B415F2E0DF ] USBS3S4Detection C:\oem\usbdectionx86\USBS3S4Detection.exe
16:00:53.0991 3924 USBS3S4Detection - ok
16:00:54.0022 3924 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:00:54.0022 3924 USBSTOR - ok
16:00:54.0038 3924 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:00:54.0053 3924 usbuhci - ok
16:00:54.0069 3924 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:00:54.0069 3924 UxSms - ok
16:00:54.0084 3924 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
16:00:54.0084 3924 VaultSvc - ok
16:00:54.0100 3924 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:00:54.0100 3924 vdrvroot - ok
16:00:54.0131 3924 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
16:00:54.0162 3924 vds - ok
16:00:54.0178 3924 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:00:54.0194 3924 vga - ok
16:00:54.0194 3924 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:00:54.0209 3924 VgaSave - ok
16:00:54.0240 3924 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:00:54.0240 3924 vhdmp - ok
16:00:54.0272 3924 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:00:54.0272 3924 viaagp - ok
16:00:54.0287 3924 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:00:54.0287 3924 ViaC7 - ok
16:00:54.0303 3924 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:00:54.0303 3924 viaide - ok
16:00:54.0334 3924 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:00:54.0334 3924 vmbus - ok
16:00:54.0334 3924 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:00:54.0334 3924 VMBusHID - ok
16:00:54.0350 3924 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:00:54.0350 3924 volmgr - ok
16:00:54.0365 3924 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:00:54.0381 3924 volmgrx - ok
16:00:54.0412 3924 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:00:54.0412 3924 volsnap - ok
16:00:54.0412 3924 [ 33E74DF34753FCAAB06F6F2BDC8CABF5 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
16:00:54.0428 3924 vpcbus - ok
16:00:54.0443 3924 [ 5F04362CEB5FB5901037E9D9EADD3760 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
16:00:54.0443 3924 vpcnfltr - ok
16:00:54.0474 3924 [ 625088D6EE9EDE977FD03CF18D1CD5C5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
16:00:54.0474 3924 vpcusb - ok
16:00:54.0506 3924 [ 1023C696D42268E9071BB376DBEC8396 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
16:00:54.0506 3924 vpcvmm - ok
16:00:54.0521 3924 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:00:54.0521 3924 vsmraid - ok
16:00:54.0568 3924 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
16:00:54.0615 3924 VSS - ok
16:00:54.0615 3924 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:00:54.0615 3924 vwifibus - ok
16:00:54.0630 3924 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:00:54.0630 3924 W32Time - ok
16:00:54.0662 3924 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:00:54.0662 3924 WacomPen - ok
16:00:54.0677 3924 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:00:54.0677 3924 WANARP - ok
16:00:54.0677 3924 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:00:54.0677 3924 Wanarpv6 - ok
16:00:54.0724 3924 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:00:54.0755 3924 WatAdminSvc - ok
16:00:54.0786 3924 [ E5D696B25ACC9AA66DC8E6555B21C962 ] WavxDMgr C:\Windows\system32\DRIVERS\WavxDMgr.sys
16:00:54.0786 3924 WavxDMgr - ok
16:00:54.0849 3924 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
16:00:54.0864 3924 wbengine - ok
16:00:54.0896 3924 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:00:54.0896 3924 WbioSrvc - ok
16:00:54.0911 3924 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:00:54.0911 3924 wcncsvc - ok
16:00:54.0911 3924 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:00:54.0927 3924 WcsPlugInService - ok
16:00:54.0942 3924 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:00:54.0942 3924 Wd - ok
16:00:54.0958 3924 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:00:54.0958 3924 Wdf01000 - ok
16:00:54.0974 3924 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:00:54.0974 3924 WdiServiceHost - ok
16:00:54.0974 3924 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:00:54.0974 3924 WdiSystemHost - ok
16:00:55.0005 3924 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
16:00:55.0005 3924 WebClient - ok
16:00:55.0020 3924 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:00:55.0020 3924 Wecsvc - ok
16:00:55.0036 3924 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:00:55.0036 3924 wercplsupport - ok
16:00:55.0052 3924 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:00:55.0052 3924 WerSvc - ok
16:00:55.0067 3924 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:00:55.0067 3924 WfpLwf - ok
16:00:55.0098 3924 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:00:55.0098 3924 WIMMount - ok
16:00:55.0145 3924 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:00:55.0192 3924 WinDefend - ok
16:00:55.0192 3924 WinHttpAutoProxySvc - ok
16:00:55.0270 3924 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:00:55.0270 3924 Winmgmt - ok
16:00:55.0317 3924 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
16:00:55.0332 3924 WinRM - ok
16:00:55.0379 3924 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\drivers\WinUSB.sys
16:00:55.0395 3924 WinUsb - ok
16:00:55.0426 3924 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:00:55.0442 3924 Wlansvc - ok
16:00:55.0535 3924 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:00:55.0535 3924 wlidsvc - ok
16:00:55.0582 3924 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:00:55.0582 3924 WmiAcpi - ok
16:00:55.0598 3924 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:00:55.0598 3924 wmiApSrv - ok
16:00:55.0644 3924 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:00:55.0676 3924 WMPNetworkSvc - ok
16:00:55.0707 3924 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:00:55.0722 3924 WPCSvc - ok
16:00:55.0722 3924 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:00:55.0722 3924 WPDBusEnum - ok
16:00:55.0738 3924 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:00:55.0754 3924 ws2ifsl - ok
16:00:55.0754 3924 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:00:55.0754 3924 wscsvc - ok
16:00:55.0754 3924 WSearch - ok
16:00:55.0816 3924 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:00:55.0847 3924 wuauserv - ok
16:00:55.0863 3924 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:00:55.0878 3924 WudfPf - ok
16:00:55.0878 3924 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:00:55.0878 3924 WUDFRd - ok
16:00:55.0894 3924 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:00:55.0894 3924 wudfsvc - ok
16:00:55.0910 3924 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:00:55.0910 3924 WwanSvc - ok
16:00:55.0910 3924 ================ Scan global ===============================
16:00:55.0988 3924 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
16:00:56.0034 3924 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
16:00:56.0050 3924 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
16:00:56.0081 3924 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:00:56.0097 3924 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:00:56.0097 3924 [Global] - ok
16:00:56.0097 3924 ================ Scan MBR ==================================
16:00:56.0128 3924 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:00:56.0362 3924 \Device\Harddisk0\DR0 - ok
16:00:56.0362 3924 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
16:00:56.0362 3924 \Device\Harddisk1\DR1 - ok
16:00:56.0362 3924 ================ Scan VBR ==================================
16:00:56.0362 3924 [ C8B7214408FAE29919BF203ABDABDF72 ] \Device\Harddisk0\DR0\Partition1
16:00:56.0378 3924 \Device\Harddisk0\DR0\Partition1 - ok
16:00:56.0393 3924 [ FD138039A161E771C8E48A015664E9AA ] \Device\Harddisk0\DR0\Partition2
16:00:56.0393 3924 \Device\Harddisk0\DR0\Partition2 - ok
16:00:56.0424 3924 [ F1AFB3179D6318998FFE10005E8BEEBD ] \Device\Harddisk0\DR0\Partition3
16:00:56.0424 3924 \Device\Harddisk0\DR0\Partition3 - ok
16:00:56.0424 3924 [ A20A577F66CB316AE8869DF3C84FE2A8 ] \Device\Harddisk1\DR1\Partition1
16:00:56.0424 3924 \Device\Harddisk1\DR1\Partition1 - ok
16:00:56.0424 3924 ============================================================
16:00:56.0424 3924 Scan finished
16:00:56.0424 3924 ============================================================
16:00:56.0440 1240 Detected object count: 0
16:00:56.0440 1240 Actual detected object count: 0
16:01:02.0524 5668 Deinitialize success
  • 0

#9
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Satchfan,
to exclude another possible source, i installed today a PCI Ethernet card in the PC. The card was correctly installed by Win 7, but the network connection did not came on, but remained in "indentifying"....basically it does not get an IP address allocated. The router on which i work is ok, since all other PC's on this router work fine. So we can already exclude a hardware defect in the Ethernet port on the motherboard which i have been trying to use up to now. I uninstalled the PCI adapter afterwards...so clearly some software is blocking my network acces for one or the other reason...
  • 0

#10
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
It seems there is a problem with one of the services that is required for your Internet connection. Let’s see what we can find.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning:

    :filefind
    afd.sys
    
    :reg
    HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\AFD
    
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Satchfan
  • 0

Advertisements


#11
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Requested log attached below

SystemLook 30.07.11 by jpshortstuff
Log created at 16:40 on 03/04/2013 by Computer
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\Windows\System32\drivers\afd.sys --a---- 338944 bytes [13:23 16/06/2011] [02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 338944 bytes [13:23 16/06/2011] [02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys --a---- 338944 bytes [13:23 16/06/2011] [02:27 25/04/2011] C114AB7A1550D42EA1700FFD4179CF5A
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 338944 bytes [15:14 21/06/2011] [08:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 338944 bytes [13:23 16/06/2011] [02:18 25/04/2011] 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [13:23 16/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5

========== reg ==========

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\AFD]
"BootFlags"= 0x0000000001 (1)
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
"Group"="PNP_TDI"
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\AFD\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\AFD\Enum]


-= EOF =-
  • 0

#12
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
I need to look at another registry entry.

Run systemLook again.

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning:

    :reg
    [HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\AFD\Enum]
    
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Satchfan
  • 0

#13
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Here the requested log,

SystemLook 30.07.11 by jpshortstuff
Log created at 18:42 on 03/04/2013 by Computer
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\AFD\Enum]
"0"="Root\LEGACY_AFD\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)
  • 0

#14
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Check that your DHCP Service is running:

  • click on Start
  • type services.msc in the start search bar then press Enter
  • locate the "DHCP Client" line and make sure its status is Started and “Startup Type” is Automatic
.

Next

Try resetting your IP stack:

  • click on Start, Run - (alternatively use Windows key+R), type cmd and click OK.
  • at the command prompt, copy and paste (or type) the following command and then press Enter:

    netsh int ip reset c:\resetlog.txt
  • reboot the computer.
Any success?

Satchfan
  • 0

#15
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Satchfan,
DHCP service is not running and i cannot start it, i get a message saying:
1068 Dependency service or group cannot be started

I then ran the netsh command you provided and rebooted the computer, but still no network connectivity,
i also could not find a file resetlog.txt....

I have no idea which service is causing this, i have seen messages in the Win event log pointing to the ancillary driver, but i am not sure this is a consequence of something else of the issue....
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP