Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Data bundle leakage & possible rootkit


  • Please log in to reply

#1
Stefan1274

Stefan1274

    New Member

  • Member
  • Pip
  • 3 posts
Hi geeks,

I have the following problem(s), which I believe should fairly wide spread.


Symptoms/history:

* Very high leakage of data. E.g. I would veeery slowly browse FB without loading many photo's etc. only to see my bundle going down by like 30MB in 30 minutes.

* Unable to turn Windows FireWall on. Got the 0x80070424 error. Tried the whole "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE" registry fix story, didn't work

* Also this weird symptom; couldn't download any files directly in my browsers (Chrome, FF and IE). It would seemingly download nicely, but when the download was complete I couldn't access the file. Nowhere to be found in my downloads folders. I tried e.g. downloading AVG trial, above mentioned happened. Then tried via p2p. The .torrent file (minimal kB's) would even do as mentioned above. When I downloaded the .torrent on my phone and ran it on PC through USB, the bittorrent software would work fine.


What I did thus far:

* Confirmed that it is not p2p seeding that is the root of my problem; i.e. completely turning of bittorrent

* Installed NetSpeedMonitor. Shows me the high U/D rates I suspected

* Manually killing tasks in taskmanager with questionable success

* Checking network usage in taskmanager/resource monitor. Only seeing bunch of stuff that I don't recognize. Did see one or two suspicious IP's with high transfer rates. It said that it was svchost, but the location is the IP, not my computer's name...

* Tried blocking these IP's with firewall, only to discover it does not want to enable (the whole 0x80070424 error)

* Tried the registry fix for firewall with no success (still doesn't want to enable)

* NOT installed/enabled/run any conventional antivirus

* NOT installed/enabled/run any trojan/rootkit removal stuff

* DID run OTL quick scan with .txt log as attached at end of this post


My system:

Windows Ultimate Ver 6.1 Buil 7600, 32-bit

NO antivirus

NO anti-malware stuff

Firefox 24.0

Thanks, Stefan (South Africa)

OTL.txt and extras.txt (scroll down):

OTL.txt

OTL logfile created on: 2013/10/07 15:26:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.39% Memory free
7.00 Gb Paging File | 5.76 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 3.73 Gb Free Space | 3.82% Space Free | Partition Type: NTFS
Drive D: | 368.00 Gb Total Space | 22.75 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
Drive E: | 4.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 298.09 Gb Total Space | 30.34 Gb Free Space | 10.18% Space Free | Partition Type: NTFS
Drive I: | 564.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/07 15:25:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Downloads\OTL.exe
PRC - [2013/10/04 04:26:28 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/19 08:21:27 | 000,239,616 | RHS- | M] (NoVirusThanks Company Srl) -- C:\Users\Stefan\AppData\Local\Temp\csrss.exe
PRC - [2013/09/16 16:03:46 | 000,573,952 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2013/09/12 15:00:22 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/08/23 11:17:18 | 000,107,520 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/11/06 12:46:42 | 002,611,328 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2012/06/20 18:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2012/05/15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/03/01 17:47:46 | 002,421,760 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/04 04:26:28 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/09/12 15:00:22 | 016,177,544 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2009/07/14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/08/28 23:14:10 | 000,759,648 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{2e754a38-a09f-89b0-736a-408075ef620d}\ \...\ﯹ๛\{2e754a38-a09f-89b0-736a-408075ef620d}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{2e754a38-a09f-89b0-736a-408075ef620d}\ \...\???\{2e754a38-a09f-89b0-736a-408075ef620d}\GoogleUpdate.exe <] -- (etadpug)
SRV - [2013/10/04 04:26:28 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/27 22:00:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/16 16:03:46 | 000,573,952 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/08/23 11:17:18 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/07/18 16:24:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/07/18 16:24:29 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2013/03/27 00:08:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/05/15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011/03/09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/10/05 08:07:08 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2006/10/26 13:45:00 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\iBurstu.sys -- (iBurstu)
DRV - [2013/02/24 12:08:26 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/05/15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/18 15:43:26 | 000,085,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/04/18 15:43:26 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/04/18 15:43:26 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/04/18 15:43:24 | 000,191,872 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/04/18 15:43:24 | 000,168,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2011/04/18 15:43:24 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/04/18 15:43:22 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/01/04 17:35:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:02:53 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.you...938&lg=EN&cc=ZA
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.you...938&lg=EN&cc=ZA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.search....F6214E}&serpv=5
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5C49C060-6DEE-4BE9-8C91-B03DBFF55B81}: "URL" = http://search.us.com...k={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.you...938&lg=EN&cc=ZA
IE - HKCU\..\SearchScopes\{D735BCC8-CE8F-4074-A6F9-39F6424517E8}: "URL" = http://search.yahoo....petb&type=10547
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://start.search....6214E}&serpv=5"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Stefan\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\Stefan\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/04 04:26:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/04 04:26:25 | 000,000,000 | ---D | M]

[2013/09/12 14:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions
[2013/09/27 21:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions
[2013/10/04 04:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/04 04:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/04 04:26:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/01 15:30:44 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2012/06/20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Microsoft Windows Hosting Service] C:\Users\Stefan\AppData\Local\Temp\csrss.exe (NoVirusThanks Company Srl)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKCU..\Run: [Microsoft Windows Hosting Service] C:\Users\Stefan\AppData\Local\Temp\csrss.exe (NoVirusThanks Company Srl)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
F3 - HKCU WinNT: Load - (c:\users\stefan\dxmwpq.exe) - c:\Users\Stefan\dxmwpq.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3212083974 = 50 4B 03 04 C2 39 B7 F8 06 83 74 BF B5 11 00 00 00 40 00 00 E2 69 F6 3D 73 59 4F 62 02 C9 69 42 80 CC 96 A2 8B BD 63 51 6F E3 C2 D5 F7 A2 FF 87 AC 3A 99 0C 3E C3 B2 ED 7B 07 71 62 37 A0 DF B1 DF B6 51 F6 7E 31 CB 2E 76 49 F9 8D 5E 55 E9 B2 5B 1A 57 97 94 98 9B 17 6C 35 7B DC C1 12 26 BD 6E CB 7D E8 A6 3E A2 16 5F 6B 31 EA D6 B0 A2 A9 6A 6E 9D 04 B9 B3 9F 19 4E F5 2D 48 B0 88 D4 B6 59 7F 68 5A 70 FF 69 12 91 4F 86 D8 23 56 81 74 7D A2 6C FD 83 22 3D 3D 24 88 72 C5 10 95 48 46 34 EB F9 76 E4 59 5F 73 4B D3 5C AF 42 B3 8D CF 9E 87 8A F0 BE 0A 5E 84 B2 29 40 F7 21 E8 BB CD CB AA 3E 53 60 73 59 25 2D B1 6C 0D 6C 38 A1 42 26 1B B4 89 6D 12 A4 8C 00 6C C3 C2 1F DF 71 7C 15 5B 2A F0 37 5D 25 45 EE 28 6C 2A EC B2 95 52 06 EF 25 C8 2D C6 86 F7 EB 83 BB 30 72 E9 4E 1E 59 25 4B 11 A2 E3 62 8E 1D 98 E1 77 37 5B 54 E6 82 A1 C7 7F 98 6E 19 07 FF CB 78 4A CC AC B1 24 18 97 51 D7 EB BA FC 91 D3 A1 27 F1 34 A8 5E 27 F8 C2 01 D9 08 2F 62 1F 5F FF AC 09 D2 AA B9 4A 62 F9 0B D7 4D 6C 96 A8 DB 6D 42 E4 E9 83 16 44 9D 20 2A 4E 24 85 76 73 E2 A5 0B 7D FD 9D 5A F7 2A 21 A1 9A 92 2A CC 96 75 BA 93 3A 1C 6A D4 E0 A1 14 70 FB B8 2E ED 7A 79 C5 CA 2D BB 0B EC 5B 2B 43 BA A3 73 73 D3 EF 49 47 26 D7 CF 4A 4A A8 A3 D6 A5 C2 06 CE D4 91 48 C0 10 0B FA 96 B7 07 BE 91 B8 55 15 1D 8D A8 E0 72 3D D1 30 33 25 01 1B 39 51 C9 DF 7B 10 E9 B1 53 BC ED 98 37 6C 4D 75 17 F2 E0 E2 3A 98 69 14 B2 B0 F9 78 45 44 41 C4 7B 57 97 D9 24 CE 9C D1 86 D7 4D 30 80 99 EE 52 F2 26 E9 2D E6 B5 0E 4A 06 91 F7 5C FA 9C E7 33 49 4B 8C AF AE B4 BE 4C 65 F6 C9 DF FA 34 A3 C2 ED 9D 14 F5 84 41 64 BE 79 B7 A9 04 95 29 03 50 17 7B 03 AE FA 77 7F F5 19 B6 24 E3 C7 5C 21 92 60 AC 44 7B BA 9A 6D B5 6F 34 B3 40 A5 F7 58 37 FA B3 C3 38 31 A3 BC 39 C2 91 4A EB 87 A3 95 45 BD 7E D5 24 50 EB 7E 94 D5 38 0E 2B AB CE 3F 8E E6 E3 CD C9 D4 ED 54 D9 88 9D 9D BD 0D C8 79 CA A2 B1 21 04 8A 30 8A 7F 87 32 52 DA D2 4E A8 F8 91 1E A0 A3 B2 02 DE 93 0A 9F C8 82 CF 13 49 FF E2 29 01 6B 2E BF D7 82 1B 89 86 D3 1D EC CB C2 96 BA 54 FD 6D 86 4C 91 5F 1D 77 AC 07 34 D9 6F E0 BA 43 A6 69 FA B1 28 02 6C 7F 90 E9 E1 E0 A7 04 7F 5A 23 78 E4 DE 09 66 EB 6C 21 7B 34 83 19 4B 2B 21 A3 FA 8A 1C BE F1 D6 6A 3F C8 A5 C8 63 BC EA 61 57 98 1A 11 44 9B AE 33 57 F3 28 75 01 CB 9C 24 E0 AF B1 56 F5 DD FD 68 55 CD 8B 7B 43 FE AB D9 41 2C 1C 20 8B 5D E2 33 0C 46 9A 59 DE 5B 49 0C C0 6B FD 5A 49 00 CB 12 1E B9 67 BC 71 85 A9 F0 01 12 A5 B1 E8 D8 02 8C A0 2B 0F 2B 19 4A F0 3C C1 E1 72 B7 0C 9B 88 64 3E 3C 06 4B 54 06 CF 18 4A D9 EB A2 67 36 EF 6F EB 30 DA C8 BA 40 09 33 A3 2A 3C 03 23 0B D7 32 FC BE 16 C4 B3 BD CC 0B 50 16 16 CE 95 6D 96 8B 8D A6 8B 4A 9A 64 23 86 01 E8 1E 78 09 59 61 58 04 31 36 1A 4D D9 FE 96 3D 3C EB A5 C2 1B BA 41 6C 1C C9 D9 4B B8 42 C2 5B 2F D1 2C 8B F4 2C 35 94 82 72 96 5A 3F EC F6 E9 B9 2D 32 D7 E8 4A 40 2A 0B 62 14 A4 12 A2 34 27 E4 85 2C E6 07 FD 9F 7F F8 55 9B BB 96 A9 AE 57 7D F0 C1 9D 10 85 87 D3 72 47 0B E0 D3 E2 7E D6 1F EB 44 2C 2D 65 E5 5B AC 81 C2 78 6C F6 B8 37 EE BC 1B 5A F3 56 34 B2 9F D5 D9 63 47 B5 F9 C7 47 C8 A9 A8 3E 7C B3 C1 88 D9 04 2F 08 FB D4 ED EE BD 65 DE 7C 04 B2 75 B7 FD 74 06 7A 0A E3 03 37 52 AA 55 A4 5A 05 35 58 11 41 6E A4 A5 10 15 11 E9 93 05 B7 00 BD 44 74 2C BD 6A 92 72 B5 CF 40 01 50 5C 40 57 86 6B 57 E4 DE 5E F0 EE 9F 88 B4 19 86 A8 01 19 C9 62 59 49 72 01 1F C0 C3 9B 4A 74 B7 47 47 F5 11 6D 89 6A 0E BC BB 43 87 68 56 72 89 9A F5 4B 80 AE 07 00 89 71 EA 1C 99 7A 89 8E 33 AA B7 69 E4 E5 2F BB EC 97 EB F1 99 CE 76 45 4B AD BD 4E AB 27 2F 1D 1C AA BB 3B 49 B3 AA FC 1E 67 D0 9E E8 FE B0 58 0E 41 4E B4 5F 3F 0C 25 FE 88 87 23 12 FE C2 34 1E 7A 61 00 B2 E0 4E D2 5F CE 13 A1 46 09 8D CE 98 44 6B 2F 38 75 EC B2 69 A8 86 79 56 98 61 9D 33 7D A6 12 F1 9B F8 D4 FE 30 28 E7 9A 26 54 81 28 D1 59 5A F0 BF 98 FF 32 0D C7 3D 87 3F 05 EB D0 7C 87 CA E2 8D F0 67 C0 0D E3 E5 3C C7 7E 80 1E 13 04 19 2C A7 BF 78 AB 28 DB 40 56 43 28 A1 08 F9 F0 DD D8 E1 B0 BA EC CF 16 BF 1D EB 3C C5 C4 B5 F5 14 0F 6B 8A 25 6E 91 28 C2 03 41 8A A3 D9 3E 3F 08 07 89 77 66 7D C0 2D 83 0B B6 86 9D E9 2F 29 A6 5A C6 D2 68 9D 0A 5A 90 88 7A 86 43 11 9D C9 A6 8B 5B 00 BD 59 D4 5D A9 D7 ED 5D AE 6E E6 DA 61 19 24 3F 77 F5 1B 26 32 00 F9 0A BB B6 1C CE 9A 95 17 81 EA 20 12 A2 C8 D7 20 09 06 43 9B 08 E7 E7 6C F9 C9 53 6B 2E 6B 56 0A FD 7C BA A5 04 47 91 EE 17 DE D4 5A DF D9 D3 59 DA C0 A9 F4 ED 15 BF 2C B2 EA 9B 12 B7 CB 11 B5 97 CF 2E 6E 75 0A 6C 63 6F E2 C4 B1 44 F6 FF 43 CC FF DD AE 78 7B E1 60 B0 A8 B4 28 2B 35 A6 AE EC E1 65 81 4E 95 CE 7A DB E4 16 EF 4E 51 86 0C B4 F5 D5 0A F2 A8 6A A4 EE 60 2A 30 AA 54 85 0E 0C B4 A3 8D C3 A1 C7 11 B5 D0 3B 6A 53 EE 10 2A C6 8E 55 3D 11 E5 FB 3D 0A 8E 0E F3 42 66 26 3C A4 A3 E0 B7 6C 55 A9 2F 75 F9 21 CD 61 A5 36 3E 5D B7 73 78 74 D5 7C 65 3D 63 45 72 60 B6 7B 1D F3 30 82 7B 29 21 C2 9F DA 00 45 BB E7 40 4E 40 98 50 39 F7 DB 15 3F 52 B2 C9 41 A5 6E 92 2D CF B6 0B 89 DB EE 32 7E D6 F5 C1 E4 38 27 0F 76 6A 6E D1 73 0F C5 81 A4 AE BC FE 3B 77 26 B2 7D 6B 09 2C F5 A0 B6 95 41 96 CB 4C C2 78 8B 87 22 33 8E E1 89 D9 E2 26 92 59 5F 0D 5B 33 3B 0F 71 5C B8 D9 4A 08 AF B6 31 DB B1 BE 79 A7 73 E8 F1 A4 EA F7 22 0C 24 22 2D DA 43 1B 91 D9 17 5D FA 0C 6A E8 1E 8C 4C 87 9D 64 44 6C F5 6F AE FE 14 87 CA 67 39 A7 76 AE E4 2E F8 BE 40 A6 12 F9 5C DE 3B 1F EE AC 1E 1E 41 A2 4C 92 ED 8B 01 52 E2 47 23 9E 5A 8B C9 03 67 9C A8 C7 B9 46 59 AD 5B 1D 10 55 1F 46 0D 92 4F B6 08 82 FC 90 50 8C 37 23 42 0F 86 F4 CF 10 03 87 E8 08 13 3C C4 29 88 3C 0E 3A CE 91 65 1C 07 5C D1 9D 10 6E 0B 43 7B 03 63 04 8C A1 FE AA F9 29 B8 7A ED 90 AF DE 28 1E DC A0 FA 0C C7 B5 A7 F0 38 07 FA 5A C4 1B 1E D7 31 30 EA C1 11 7C 63 1C 18 18 14 2F 24 D4 20 F6 77 6C B5 3D 4D 03 26 B9 FC 30 08 C3 CA 03 FC 64 9D 87 D3 7F A6 17 B7 4F 28 65 C7 52 98 BE D5 4B 7D 8D C6 76 E2 21 03 74 D8 BF 19 4A E2 FE DA 62 B4 79 89 33 C7 64 CC DD F8 45 33 07 21 FC 21 E6 8C 06 95 CA 73 28 51 03 E2 2A E6 8D A4 40 32 6D FE F9 A8 0D 17 D0 A7 C3 F9 20 E7 B0 AA 80 6E E9 B7 54 9E D9 87 8B 6C FB 50 5A C6 9E 8E 8D 3C FA 71 86 75 76 4C FB 03 86 1D 32 AF AA E1 D9 18 BE 87 F6 A9 AC 0D 81 5C 57 AD 3E 16 7D 64 2F 5F CD DC 25 D4 BA 3A C3 E6 7C 26 A4 DE AA 17 79 7B 3C 06 54 F2 71 EA AA 44 2A 71 CB E1 93 72 AD CB DE 3D F8 B3 FE 49 1E 5A 76 A7 9D 12 91 A0 DE 31 7F FB F9 27 F4 27 82 FA 48 27 0F 2C 96 95 63 B1 83 A4 B0 11 2F 34 97 DD 3C 2A 42 3E C8 34 98 BD BA AC 92 89 10 A9 FB 7F E5 78 8E 45 4C 02 7A 28 F4 A9 1A F2 BF 09 E2 61 F8 5B 0E EE 4F 79 29 E6 3C 40 62 49 6C B0 95 34 BB 6D 03 FF 69 ED 29 15 D0 EA 21 5B 4F B3 D1 04 4E 86 EB 87 DF B4 89 8B CB D5 0E 5C 4D DF BD B8 3B 94 10 E1 AD F9 14 46 C4 3C 95 9E 0E 34 1D 67 A5 A7 EF 87 12 58 6D E3 B8 B9 C5 B6 F8 0F 42 F2 35 BF 68 90 0E BF E6 30 4B B0 D9 F6 74 08 B7 62 01 EC 26 18 0B 4B D7 65 00 DE 4F 0D F8 6D F4 A0 63 AE CE CC A6 9D DF 8A 16 2B 67 A4 B9 80 0F A7 57 0D 5B 55 1A C2 70 3A DC 0F FC ED 00 65 0A 96 CD 81 EC 41 87 B9 0C 6B 21 40 CE 99 C1 93 7C 40 58 7E A7 28 99 89 7E 62 81 15 BC AB 73 B3 D9 F4 25 86 0B 10 9A 67 34 7B 8A 12 1F 65 D0 96 8D 56 A3 DD E6 B8 17 1C EA 61 B0 8A E5 68 B9 D0 3C 39 89 77 CE 86 F7 50 55 23 0E F3 70 CA BF 67 C9 CF 97 C3 22 37 19 55 54 03 F3 E0 BD 2A F0 E1 E8 74 2D EC B0 5F AD B0 22 7F 15 D4 0E E2 D6 DC 5A 49 FE 1E 6B C9 E6 CE DD E7 42 94 C3 BB 6F D5 C5 FE DF AD 67 2D F1 DF FD 21 9B D8 BC 1E C3 91 58 EA B5 07 99 87 55 F5 53 44 1D 01 CD 26 A5 50 1F 6F B2 DB 4F 35 97 51 0F 85 B9 3A 54 25 14 C8 01 3E ED BB FC 91 3D CC E8 B2 0A 57 59 66 5B DF D9 91 9E B2 2A 89 16 3D 86 56 38 6D 85 7C 5B FC 7C 24 1C 1D 72 6C D9 4A B0 F9 2D 5B 0F EF CF 1D 4A BD D2 6F BC 6C 17 A4 CC AC F2 D3 1E 5E 71 30 59 DE 93 C5 9D 3B 8D 3E 8D 03 B5 D6 63 F9 DF AD B0 3E 09 3C B8 4F CF 50 0A 1F 0E 2E 5B A1 C9 D8 1D B1 2C C7 99 C6 53 9A F0 CC 35 68 2D 95 CB 78 9C 74 5A 45 2B D8 B3 8E 6C F0 8E 05 79 DA 1A B4 3A D0 85 8D 03 05 F9 61 B1 5A 79 C1 09 0F 48 67 04 0E A2 BD 36 CF 65 12 AA B4 4C E5 A1 09 8E FE 03 91 34 F2 3B F0 57 77 7F EF 3E 68 E4 58 27 B0 48 79 24 CA D4 E5 F0 B1 C3 B4 F5 A0 E3 85 3B 39 64 0E B0 78 2D 78 88 8F E9 2C 3B 68 62 4E 84 FF 6A 5E DE D8 7B E6 2D 34 CE 85 8F 34 E5 FF FB BA 75 F0 14 DF 0F 64 89 88 B5 1A 72 DE 1F F5 4D 5C 7A 4B 8E CB 10 C5 E9 EF 51 DE 98 C0 1E F8 C4 06 F9 82 4A 0C 15 A2 9E 16 B5 A5 3E 36 43 B0 06 5A 42 63 EC AE 50 D2 CB 97 6D 3D 2E A6 25 5A 65 F1 C6 CC 86 16 7F 17 84 A2 7B 83 20 37 DB 4C E1 E2 62 47 53 34 F3 B2 43 0F 86 C7 A2 44 56 EE A8 2A B6 78 AB A9 1B B4 C0 CC 82 C8 77 B8 0B 6D 35 74 00 72 57 27 2C 3E 12 6C 17 A8 B3 6A A8 AA 94 31 FF 01 BF 65 8F 82 D8 15 3E DD EA 68 04 CD C5 64 A3 F5 E9 96 7B 08 FE EB 82 3D 3D B9 35 6A 4A CD D8 0E 88 3C A5 8A 1C 66 1D 01 D1 45 F8 0A 3A B6 7E 80 36 C0 BA E1 BB 7B C4 32 04 EB 0C F3 82 14 BC 74 A9 AE F0 36 A3 1D 5A 9C 55 2D 93 A2 5C 0E 84 05 7B CE 54 37 B1 63 46 80 D0 4A 77 47 2D 63 14 32 D2 BA A7 A3 AC D6 42 20 EF CF 9E 78 48 F8 FD 98 01 BE F7 56 1A 47 0A 18 22 03 21 60 EB 59 ED C0 F9 77 88 2D CE 4F B2 87 2D 89 D2 7F F0 76 DB A7 4A 96 72 F8 69 09 95 65 79 C2 88 53 FA 8D E7 00 2C C8 45 8D 09 25 6D 42 A3 9F 1A 4B DB 6B 56 D3 6D 51 48 8E 73 68 68 6E 54 C1 BB BF FF 48 88 4E 0D 53 6B E3 62 E5 9B D7 F1 83 29 A4 B8 2A ED 39 6E 4F 92 86 5F 59 4D 0D A3 8F 7C AC E7 A4 60 3A F6 0C 1A 53 BD FD 19 47 60 94 AA C6 E4 A8 F3 1F C1 25 7D 48 D0 3B B0 EF 51 5D 84 60 B9 44 15 32 C8 B5 04 3D 05 31 D5 88 1A DB 6D 99 7B B1 84 FD 8C AF 4D 8E 6C 75 9C 3F 71 43 B9 E3 2B C7 A0 EC 62 34 B6 8A DF 41 11 CA 1D 13 67 21 43 8E 5E 6D 71 25 D4 80 CE 98 2D 84 AE A7 70 3B 40 10 CD 27 86 7D 6D DC 5E 0C 97 03 85 19 6F 02 0E 48 ED DB 24 C5 69 72 F9 E6 1E 6C C2 9C 17 12 55 15 83 82 8F 89 95 34 AA CF FF C6 6F 99 99 9E A2 BA 27 31 D5 2A 7F D2 FA 26 2A 22 B0 75 DA 52 A5 AA 58 F5 B4 1A A9 CD C9 18 14 06 71 7F 3F 75 E7 C4 75 09 01 21 96 68 38 12 52 36 E4 DC 62 91 AE 38 74 96 8E 82 08 B9 83 AA DB 03 CA 60 AC D9 35 E6 DA 1B 82 94 07 F7 0A 77 34 0E 44 39 F2 2F DC 2F C4 21 8D E0 F2 5D 2F 88 6C 0A AE B6 93 C2 B2 3D B0 EA B9 95 3B F8 06 C2 17 3E 0B C9 D0 D7 EF 0E 76 37 75 BC 14 32 FF 48 D6 03 5B 12 14 29 4C 81 B7 1C D9 8C 42 83 10 14 09 0C D9 9C B7 49 29 AE 85 3F 88 13 2E 55 91 04 D4 FE A9 8A D4 0F 17 DA 41 00 A9 09 A6 98 1B AD 9E FB 24 0A 79 52 09 27 AA 12 23 2A 56 F4 D8 89 3B FF 92 BF C2 BD 42 CF 3D C0 9B DC 48 4D FD BA 3A 10 C6 09 18 61 04 CE 33 E3 02 4F 44 00 0B E3 48 14 FF 5D C9 87 2D 44 B4 15 7F B3 A6 65 5B 98 5F 6C C5 EF 45 86 F2 AB FE E1 2D CB DB 90 18 1B 39 6F 95 FE 32 13 F0 94 D1 F3 DD 3D 7F ED 80 0F 4E D2 12 90 F6 13 B6 20 48 E0 FC 1F 13 28 D9 F8 7A 56 53 B4 89 D3 6F 72 7B E9 D7 55 52 3D EF 04 72 F1 C1 D5 AC 90 EE 66 53 79 FF 39 D0 6E 86 3C 24 48 90 F5 33 3A 0B 89 B9 20 22 C1 A8 19 80 29 FE 5F 8C 20 3B 3D D2 11 D4 39 89 58 EE 19 01 08 DD 50 B7 85 0E 20 D8 AB E2 B9 27 D5 3D 28 F3 B8 CA 26 BE 81 BC 6B 83 C0 E2 B3 B1 DD A2 80 66 C6 38 60 CE A8 9D F8 27 08 EF 21 D4 D3 6B 84 66 3E 87 B4 38 5A 3E 37 BD 3F F1 EB 2B F6 41 84 C4 47 23 49 06 69 AF 4D A0 92 D4 5B A2 1A 56 9A 35 2E 51 3D 9A 9B 43 E9 CD 4B 81 20 55 82 26 26 EF C5 5F 95 00 09 23 2B 8B 3B B2 D6 3D 44 A8 B0 BD 9B D4 E8 4C 5A 72 44 96 A2 32 6F 63 C9 7D BC B2 35 36 6E C0 CF 60 96 B5 F4 98 8D 07 3C 34 BD 3A 08 41 30 CE A8 D6 EE 22 E5 42 B4 11 C1 E1 85 99 66 7B 3F D6 DD E0 66 9A D8 2C 85 A1 C1 0C A5 86 22 13 CB 1B B2 77 E6 C4 F6 56 4F 20 A9 BC EA 1B 48 17 05 04 C4 72 35 D7 8E D0 A0 44 19 87 C8 C1 7D 90 D7 B5 6C F4 87 C4 67 33 BA 4A 68 48 FE C4 2B 97 CE 40 48 F3 C6 D9 C4 93 32 2F 05 2E F9 3F 02 F1 42 B3 94 0A 10 92 1B D1 5C 91 1E 7A 97 AA 4A 20 DC 38 3C 62 CD 28 8D 25 2B A9 37 B3 F6 07 61 E6 65 35 68 A0 12 41 BB 57 36 64 DE 04 81 1C F3 F5 9B 4C 2D 7E 8A 6C 55 DA 16 F4 68 38 34 56 AA 75 16 97 69 73 97 C2 A5 E5 AB FA 0F 10 99 D8 04 47 D4 9D A5 09 AA 13 47 F3 94 3E E9 BA A1 FD AD 2A 0E 69 41 0B 34 25 3A D4 99 12 82 D0 E9 52 26 0F 52 AB 9F 02 A3 D0 0B 37 09 8C F6 03 54 42 4F 86 20 66 E4 5E 92 AC 47 5C 99 A0 0E 73 80 76 6E 58 9A BF 66 27 16 19 14 27 95 CF 7A 7F BD 13 8A 6C C5 BD 7E 13 51 22 34 1D 1F 06 EB 5B 43 6C 59 BE 0A DE DC 71 BC 03 D7 C6 3C 16 75 1A D5 6C 69 E3 6D EC FE 9E 82 14 C7 19 FC DF 2E 9F E2 DC 97 1F 03 C1 C2 AD 6B 6D 36 8F E8 B1 1D 03 89 65 0C 73 D1 C7 E7 37 08 14 5F A0 59 92 A1 50 E6 A9 09 65 6E A7 86 E2 44 BD F1 CD 71 F4 B0 FD 05 B1 33 5D 70 31 82 FF A9 D9 6C 99 10 82 97 B1 FE 32 7A 83 BF 4F 69 D2 A9 C3 D1 EB 73 A9 DD 8C EE 2B 32 20 90 4A C3 10 11 FD 64 07 A5 BA 42 7F AC B4 62 27 FD ED B1 3D 1C A6 44 3D ED 3D C3 B6 CF 06 A5 9D C9 B9 22 6F BF 35 73 34 AB F5 84 12 60 5F D2 06 E7 B6 12 5F A1 9E 5D 68 F7 57 83 FA 08 20 5B 05 C0 A1 2D 18 30 06 83 17 F6 10 59 58 C4 EB 37 BC B1 BE AE 6A 40 1C 26 76 41 AA 58 27 4A 41 0D 76 B4 D2 A0 3E 41 80 20 86 9B 68 86 BB 81 96 47 61 B3 FC D8 EA 68 05 0A D6 CF F9 96 49 CD E8 FA 53 F0 4B 0C 96 E2 71 C0 B0 92 E2 4D 81 EA 2D 72 37 75 79 9E 71 3E A9 DA 69 67 EF 57 AA AF E1 C6 73 2F 2F 04 75 56 02 7F 02 1C 65 FC 20 C1 C3 BC B3 92 AC F8 FF 7A 9E 14 D9 72 8A 5A AA CD 25 5F C3 86 6B 04 1E 9C 96 DC F5 92 08 3D 78 C9 E4 05 DD D7 99 1D 2E 25 36 D2 EB 1B A0 F0 EC E3 DF B6 A3 4C 26 65 CF AC 2D 18 50 FD 47 8F 61 7F DD 4E 9D D4 49 2C 55 3B D3 75 CF D3 3F 47 44 D6 42 00 6F 3A 52 16 A1 FF 7D 73 64 3E D7 51 CA EC DF DC B5 62 47 AA 2F 66 FB CB 83 15 DA AA 86 00 6A 99 E0 35 0A 72 D5 D5 26 0D 6B B7 7A C5 3C DD 7A BA CB 85 95 86 C2 79 B7 FA CD F0 76 C9 22 AC 27 F3 E9 07 FB 3B 4E C9 77 CA 63 4A 28 DF 06 41 62 16 52 22 DC CE 67 4D AB 60 A4 E9 D4 8E 7F CE A2 67 AB B1 F8 E0 A2 01 2A A6 DB 53 2A 4C E7 4F BA F5 83 E2 C2 92 FA 1B 56 BE 58 5D 14 EE 07 3C DA FE 3F C0 C1 90 50 E6 98 EC 41 B9 D2 7F 5D B4 1A 77 92 08 11 8A 5D 3F 8F 74 33 3B 2A D2 FE 3C EE 27 3B BF EA 48 5E AD 81 7E FF ED F1 26 0C 1A 12 50 70 58 9B 6F 0F 31 98 4E D4 98 CB D2 73 E8 4A 71 8F 54 C8 2C BC 27 47 E6 78 F8 43 7D DE 23 C9 EA 3C 87 78 23 03 4B 7C 70 73 1C 2D 01 CC 09 D1 1D 33 64 E7 94 5B 64 80 B9 B4 16 AC B5 4C D1 19 4B 46 C6 D2 E1 47 61 9A C1 C1 FA 91 5A F8 0A 50 98 64 72 47 EB CF 04 49 63 4F 69 C9 6A FC 74 0B CE 61 99 32 28 18 3D 98 D0 F8 54 06 D8 FF D9 34 [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 44992 = c:\progra~2\dxrrblix.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Silver Sands Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Silver Sands Poker\GameClient.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{131B5047-1B2C-449F-9AAC-DC252D82C1E1}: NameServer = 196.207.36.251 196.207.36.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17F7B7DA-3406-4F8D-9541-EA905EED8D4A}: NameServer = 196.207.36.251 196.207.36.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C775872A-FCC3-42EA-AAFA-AD8B5396A367}: NameServer = 196.207.36.251 196.207.36.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB318F49-15F3-407F-9EBE-BBA23BBCC213}: NameServer = 196.207.36.251 196.207.36.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDA5B2BA-C5CC-4264-946F-AFB455089378}: DhcpNameServer = 192.168.42.129
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/11/11 19:48:23 | 007,127,040 | R--- | M] (FIRAXIS Games, Inc.) - I:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/08/24 12:33:16 | 000,000,027 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{031d204d-7e61-11e2-85f8-02c0ee6543d1}\Shell - "" = AutoRun
O33 - MountPoints2\{031d204d-7e61-11e2-85f8-02c0ee6543d1}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{031d210d-7e61-11e2-85f8-02c0ee6543d1}\Shell - "" = AutoRun
O33 - MountPoints2\{031d210d-7e61-11e2-85f8-02c0ee6543d1}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{031d2165-7e61-11e2-85f8-02c0ee6543d1}\Shell - "" = AutoRun
O33 - MountPoints2\{031d2165-7e61-11e2-85f8-02c0ee6543d1}\Shell\AutoRun\command - "" = I:\autorun.exe -- [2004/11/11 19:48:23 | 007,127,040 | R--- | M] (FIRAXIS Games, Inc.)
O33 - MountPoints2\{16f87916-03ea-11e3-abb3-002618c91d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{16f87916-03ea-11e3-abb3-002618c91d6b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{16fba005-1aa2-11e3-a79d-002618c91d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{16fba005-1aa2-11e3-a79d-002618c91d6b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3a9f90e5-86e5-11e2-b64c-002618c91d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{3a9f90e5-86e5-11e2-b64c-002618c91d6b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{65538eaf-8c71-11e2-a1e4-02c0ee6562cf}\Shell - "" = AutoRun
O33 - MountPoints2\{65538eaf-8c71-11e2-a1e4-02c0ee6562cf}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{65538eb4-8c71-11e2-a1e4-02c0ee6562cf}\Shell - "" = AutoRun
O33 - MountPoints2\{65538eb4-8c71-11e2-a1e4-02c0ee6562cf}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7127b1f2-1af4-11e3-ac9b-002618c91d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{7127b1f2-1af4-11e3-ac9b-002618c91d6b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7127b204-1af4-11e3-ac9b-002618c91d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{7127b204-1af4-11e3-ac9b-002618c91d6b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8f396b0a-ebb6-11e2-a859-002618c91d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{8f396b0a-ebb6-11e2-a859-002618c91d6b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ca4bcc16-1c3b-11e3-9400-002618c91d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{ca4bcc16-1c3b-11e3-9400-002618c91d6b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f06774a7-b30b-11e2-8f64-002618c91d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{f06774a7-b30b-11e2-8f64-002618c91d6b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f70ec47d-b898-11e2-a843-002618c91d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{f70ec47d-b898-11e2-a843-002618c91d6b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\_AUTORUN\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/07 14:29:58 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\NetSpeedMonitor
[2013/10/07 14:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[2013/10/04 04:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/01 17:08:58 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\My Games
[2013/10/01 17:08:58 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2013/10/01 17:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2013/10/01 17:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2013/09/13 07:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/12 16:59:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/09/12 14:53:06 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla
[2013/09/12 14:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/09/11 18:27:58 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Diagnostics
[2013/09/11 16:59:19 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ElevatedDiagnostics
[2013/09/11 14:59:24 | 000,000,000 | -H-D | C] -- C:\Users\Stefan\Desktop\leeupoort
[2013/09/11 07:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2013/09/11 07:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2013/09/09 09:39:37 | 000,000,000 | ---D | C] -- C:\Sports Mogul
[2013/09/09 09:09:34 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/09/09 09:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013/09/09 09:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2013/09/09 09:02:20 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Out of the Park Developments
[2013/09/09 09:01:50 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Out of the Park Developments
[2013/09/09 09:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Out of the Park Developments
[2013/09/09 09:01:48 | 000,000,000 | ---D | C] -- C:\Windows\Out of the Park Baseball 13
[2009/07/14 01:31:52 | 000,451,584 | -HS- | C] (NoVirusThanks Company Srl) -- C:\Users\Stefan\dxlabpuqo.exe
[2009/07/14 01:31:52 | 000,451,584 | -HS- | C] (NoVirusThanks Company Srl) -- C:\Users\Stefan\dxehlohv.exe
[2009/07/14 01:31:52 | 000,309,248 | -HS- | C] (NoVirusThanks Company Srl) -- C:\Users\Stefan\dxvyvlii.exe
[2009/07/14 01:31:52 | 000,075,776 | -HS- | C] (NoVirusThanks Company Srl) -- C:\Users\Stefan\dxxikia.exe

========== Files - Modified Within 30 Days ==========

[2013/10/07 15:18:42 | 000,675,336 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/07 15:18:42 | 000,129,270 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/07 15:04:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 15:04:15 | 2817,925,120 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 14:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/07 14:47:40 | 000,007,619 | ---- | M] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2013/10/01 17:08:56 | 000,002,153 | ---- | M] () -- C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
[2013/09/14 18:57:38 | 000,000,884 | RHS- | M] () -- C:\Users\Stefan\ntuser.pol
[2013/09/13 13:04:55 | 356,384,572 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/12 14:52:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/11 17:11:58 | 000,428,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/11 07:43:33 | 000,002,735 | ---- | M] () -- C:\Users\Public\Desktop\SMS.lnk
[2013/09/11 07:43:33 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013/09/10 18:42:44 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/09/09 09:02:17 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\OOTP Baseball 13.lnk

========== Files Created - No Company Name ==========

[2013/10/07 14:42:03 | 000,007,619 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2013/10/01 17:08:56 | 000,002,153 | ---- | C] () -- C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
[2013/09/13 13:04:55 | 356,384,572 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/12 14:52:56 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/12 14:52:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/11 07:43:33 | 000,002,735 | ---- | C] () -- C:\Users\Public\Desktop\SMS.lnk
[2013/09/11 07:43:33 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013/09/09 09:02:17 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\OOTP Baseball 13.lnk
[2013/09/08 18:49:42 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/08/23 15:25:07 | 000,004,104 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2013/08/23 11:17:19 | 000,000,884 | RHS- | C] () -- C:\Users\Stefan\ntuser.pol
[2013/07/30 17:36:05 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2013/07/04 01:34:15 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/07/02 15:33:44 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2013/05/19 05:18:04 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2013/03/27 00:41:30 | 000,088,688 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2013/03/10 16:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2013/03/07 07:25:53 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/04/18 15:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/07/14 01:31:52 | 000,420,455 | -HS- | C] () -- C:\Users\Stefan\dxmwpq.exe
[2009/07/14 01:31:52 | 000,420,455 | -HS- | C] () -- C:\Users\Stefan\dxifgxuu.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxzkhbwa.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxyrsiu.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxxtwdeuo.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxudeh.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxtseu.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxtjrk.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxsezfjt.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxrjiy.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxriojni.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxqafz.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxoyiv.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxojim.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxlmhx.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxkdufa.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxizkvbep.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxiynj.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxiewkke.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxhvrn.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxgcftur.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxdjbu.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxddoi.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxcbaathv.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxcadh.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxbesgdoq.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxavzr.exe
[2009/07/14 01:31:52 | 000,357,888 | -HS- | C] () -- C:\Users\Stefan\dxakokxu.exe
[2009/07/14 01:19:28 | 000,357,888 | -HS- | C] () -- C:\ProgramData\dxrrblix.exe

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013/10/07 15:04:41 | 000,005,632 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/07 14:26:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\BitTorrent
[2013/02/24 12:15:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DAEMON Tools Lite
[2013/03/10 16:15:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DassaultSystemes
[2013/08/23 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DefaultTab
[2013/03/18 08:07:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\File Scout
[2013/04/16 15:22:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\HoolappForAndroid
[2013/02/24 11:04:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\iBurst
[2013/05/26 17:07:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Leadertech
[2013/08/23 15:25:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MOVAVI
[2013/10/07 15:30:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NetSpeedMonitor
[2013/02/26 23:31:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenCandy
[2013/09/09 09:01:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Out of the Park Developments
[2013/02/24 12:22:58 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PunkBuster
[2013/03/18 09:45:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sports Interactive
[2013/05/04 08:52:58 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Systweak
[2013/05/18 14:17:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Temp
[2013/07/03 17:19:24 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\uTorrent
[2013/02/24 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Vodafone

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >


extras.txt

OTL Extras logfile created on: 2013/10/07 15:26:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.39% Memory free
7.00 Gb Paging File | 5.76 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 3.73 Gb Free Space | 3.82% Space Free | Partition Type: NTFS
Drive D: | 368.00 Gb Total Space | 22.75 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
Drive E: | 4.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 298.09 Gb Total Space | 30.34 Gb Free Space | 10.18% Space Free | Partition Type: NTFS
Drive I: | 564.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Stefan\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"Microsoft Windows Hosting Service" = C:\Users\Stefan\AppData\Local\Temp\csrss.exe -- (NoVirusThanks Company Srl)
"C:\Windows\system32\msiexec.exe" = C:\Windows\system32\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Windows\system32\svchost.exe" = C:\Windows\system32\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{488F70E0-3070-11E0-72AE-2826C87F2CD6}" = Baseball Mogul 2012
"{52A73A2E-2478-45E5-A390-8C0A6F525678}" = SolidWorks eDrawings 2011 SP0
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5F590D74-AA75-410F-A778-3CDFCE12DCD4}" = SolidWorks Explorer 2011 SP0
"{6910C412-A523-493C-BC22-0213CD7F4F3A}" = Industry Giant 2 - Gold Edition
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}" = Movavi Video Converter 10
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}" = SolidWorks 2011 SP0
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EF581945-BBE9-11D5-A7FE-50275FC10000}" = Capitalism II
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Chord Pickout" = Chord Pickout 2.0
"CutePDF Writer Installation" = CutePDF Writer 3.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DefaultTab" = DefaultTab
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Football Manager 2012_is1" = Football Manager 2012
"Gangsters" = Gangsters
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 24.0 (x86 en-ZA)" = Mozilla Firefox 24.0 (x86 en-ZA)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero7Lite_is1" = Nero 7 Micro 7.11.10.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Out of the Park Baseball13" = Out of the Park Baseball 13
"PRJPRO" = Microsoft Office Project Professional 2007
"R2FtZURldlR5Y29vbnYxMzI=_is1" = Game Dev Tycoon v1.3.2 © Greenheart Games version 1
"Shockwave" = Shockwave
"Silver Sands Poker_is1" = Silver Sands Poker Version 2.1.0.19
"SolidWorks Installation Manager 20110-40000-1100-200" = SolidWorks 2011 SP0
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5CD6CB79-8ADD-4852-82CF-00ED47F6214E}" = Search.us.com
"BitTorrent" = BitTorrent
"Vietcong 2" = Vietcong 2
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013/10/02 20:15:07 | Computer Name = Stefan-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 8\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2013/10/03 21:16:16 | Computer Name = Stefan-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 2013/10/03 21:16:29 | Computer Name = Stefan-PC | Source = VmbService | ID = 0
Description = Service cannot be started. The service process could not connect to
the service controller

Error - 2013/10/03 21:16:30 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x52302dc0 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x52302dc0 Exception code: 0xc0000005 Fault offset: 0x00002c80 Faulting
process id: 0x5c4 Faulting application start time: 0x01cec09f5894b3b0 Faulting application
path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program
Files\DefaultTab\DefaultTabSearch.exe Report Id: 98f9ed1a-2c92-11e3-a8c3-002618c91d6b

Error - 2013/10/04 07:11:34 | Computer Name = Stefan-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2013/10/04 07:11:34 | Computer Name = Stefan-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 8\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2013/10/07 07:31:23 | Computer Name = Stefan-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 2013/10/07 07:31:37 | Computer Name = Stefan-PC | Source = VmbService | ID = 0
Description = Service cannot be started. The service process could not connect to
the service controller

Error - 2013/10/07 07:31:37 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x52302dc0 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x52302dc0 Exception code: 0xc0000005 Fault offset: 0x00002c80 Faulting
process id: 0x824 Faulting application start time: 0x01cec350c7a064b4 Faulting application
path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program
Files\DefaultTab\DefaultTabSearch.exe Report Id: 064ced7c-2f44-11e3-b4dd-002618c91d6b

Error - 2013/10/07 09:04:26 | Computer Name = Stefan-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 2013/10/07 09:04:38 | Computer Name = Stefan-PC | Source = VmbService | ID = 0
Description = Service cannot be started. The service process could not connect to
the service controller

[ System Events ]
Error - 2013/06/03 13:54:02 | Computer Name = Stefan-PC | Source = ipnathlp | ID = 31004
Description =


< End of report >

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,006 posts
  • MVP
It's the latest Zero Access malware.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Ron
  • 0

#3
Stefan1274

Stefan1274

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Ron,

Thank you very much. I will paste the two logs in this thread; frst.txt then addition.txt. I will also attach the two files to the message.

It is getting worse now, so I hope we can find some solution.

Much obliged, Stefan.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Stefan (administrator) on STEFAN-PC on 08-10-2013 06:50:22
Running from C:\Users\Stefan\Downloads
Microsoft Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
() C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM\...\Run: [EKAiO2StatusMonitor] - C:\Windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe [2421760 2011-03-01] (Eastman Kodak Company)
HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [408576 2011-04-19] (Vodafone)
HKLM\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Stefan\AppData\Local\Temp\csrss.exe [239616 2013-09-19] (NoVirusThanks Company Srl) <===== ATTENTION
HKLM\...\Policies\Explorer\Run: [44992] - c:\progra~2\dxrrblix.exe [357888 2009-07-14] ( ())
HKLM\...\Policies\Explorer: [3212083974] 0x504B0304C239B7F8068374BFB511000000400000E269F63D73594F6202C9694280CC96A28BBD63516FE3C2D5F7A2FF87AC3A990C3EC3B2ED7B07716237A0DFB1DFB651F67E31CB2E7649F98D5E55E9B25B1A579794989B176C357BDCC11226BD6ECB7DE8A63EA2165F6B31EAD6B0A2A96A6E9D04B9B39F194EF52D48B088D4B6597F685A70FF6912914F86D8235681747DA26CFD83223D3D248872C51095484634EBF976E4595F734BD35CAF42B38DCF9E878AF0BE0A5E84B22940F721E8BBCDCBAA3E53607359252DB16C0D6C38A142261BB4896D12A48C006CC3C21FDF717C155B2AF0375D2545EE286C2AECB2955206EF25C82DC686F7EB83BB3072E94E1E59254B11A2E3628E1D98E177375B54E682A1C77F986E1907FFCB784ACCACB124189751D7EBBAFC91D3A127F134A85E27F8C201D9082F621F5FFFAC09D2AAB94A62F90BD74D6C96A8DB6D42E4E98316449D202A4E24857673E2A50B7DFD9D5AF72A21A19A922ACC9675BA933A1C6AD4E0A11470FBB82EED7A79C5CA2DBB0BEC5B2B43BAA37373D3EF494726D7CF4A4AA8A3D6A5C206CED49148C0100BFA96B707BE91B855151D8DA8E0723DD1303325011B3951C9DF7B10E9B153BCED98376C4D7517F2E0E23A986914B2B0F978454441C47B5797D924CE9CD186D74D308099EE52F226E92DE6B50E4A0691F75CFA9CE733494B8CAFAEB4BE4C65F6C9DFFA34A3C2ED9D14F5844164BE79B7A90495290350177B03AEFA777FF519B624E3C75C219260AC447BBA9A6DB56F34B340A5F75837FAB3C33831A3BC39C2914AEB87A39545BD7ED52450EB7E94D5380E2BABCE3F8EE6E3CDC9D4ED54D9889D9DBD0DC879CAA2B121048A308A7F873252DAD24EA8F8911EA0A3B202DE930A9FC882CF1349FFE229016B2EBFD7821B8986D31DECCBC296BA54FD6D864C915F1D77AC0734D96FE0BA43A669FAB128026C7F90E9E1E0A7047F5A2378E4DE0966EB6C217B3483194B2B21A3FA8A1CBEF1D66A3FC8A5C863BCEA6157981A11449BAE3357F3287501CB9C24E0AFB156F5DDFD6855CD8B7B43FEABD9412C1C208B5DE2330C469A59DE5B490CC06BFD5A4900CB121EB967BC7185A9F00112A5B1E8D8028CA02B0F2B194AF03CC1E172B70C9B88643E3C064B5406CF184AD9EBA26736EF6FEB30DAC8BA400933A32A3C03230BD732FCBE16C4B3BDCC0B501616CE956D968B8DA68B4A9A64238601E81E78095961580431361A4DD9FE963D3CEBA5C21BBA416C1CC9D94BB842C25B2FD12C8BF42C35948272965A3FECF6E9B92D32D7E84A402A0B6214A412A23427E4852CE607FD9F7FF8559BBB96A9AE577DF0C19D108587D372470BE0D3E27ED61FEB442C2D65E55BAC81C2786CF6B837EEBC1B5AF35634B29FD5D96347B5F9C747C8A9A83E7CB3C188D9042F08FBD4EDEEBD65DE7C04B275B7FD74067A0AE3033752AA55A45A05355811416EA4A5101511E99305B700BD44742CBD6A9272B5CF4001505C4057866B57E4DE5EF0EE9F88B41986A80119C962594972011FC0C39B4A74B74747F5116D896A0EBCBB4387685672899AF54B80AE07008971EA1C997A898E33AAB769E4E52FBBEC97EBF199CE76454BADBD4EAB272F1D1CAABB3B49B3AAFC1E67D09EE8FEB0580E414EB45F3F0C25FE88872312FEC2341E7A6100B2E04ED25FCE13A146098DCE98446B2F3875ECB269A886795698619D337DA612F19BF8D4FE3028E79A26548128D1595AF0BF98FF320DC73D873F05EBD07C87CAE28DF067C00DE3E53CC77E801E1304192CA7BF78AB28DB40564328A108F9F0DDD8E1B0BAECCF16BF1DEB3CC5C4B5F5140F6B8A256E9128C203418AA3D93E3F08078977667DC02D830BB6869DE92F29A65AC6D2689D0A5A90887A8643119DC9A68B5B00BD59D45DA9D7ED5DAE6EE6DA6119243F77F51B263200F90ABBB61CCE9A951781EA2012A2C8D7200906439B08E7E76CF9C9536B2E6B560AFD7CBAA5044791EE17DED45ADFD9D359DAC0A9F4ED15BF2CB2EA9B12B7CB11B597CF2E6E750A6C636FE2C4B144F6FF43CCFFDDAE787BE160B0A8B4282B35A6AEECE165814E95CE7ADBE416EF4E51860CB4F5D50AF2A86AA4EE602A30AA54850E0CB4A38DC3A1C711B5D03B6A53EE102AC68E553D11E5FB3D0A8E0EF34266263CA4A3E0B76C55A92F75F921CD61A5363E5DB7737874D57C653D63457260B67B1DF330827B2921C29FDA0045BBE7404E40985039F7DB153F52B2C941A56E922DCFB60B89DBEE327ED6F5C1E438270F766A6ED1730FC581A4AEBCFE3B7726B27D6B092CF5A0B6954196CB4CC2788B8722338EE189D9E22692595F0D5B333B0F715CB8D94A08AFB631DBB1BE79A773E8F1A4EAF7220C24222DDA431B91D9175DFA0C6AE81E8C4C879D64446CF56FAEFE1487CA6739A776AEE42EF8BE40A612F95CDE3B1FEEAC1E1E41A24C92ED8B0152E247239E5A8BC903679CA8C7B94659AD5B1D10551F460D924FB60882FC90508C3723420F86F4CF100387E808133CC429883C0E3ACE91651C075CD19D106E0B437B0363048CA1FEAAF929B87AED90AFDE281EDCA0FA0CC7B5A7F03807FA5AC41B1ED73130EAC1117C631C1818142F24D420F6776CB53D4D0326B9FC3008C3CA03FC649D87D37FA617B74F2865C75298BED54B7D8DC676E2210374D8BF194AE2FEDA62B4798933C764CCDDF845330721FC21E68C0695CA73285103E22AE68DA440326DFEF9A80D17D0A7C3F920E7B0AA806EE9B7549ED9878B6CFB505AC69E8E8D3CFA718675764CFB03861D32AFAAE1D918BE87F6A9AC0D815C57AD3E167D642F5FCDDC25D4BA3AC3E67C26A4DEAA17797B3C0654F271EAAA442A71CBE19372ADCBDE3DF8B3FE491E5A76A79D1291A0DE317FFBF927F42782FA48270F2C969563B183A4B0112F3497DD3C2A423EC83498BDBAAC928910A9FB7FE5788E454C027A28F4A91AF2BF09E261F85B0EEE4F7929E63C4062496CB09534BB6D03FF69ED2915D0EA215B4FB3D1044E86EB87DFB4898BCBD50E5C4DDFBDB83B9410E1ADF91446C43C959E0E341D67A5A7EF8712586DE3B8B9C5B6F80F42F235BF68900EBFE6304BB0D9F67408B76201EC26180B4BD76500DE4F0DF86DF4A063AECECCA69DDF8A162B67A4B9800FA7570D5B551AC2703ADC0FFCED00650A96CD81EC4187B90C6B2140CE99C1937C40587EA72899897E628115BCAB73B3D9F425860B109A67347B8A121F65D0968D56A3DDE6B8171CEA61B08AE568B9D03C398977CE86F75055230EF370CABF67C9CF97C3223719555403F3E0BD2AF0E1E8742DECB05FADB0227F15D40EE2D6DC5A49FE1E6BC9E6CEDDE74294C3BB6FD5C5FEDFAD672DF1DFFD219BD8BC1EC39158EAB507998755F553441D01CD26A5501F6FB2DB4F3597510F85B93A542514C8013EEDBBFC913DCCE8B20A5759665BDFD9919EB22A89163D8656386D857C5BFC7C241C1D726CD94AB0F92D5B0FEFCF1D4ABDD26FBC6C17A4CCACF2D31E5E713059DE93C59D3B8D3E8D03B5D663F9DFADB03E093CB84FCF500A1F0E2E5BA1C9D81DB12CC799C6539AF0CC35682D95CB789C745A452BD8B38E6CF08E0579DA1AB43AD0858D0305F961B15A79C1090F4867040EA2BD36CF6512AAB44CE5A1098EFE039134F23BF057777FEF3E68E45827B0487924CAD4E5F0B1C3B4F5A0E3853B39640EB0782D78888FE92C3B68624E84FF6A5EDED87BE62D34CE858F34E5FFFBBA75F014DF0F648988B51A72DE1FF54D5C7A4B8ECB10C5E9EF51DE98C01EF8C406F9824A0C15A29E16B5A53E3643B0065A4263ECAE50D2CB976D3D2EA6255A65F1C6CC86167F1784A27B832037DB4CE1E262475334F3B2430F86C7A24456EEA82AB678ABA91BB4C0CC82C877B80B6D3574007257272C3E126C17A8B36AA8AA9431FF01BF658F82D8153EDDEA6804CDC564A3F5E9967B08FEEB823D3DB9356A4ACDD80E883CA58A1C661D01D145F80A3AB67E8036C0BAE1BB7BC43204EB0CF38214BC74A9AEF036A31D5A9C552D93A25C0E84057BCE5437B1634680D04A77472D631432D2BAA7A3ACD64220EFCF9E7848F8FD9801BEF7561A470A1822032160EB59EDC0F977882DCE4FB2872D89D27FF076DBA74A9672F86909956579C28853FA8DE7002CC8458D09256D42A39F1A4BDB6B56D36D51488E7368686E54C1BBBFFF48884E0D536BE362E59BD7F18329A4B82AED396E4F92865F594D0DA38F7CACE7A4603AF60C1A53BDFD19476094AAC6E4A8F31FC1257D48D03BB0EF515D8460B9441532C8B5043D0531D5881ADB6D997BB184FD8CAF4D8E6C759C3F7143B9E32BC7A0EC6234B68ADF4111CA1D136721438E5E6D7125D480CE982D84AEA7703B4010CD27867D6DDC5E0C970385196F020E48EDDB24C56972F9E61E6CC29C1712551583828F899534AACFFFC66F99999EA2BA2731D52A7FD2FA262A22B075DA52A5AA58F5B41AA9CDC9181406717F3F75E7C475090121966838125236E4DC6291AE3874968E8208B983AADB03CA60ACD935E6DA1B829407F70A77340E4439F22FDC2FC4218DE0F25D2F886C0AAEB693C2B23DB0EAB9953BF806C2173E0BC9D0D7EF0E763775BC1432FF48D6035B1214294C81B71CD98C42831014090CD99CB74929AE853F88132E559104D4FEA98AD40F17DA4100A909A6981BAD9EFB240A79520927AA12232A56F4D8893BFF92BFC2BD42CF3DC09BDC484DFDBA3A10C609186104CE33E3024F44000BE34814FF5DC9872D44B4157FB3A6655B985F6CC5EF4586F2ABFEE12DCBDB90181B396F95FE3213F094D1F3DD3D7FED800F4ED21290F613B62048E0FC1F1328D9F87A5653B489D36F727BE9D755523DEF0472F1C1D5AC90EE665379FF39D06E863C244890F5333A0B89B92022C1A8198029FE5F8C203B3DD211D4398958EE190108DD50B7850E20D8ABE2B927D53D28F3B8CA26BE81BC6B83C0E2B3B1DDA28066C63860CEA89DF82708EF21D4D36B84663E87B4385A3E37BD3FF1EB2BF64184C44723490669AF4DA092D45BA21A569A352E513D9A9B43E9CD4B812055822626EFC55F950009232B8B3BB2D63D44A8B0BD9BD4E84C5A724496A2326F63C97DBCB235366EC0CF6096B5F4988D073C34BD3A084130CEA8D6EE22E542B411C1E18599667B3FD6DDE0669AD82C85A1C10CA5862213CB1BB277E6C4F6564F20A9BCEA1B48170504C47235D78ED0A0441987C8C17D90D7B56CF487C46733BA4A6848FEC42B97CE4048F3C6D9C493322F052EF93F02F142B3940A10921BD15C911E7A97AA4A20DC383C62CD288D252BA937B3F60761E6653568A01241BB573664DE04811CF3F59B4C2D7E8A6C55DA16F468383456AA751697697397C2A5E5ABFA0F1099D80447D49DA509AA1347F3943EE9BAA1FDAD2A0E69410B34253AD4991282D0E952260F52AB9F02A3D00B37098CF60354424F862066E45E92AC475C99A00E7380766E589ABF66271619142795CF7A7FBD138A6CC5BD7E135122341D1F06EB5B436C59BE0ADEDC71BC03D7C63C16751AD56C69E36DECFE9E8214C719FCDF2E9FE2DC971F03C1C2AD6B6D368FE8B11D0389650C73D1C7E73708145FA05992A150E6A909656EA786E244BDF1CD71F4B0FD05B1335D703182FFA9D96C99108297B1FE327A83BF4F69D2A9C3D1EB73A9DD8CEE2B3220904AC31011FD6407A5BA427FACB46227FDEDB13D1CA6443DED3DC3B6CF06A59DC9B9226FBF357334ABF58412605FD206E7B6125FA19E5D68F75783FA08205B05C0A12D1830068317F6105958C4EB37BCB1BEAE6A401C267641AA58274A410D76B4D2A03E418020869B6886BB81964761B3FCD8EA68050AD6CFF99649CDE8FA53F04B0C96E271C0B092E24D81EA2D723775799E713EA9DA6967EF57AAAFE1C6732F2F047556027F021C65FC20C1C3BCB392ACF8FF7A9E14D9728A5AAACD255FC3866B041E9C96DCF592083D78C9E405DDD7991D2E2536D2EB1BA0F0ECE3DFB6A34C2665CFAC2D1850FD478F617FDD4E9DD4492C553BD375CFD33F4744D642006F3A5216A1FF7D73643ED751CAECDFDCB56247AA2F66FBCB8315DAAA86006A99E0350A72D5D5260D6BB77AC53CDD7ABACB859586C279B7FACDF076C922AC27F3E907FB3B4EC977CA634A28DF064162165222DCCE674DAB60A4E9D48E7FCEA267ABB1F8E0A2012AA6DB532A4CE74FBAF583E2C292FA1B56BE585D14EE073CDAFE3FC0C19050E698EC41B9D27F5DB41A779208118A5D3F8F74333B2AD2FE3CEE273BBFEA485EAD817EFFEDF1260C1A125070589B6F0F31984ED498CBD273E84A718F54C82CBC2747E678F8437DDE23C9EA3C877823034B7C70731C2D01CC09D11D3364E7945B6480B9B416ACB54CD1194B46C6D2E147619AC1C1FA915AF80A5098647247EBCF0449634F69C96AFC740BCE61993228183D98D0F85406D8FFD934
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Stefan\AppData\Local\Temp\csrss.exe [239616 2013-09-19] (NoVirusThanks Company Srl) <===== ATTENTION
HKCU\...\CurrentVersion\Windows: [Load] c:\users\stefan\dxmwpq.exe <===== ATTENTION
MountPoints2: I - I:\_AUTORUN\AUTORUN.EXE
MountPoints2: {031d204d-7e61-11e2-85f8-02c0ee6543d1} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {031d210d-7e61-11e2-85f8-02c0ee6543d1} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {031d2165-7e61-11e2-85f8-02c0ee6543d1} - I:\autorun.exe
MountPoints2: {16f87916-03ea-11e3-abb3-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {16fba005-1aa2-11e3-a79d-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {3a9f90e5-86e5-11e2-b64c-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {65538eaf-8c71-11e2-a1e4-02c0ee6562cf} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {65538eb4-8c71-11e2-a1e4-02c0ee6562cf} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {7127b1f2-1af4-11e3-ac9b-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {7127b204-1af4-11e3-ac9b-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {8f396b0a-ebb6-11e2-a859-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {ca4bcc16-1c3b-11e3-9400-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {f06774a7-b30b-11e2-8f64-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {f70ec47d-b898-11e2-a843-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
AppInit_DLLs: [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.search....F6214E}&serpv=5
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.you...938&lg=EN&cc=ZA
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.you...938&lg=EN&cc=ZA
SearchScopes: HKCU - {5C49C060-6DEE-4BE9-8C91-B03DBFF55B81} URL = http://search.us.com...k={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.you...938&lg=EN&cc=ZA
SearchScopes: HKCU - {D735BCC8-CE8F-4074-A6F9-39F6424517E8} URL = http://search.yahoo....petb&type=10547
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Winsock: Catalog9 35 mswsock.dll File Not found ()
Winsock: Catalog9 36 mswsock.dll File Not found ()
Winsock: Catalog9 37 mswsock.dll File Not found ()
Winsock: Catalog9 38 mswsock.dll File Not found ()
Winsock: Catalog9 39 mswsock.dll File Not found ()
Winsock: Catalog9 40 mswsock.dll File Not found ()
Winsock: Catalog9 41 mswsock.dll File Not found ()
Winsock: Catalog9 42 mswsock.dll File Not found ()
Winsock: Catalog9 43 mswsock.dll File Not found ()
Winsock: Catalog9 44 mswsock.dll File Not found ()
Winsock: Catalog9 45 mswsock.dll File Not found ()
Winsock: Catalog9 46 mswsock.dll File Not found ()
Winsock: Catalog9 47 mswsock.dll File Not found ()
Winsock: Catalog9 48 mswsock.dll File Not found ()
Winsock: Catalog9 49 mswsock.dll File Not found ()
Winsock: Catalog9 50 mswsock.dll File Not found ()
Winsock: Catalog9 51 mswsock.dll File Not found ()
Winsock: Catalog9 52 mswsock.dll File Not found ()
Winsock: Catalog9 53 mswsock.dll File Not found ()
Winsock: Catalog9 54 mswsock.dll File Not found ()
Winsock: Catalog9 55 mswsock.dll File Not found ()
Winsock: Catalog9 56 mswsock.dll File Not found ()
Winsock: Catalog9 57 mswsock.dll File Not found ()
Winsock: Catalog9 58 mswsock.dll File Not found ()
Winsock: Catalog9 59 mswsock.dll File Not found ()
Winsock: Catalog9 60 mswsock.dll File Not found ()
Winsock: Catalog9 61 mswsock.dll File Not found ()
Winsock: Catalog9 62 mswsock.dll File Not found ()
Winsock: Catalog9 63 mswsock.dll File Not found ()
Winsock: Catalog9 64 mswsock.dll File Not found ()
Winsock: Catalog9 65 mswsock.dll File Not found ()
Winsock: Catalog9 66 mswsock.dll File Not found ()
Winsock: Catalog9 67 mswsock.dll File Not found ()
Winsock: Catalog9 68 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{131B5047-1B2C-449F-9AAC-DC252D82C1E1}: [NameServer]196.207.36.251 196.207.36.254
Tcpip\..\Interfaces\{17F7B7DA-3406-4F8D-9541-EA905EED8D4A}: [NameServer]196.207.36.251 196.207.36.254
Tcpip\..\Interfaces\{C775872A-FCC3-42EA-AAFA-AD8B5396A367}: [NameServer]196.207.36.251 196.207.36.254
Tcpip\..\Interfaces\{CB318F49-15F3-407F-9EBE-BBA23BBCC213}: [NameServer]196.207.36.251 196.207.36.254

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default
FF Homepage: hxxp://start.search.us.com/v/2/?guid={5CD6CB79-8ADD-4852-82CF-00ED47F6214E}&serpv=5
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Stefan\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\Stefan\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com)

========================== Services (Whitelisted) =================

S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [87336 2010-10-05] (Dassault Systèmes SolidWorks Corp.)
S2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-09-16] ()
R2 DefaultTabUpdate; C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-08-23] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-07-18] (Flexera Software, Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [366000 2011-03-09] (Eastman Kodak Company)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2006-10-26] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-07-18] (SolidWorks)
S2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{2e754a38-a09f-89b0-736a-408075ef620d}\ \...\???\{2e754a38-a09f-89b0-736a-408075ef620d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-24] (DT Soft Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2011-01-04] (CACE Technologies)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [311808 2009-07-14] (Realtek)
S3 iBurstu; system32\DRIVERS\iBurstu.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 06:50 - 2013-10-08 06:50 - 00000000 ____D C:\FRST
2013-10-08 06:47 - 2013-10-08 06:47 - 01087213 _____ (Farbar) C:\Users\Stefan\Downloads\FRST.exe
2013-10-07 16:22 - 2013-10-07 16:23 - 00000000 ____D C:\ProgramData\MFAData
2013-10-07 16:22 - 2013-10-07 16:22 - 00000000 ____D C:\Users\Stefan\AppData\Local\MFAData
2013-10-07 16:22 - 2013-10-07 16:22 - 00000000 ____D C:\Users\Stefan\AppData\Local\Avg2014
2013-10-07 16:11 - 2013-10-07 16:12 - 04433128 _____ (AVG Technologies) C:\Users\Stefan\Downloads\avg_isct_stb_all_2014_4142_free.exe
2013-10-07 14:55 - 2013-10-07 14:54 - 00006396 _____ C:\Users\Stefan\Downloads\0677.mpssvc.reg
2013-10-07 14:54 - 2013-10-07 14:54 - 00229548 _____ C:\Users\Stefan\Downloads\1055.BFE.reg
2013-10-07 14:42 - 2013-10-07 14:47 - 00007619 _____ C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
2013-10-07 14:29 - 2013-10-08 06:50 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\NetSpeedMonitor
2013-10-07 14:29 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files\NetSpeedMonitor
2013-10-04 04:26 - 2013-10-04 04:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 17:08 - 2013-10-01 17:08 - 00002153 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
2013-10-01 17:08 - 2013-10-01 17:08 - 00000000 ____D C:\Users\Stefan\Documents\My Games
2013-10-01 17:08 - 2013-10-01 17:08 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2013-10-01 17:07 - 2013-10-01 17:07 - 00000000 ____D C:\Program Files\Firaxis Games
2013-09-13 13:04 - 2013-09-13 13:05 - 00160272 _____ C:\Windows\Minidump\091313-22432-01.dmp
2013-09-13 13:04 - 2013-09-13 13:04 - 356384572 _____ C:\Windows\MEMORY.DMP
2013-09-13 07:17 - 2013-09-13 07:17 - 00000000 ____D C:\Program Files\ESET
2013-09-12 16:59 - 2013-09-13 13:04 - 00000000 ____D C:\Windows\Minidump
2013-09-12 16:59 - 2013-09-12 16:59 - 00661376 _____ C:\Windows\Minidump\091213-18486-01.dmp
2013-09-12 14:53 - 2013-09-12 14:53 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Mozilla
2013-09-12 14:52 - 2013-10-07 13:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-12 14:52 - 2013-09-12 14:52 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-11 14:59 - 2013-09-11 15:42 - 00000000 ___HD C:\Users\Stefan\Desktop\leeupoort
2013-09-11 07:43 - 2013-09-11 07:43 - 00002735 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-11 07:43 - 2013-09-11 07:43 - 00002166 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-11 07:43 - 2013-09-11 07:43 - 00000000 ____D C:\Program Files\Vodafone
2013-09-09 09:39 - 2013-09-09 09:39 - 00000000 ____D C:\Sports Mogul
2013-09-09 09:09 - 2013-09-09 09:09 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-09-09 09:02 - 2013-09-09 09:02 - 00002220 _____ C:\Users\Public\Desktop\OOTP Baseball 13.lnk
2013-09-09 09:02 - 2013-09-09 09:02 - 00000000 ____D C:\Users\Stefan\Documents\Out of the Park Developments
2013-09-09 09:02 - 2013-09-09 09:02 - 00000000 ____D C:\ProgramData\eSellerate
2013-09-09 09:02 - 2013-09-09 09:02 - 00000000 ____D C:\Program Files\Common Files\eSellerate
2013-09-09 09:01 - 2013-09-09 09:01 - 00000000 ____D C:\Windows\Out of the Park Baseball 13
2013-09-09 09:01 - 2013-09-09 09:01 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Out of the Park Developments
2013-09-09 09:01 - 2013-09-09 09:01 - 00000000 ____D C:\Program Files\Out of the Park Developments
2013-09-08 18:49 - 2013-09-10 18:42 - 00000049 _____ C:\Windows\NeroDigital.ini

==================== One Month Modified Files and Folders =======

2013-10-08 06:50 - 2013-10-08 06:50 - 00000000 ____D C:\FRST
2013-10-08 06:50 - 2013-10-07 14:29 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\NetSpeedMonitor
2013-10-08 06:47 - 2013-10-08 06:47 - 01087213 _____ (Farbar) C:\Users\Stefan\Downloads\FRST.exe
2013-10-08 06:40 - 2013-02-24 10:59 - 00795074 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-08 06:36 - 2013-03-08 03:05 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\vlc
2013-10-08 06:15 - 2013-05-18 14:17 - 00000000 ____D C:\ProgramData\Kodak
2013-10-08 06:15 - 2013-02-25 18:47 - 00012764 _____ C:\Windows\PFRO.log
2013-10-08 06:15 - 2013-02-24 13:13 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-08 06:15 - 2013-02-24 10:55 - 00000000 ____D C:\Users\Stefan
2013-10-08 06:15 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 06:15 - 2009-07-14 06:39 - 00152768 _____ C:\Windows\setupact.log
2013-10-07 17:14 - 2013-07-03 17:21 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\BitTorrent
2013-10-07 16:59 - 2013-03-01 08:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-07 16:23 - 2013-10-07 16:22 - 00000000 ____D C:\ProgramData\MFAData
2013-10-07 16:22 - 2013-10-07 16:22 - 00000000 ____D C:\Users\Stefan\AppData\Local\MFAData
2013-10-07 16:22 - 2013-10-07 16:22 - 00000000 ____D C:\Users\Stefan\AppData\Local\Avg2014
2013-10-07 16:12 - 2013-10-07 16:11 - 04433128 _____ (AVG Technologies) C:\Users\Stefan\Downloads\avg_isct_stb_all_2014_4142_free.exe
2013-10-07 16:09 - 2013-03-10 18:56 - 00000000 ____D C:\Users\Stefan\Desktop\Torrents
2013-10-07 15:26 - 2013-02-24 11:55 - 00000000 ____D C:\Users\Stefan\Desktop\Start-up CD
2013-10-07 14:54 - 2013-10-07 14:55 - 00006396 _____ C:\Users\Stefan\Downloads\0677.mpssvc.reg
2013-10-07 14:54 - 2013-10-07 14:54 - 00229548 _____ C:\Users\Stefan\Downloads\1055.BFE.reg
2013-10-07 14:47 - 2013-10-07 14:42 - 00007619 _____ C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
2013-10-07 14:29 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files\NetSpeedMonitor
2013-10-07 13:31 - 2013-09-12 14:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-04 09:20 - 2013-02-24 12:10 - 00000000 ____D C:\Users\Stefan\AppData\Local\Mozilla
2013-10-04 04:26 - 2013-10-04 04:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 17:09 - 2013-03-11 06:33 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-01 17:09 - 2013-02-24 11:02 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-01 17:08 - 2013-10-01 17:08 - 00002153 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
2013-10-01 17:08 - 2013-10-01 17:08 - 00000000 ____D C:\Users\Stefan\Documents\My Games
2013-10-01 17:08 - 2013-10-01 17:08 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2013-10-01 17:07 - 2013-10-01 17:07 - 00000000 ____D C:\Program Files\Firaxis Games
2013-10-01 17:06 - 2013-03-11 06:30 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-09-29 17:16 - 2013-08-23 11:17 - 00000000 ____D C:\Program Files\DefaultTab
2013-09-29 11:30 - 2013-08-31 15:27 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\dvdcss
2013-09-27 22:00 - 2013-02-24 12:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-27 22:00 - 2013-02-24 12:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-16 07:50 - 2013-02-24 10:55 - 00000000 ____D C:\Users\Stefan\AppData\Local\VirtualStore
2013-09-16 07:46 - 2013-05-01 14:21 - 00000000 ___HD C:\Users\Stefan\Desktop\Application
2013-09-15 21:28 - 2013-08-31 15:29 - 00000000 ____D C:\Users\Stefan\.dvdcss
2013-09-14 18:57 - 2013-08-23 11:17 - 00000884 __RSH C:\Users\Stefan\ntuser.pol
2013-09-13 13:05 - 2013-09-13 13:04 - 00160272 _____ C:\Windows\Minidump\091313-22432-01.dmp
2013-09-13 13:04 - 2013-09-13 13:04 - 356384572 _____ C:\Windows\MEMORY.DMP
2013-09-13 13:04 - 2013-09-12 16:59 - 00000000 ____D C:\Windows\Minidump
2013-09-13 07:17 - 2013-09-13 07:17 - 00000000 ____D C:\Program Files\ESET
2013-09-12 16:59 - 2013-09-12 16:59 - 00661376 _____ C:\Windows\Minidump\091213-18486-01.dmp
2013-09-12 14:53 - 2013-09-12 14:53 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Mozilla
2013-09-12 14:52 - 2013-09-12 14:52 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-12 14:51 - 2013-08-08 18:03 - 00000000 ____D C:\Program Files\Google
2013-09-12 14:51 - 2013-05-02 19:48 - 00000000 ____D C:\Users\Stefan\AppData\Local\Google
2013-09-11 18:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-11 17:11 - 2009-07-14 06:33 - 00428040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 17:09 - 2013-02-24 10:56 - 00830016 _____ C:\Windows\WindowsUpdate.log
2013-09-11 15:42 - 2013-09-11 14:59 - 00000000 ___HD C:\Users\Stefan\Desktop\leeupoort
2013-09-11 07:44 - 2013-02-24 11:04 - 00122560 _____ C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 07:43 - 2013-09-11 07:43 - 00002735 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-11 07:43 - 2013-09-11 07:43 - 00002166 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-11 07:43 - 2013-09-11 07:43 - 00000000 ____D C:\Program Files\Vodafone
2013-09-10 18:42 - 2013-09-08 18:49 - 00000049 _____ C:\Windows\NeroDigital.ini
2013-09-09 09:39 - 2013-09-09 09:39 - 00000000 ____D C:\Sports Mogul
2013-09-09 09:09 - 2013-09-09 09:09 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-09-09 09:02 - 2013-09-09 09:02 - 00002220 _____ C:\Users\Public\Desktop\OOTP Baseball 13.lnk
2013-09-09 09:02 - 2013-09-09 09:02 - 00000000 ____D C:\Users\Stefan\Documents\Out of the Park Developments
2013-09-09 09:02 - 2013-09-09 09:02 - 00000000 ____D C:\ProgramData\eSellerate
2013-09-09 09:02 - 2013-09-09 09:02 - 00000000 ____D C:\Program Files\Common Files\eSellerate
2013-09-09 09:02 - 2013-03-20 19:05 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-09-09 09:01 - 2013-09-09 09:01 - 00000000 ____D C:\Windows\Out of the Park Baseball 13
2013-09-09 09:01 - 2013-09-09 09:01 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Out of the Park Developments
2013-09-09 09:01 - 2013-09-09 09:01 - 00000000 ____D C:\Program Files\Out of the Park Developments

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
C:\Users\Stefan\AppData\Local\Temp\csrss.exe
ZeroAccess:
C:\Users\Stefan\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\ProgramData\dxrrblix.exe
C:\Users\Stefan\dxakokxu.exe
C:\Users\Stefan\dxavzr.exe
C:\Users\Stefan\dxbesgdoq.exe
C:\Users\Stefan\dxcadh.exe
C:\Users\Stefan\dxcbaathv.exe
C:\Users\Stefan\dxddoi.exe
C:\Users\Stefan\dxdjbu.exe
C:\Users\Stefan\dxehlohv.exe
C:\Users\Stefan\dxgcftur.exe
C:\Users\Stefan\dxhuamnw.exe
C:\Users\Stefan\dxhvrn.exe
C:\Users\Stefan\dxiewkke.exe
C:\Users\Stefan\dxifgxuu.exe
C:\Users\Stefan\dxiynj.exe
C:\Users\Stefan\dxizkvbep.exe
C:\Users\Stefan\dxkdufa.exe
C:\Users\Stefan\dxlabpuqo.exe
C:\Users\Stefan\dxlmhx.exe
C:\Users\Stefan\dxmwpq.exe
C:\Users\Stefan\dxojim.exe
C:\Users\Stefan\dxoyiv.exe
C:\Users\Stefan\dxqafz.exe
C:\Users\Stefan\dxriojni.exe
C:\Users\Stefan\dxrjiy.exe
C:\Users\Stefan\dxsezfjt.exe
C:\Users\Stefan\dxtjrk.exe
C:\Users\Stefan\dxtseu.exe
C:\Users\Stefan\dxudeh.exe
C:\Users\Stefan\dxvyvlii.exe
C:\Users\Stefan\dxxikia.exe
C:\Users\Stefan\dxxtwdeuo.exe
C:\Users\Stefan\dxyrsiu.exe
C:\Users\Stefan\dxzkhbwa.exe


Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\1345545343.exe
C:\Users\Stefan\AppData\Local\Temp\1345550028.exe
C:\Users\Stefan\AppData\Local\Temp\1347056850.exe
C:\Users\Stefan\AppData\Local\Temp\1348369731.exe
C:\Users\Stefan\AppData\Local\Temp\1348385342.exe
C:\Users\Stefan\AppData\Local\Temp\1348385637.exe
C:\Users\Stefan\AppData\Local\Temp\1364500553.exe
C:\Users\Stefan\AppData\Local\Temp\1364503380.exe
C:\Users\Stefan\AppData\Local\Temp\1373093828.exe
C:\Users\Stefan\AppData\Local\Temp\1373099186.exe
C:\Users\Stefan\AppData\Local\Temp\1373307441.exe
C:\Users\Stefan\AppData\Local\Temp\1390877027.exe
C:\Users\Stefan\AppData\Local\Temp\1423717569.exe
C:\Users\Stefan\AppData\Local\Temp\77Zip973867.exe
C:\Users\Stefan\AppData\Local\Temp\AutoRun.exe
C:\Users\Stefan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Stefan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Stefan\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Stefan\AppData\Local\Temp\csrss.exe
C:\Users\Stefan\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Stefan\AppData\Local\Temp\EBU1489.EXE
C:\Users\Stefan\AppData\Local\Temp\EBU14F6.DLL
C:\Users\Stefan\AppData\Local\Temp\EBU34D5.EXE
C:\Users\Stefan\AppData\Local\Temp\EBU35EE.DLL
C:\Users\Stefan\AppData\Local\Temp\EBU7B27.EXE
C:\Users\Stefan\AppData\Local\Temp\EBU7BA4.DLL
C:\Users\Stefan\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Stefan\AppData\Local\Temp\msdt.exe
C:\Users\Stefan\AppData\Local\Temp\ootp13setup.exe
C:\Users\Stefan\AppData\Local\Temp\ose00000.exe
C:\Users\Stefan\AppData\Local\Temp\SIntf16.dll
C:\Users\Stefan\AppData\Local\Temp\SIntf32.dll
C:\Users\Stefan\AppData\Local\Temp\SIntfNT.dll
C:\Users\Stefan\AppData\Local\Temp\SweetIMSetup.exe
C:\Users\Stefan\AppData\Local\Temp\ubiC524.tmp.exe
C:\Users\Stefan\AppData\Local\Temp\uninstaller.exe
C:\Users\Stefan\AppData\Local\Temp\utt5FE5.tmp.exe
C:\Users\Stefan\AppData\Local\Temp\WAKUNX.exe
C:\Users\Stefan\AppData\Local\Temp\_isFD26.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-10-03 02:14

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Stefan at 2013-10-08 06:51:31
Running from C:\Users\Stefan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 9.5.0 (Version: 9.5.0)
aioprnt (Version: 5.7.4.0)
aioscnnr (Version: 6.0.2.0)
Assassin's Creed Brotherhood (Version: 1.00)
Baseball Mogul 2012 (Version: 14.00)
BitTorrent (HKCU Version: 7.8.1.30016)
Capitalism II
center (Version: 6.2.5.0)
Chord Pickout 2.0 (Version: 2.0)
CutePDF Writer 3.0 (Version: 3.0)
DAEMON Tools Lite (Version: 4.46.1.0327)
DefaultTab (Version: 2.2.8.0)
EAX4 Unified Redist (Version: 4.001)
essentials (Version: 6.0.14.0)
Europa Universalis III
FIFA 10 (Version: 1.0.0.0)
Football Manager 2012
Game Dev Tycoon v1.3.2 © Greenheart Games version 1 (Version: 1)
Gangsters
Guitar Pro 5.2
Industry Giant 2 - Gold Edition (Version: 1.0.0)
Kodak AIO Printer (Version: 6.2.4.0)
KODAK AiO Software (Version: 6.2.6.20)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2003 Web Components (Version: 12.0.4518.1014)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Project Professional 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movavi Video Converter 10 (Version: 10.02.002)
Mozilla Firefox 24.0 (x86 en-ZA) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Nero 7 Micro 7.11.10.0 (Version: 7.11.10.0)
NetSpeedMonitor 2.5.4.0 x86 (Version: 2.5.4.0)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
ocr (Version: 6.2.3.50)
Out of the Park Baseball 13 (Version: 13)
PreReq (Version: 6.2.2.60)
Railroad Tycoon 3 (Version: 1.0)
Search.us.com
Shockwave
Sid Meier's Pirates! (Version: 1.00.0000)
Silver Sands Poker Version 2.1.0.19
SimCity 4 Deluxe
SolidWorks 2011 SP0 (Version: 19.0.0.5019)
SolidWorks 2011 SP0 (Version: 19.100.5019)
SolidWorks eDrawings 2011 SP0 (Version: 11.0.720)
SolidWorks Explorer 2011 SP0 (Version: 19.00.5019)
The Sims™ 3 (Version: 1.12.70)
The Sims™ 3 Ambitions (Version: 4.0.87)
Ubisoft Game Launcher (Version: 1.0.0.0)
Vietcong 2
VLC media player 2.0.5 (Version: 2.0.5)
Vodafone Mobile Broadband Lite (Version: 10.2.103.31248)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
YTD Video Downloader 4.0 (Version: 4.0)

==================== Restore Points =========================

13-09-2013 05:16:44 Installed ESET NOD32 Antivirus
13-09-2013 05:20:50 Installed ESET NOD32 Antivirus
13-09-2013 06:13:09 Installed ESET NOD32 Antivirus
13-09-2013 06:27:53 Installed ESET NOD32 Antivirus
13-09-2013 06:31:19 Installed ESET NOD32 Antivirus
23-09-2013 08:54:40 Scheduled Checkpoint
01-10-2013 15:06:16 Installed Sid Meier's Pirates!
07-10-2013 12:29:36 Installed NetSpeedMonitor 2.5.4.0 x86

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1BE3A44E-3AE8-427E-BAD0-D86FCBF74228} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-27] (Adobe Systems Incorporated)
Task: {8ACD13BB-48A6-4790-B9A2-FAB01CC09180} - System32\Tasks\shut down => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {9FE2E044-5B11-41DC-BC26-EAA0A7610A7B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {A22BEDCE-B2B4-47EE-9CF2-2ABD905B843E} - System32\Tasks\auto shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-07-14 01:12 - 2009-07-14 03:15 - 00232448 _____ () C:\Windows\system32\mswsock.dll
2012-12-13 02:12 - 2012-12-13 02:12 - 00111104 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 02286592 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00219648 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00049664 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00051200 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00070144 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00037376 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00157696 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00093696 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00258560 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00047616 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00043520 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2012-12-13 02:12 - 2012-12-13 02:12 - 00440320 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
2012-12-13 02:12 - 2012-12-13 02:12 - 00724992 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00038912 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00083968 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2012-12-13 02:12 - 2012-12-13 02:12 - 00035840 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00106496 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 01544192 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00310784 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 01238016 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00051200 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00037888 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 11998720 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00198656 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00092160 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00073728 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00045568 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00044544 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00095744 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00044032 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00037888 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00040448 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00973312 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00085504 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 01229312 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00695296 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\liblive555_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00110592 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00035840 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00040448 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00040960 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00039936 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00134656 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00039424 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll
2012-12-13 02:12 - 2012-12-13 02:12 - 00411648 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00039424 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00035840 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00484864 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00037888 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00047104 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00055296 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00057344 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00035328 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00039936 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00037376 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00037888 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00035328 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 09263616 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00288768 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00041984 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00038400 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00185856 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00038400 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 01318912 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00051200 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 01719296 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00043008 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00372224 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00154624 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00037376 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00386560 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00265216 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 01888256 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00310784 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00041472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00043008 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00263168 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00040448 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00042496 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00703488 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00052224 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00044032 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00379392 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00139264 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00050688 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00041984 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00077824 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00040960 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00042496 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00056320 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00040960 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00044544 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00036864 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00035840 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00034816 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00070656 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00182272 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00068608 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00135168 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 01518080 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00036864 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00034816 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00038400 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00036864 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00035328 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00045568 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00033792 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
2012-12-13 02:13 - 2012-12-13 02:13 - 00040960 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2013-10-04 04:26 - 2013-10-04 04:26 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-05-15 02:21 - 2012-05-15 02:21 - 00368448 _____ () C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2013-09-12 15:00 - 2013-09-12 15:00 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2013 06:15:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52302dc0
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52302dc0
Exception code: 0xc0000005
Fault offset: 0x00002c80
Faulting process id: 0x478
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3

Error: (10/08/2013 06:15:45 AM) (Source: VmbService) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (10/08/2013 06:15:35 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/07/2013 03:04:38 PM) (Source: VmbService) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (10/07/2013 03:04:26 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/07/2013 01:31:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52302dc0
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52302dc0
Exception code: 0xc0000005
Fault offset: 0x00002c80
Faulting process id: 0x824
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3

Error: (10/07/2013 01:31:37 PM) (Source: VmbService) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (10/07/2013 01:31:23 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/04/2013 01:11:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/04/2013 01:11:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (10/08/2013 06:15:48 AM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

Error: (10/08/2013 06:15:44 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (10/08/2013 06:15:42 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5

Error: (10/08/2013 06:15:41 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5

Error: (10/08/2013 06:15:40 AM) (Source: Service Control Manager) (User: )
Description: The Base Filtering Engine service terminated with the following error:
%%5

Error: (10/07/2013 03:10:27 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (10/07/2013 03:09:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (10/07/2013 03:08:53 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (10/07/2013 03:08:34 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (10/07/2013 03:04:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 3583.18 MB
Available physical RAM: 2419.96 MB
Total Pagefile: 7164.64 MB
Available Pagefile: 5815.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:3.1 GB) NTFS
Drive d: (Partition) (Fixed) (Total:368 GB) (Free:22.75 GB) NTFS
Drive e: (ANIMALS) (CDROM) (Total:4.17 GB) (Free:0 GB) UDF
Drive h: (Portable) (Fixed) (Total:298.09 GB) (Free:30.34 GB) NTFS
Drive i: (Disc 1) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7EF09761)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: E3414533)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,006 posts
  • MVP
Impressive collection of malware you have yourself:

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that


If it doesn't reboot after running FRST please do so then

Let's run FRST again to see how we did.
[*]Right click to run as administrator. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
  • 0

#5
Stefan1274

Stefan1274

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Ron,

Thanks, I followed all the steps. Below and attached are the logs as requested.

Good news is that the effectis already apparent; no ghost data flow as per my NetSpeedMonitor.

Cheers

FRST fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Stefan at 2013-10-24 17:26:32 Run:1
Running from C:\Users\Stefan\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Stefan\AppData\Local\Temp\csrss.exe [239616 2013-09-19] (NoVirusThanks Company Srl) <===== ATTENTION
HKLM\...\Policies\Explorer\Run: [44992] - c:\progra~2\dxrrblix.exe [357888 2009-07-14] ( ())
HKLM\...\Policies\Explorer: [3212083974] 0x504B0304C239B7F8068374BFB511000000400000E269F63D73594F6202C9694280CC96A28BBD63516FE3C2D5F7A2FF87AC
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Stefan\AppData\Local\Temp\csrss.exe [239616 2013-09-19] (NoVirusThanks Company Srl) <===== ATTENTION
HKCU\...\CurrentVersion\Windows: [Load] c:\users\stefan\dxmwpq.exe <===== ATTENTION
S2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-09-16] ()
R2 DefaultTabUpdate; C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-08-23] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{2e754a38-a09f-89b0-736a-408075ef620d}\ \...\???\{2e754a38-a09f-89b0-736a-408075ef620d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
S3 iBurstu; system32\DRIVERS\iBurstu.sys [x]
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\Stefan\AppData\Local\Temp\csrss.exe
C:\Users\Stefan\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\ProgramData\dxrrblix.exe
C:\Users\Stefan\dxakokxu.exe
C:\Users\Stefan\dxavzr.exe
C:\Users\Stefan\dxbesgdoq.exe
C:\Users\Stefan\dxcadh.exe
C:\Users\Stefan\dxcbaathv.exe
C:\Users\Stefan\dxddoi.exe
C:\Users\Stefan\dxdjbu.exe
C:\Users\Stefan\dxehlohv.exe
C:\Users\Stefan\dxgcftur.exe
C:\Users\Stefan\dxhuamnw.exe
C:\Users\Stefan\dxhvrn.exe
C:\Users\Stefan\dxiewkke.exe
C:\Users\Stefan\dxifgxuu.exe
C:\Users\Stefan\dxiynj.exe
C:\Users\Stefan\dxizkvbep.exe
C:\Users\Stefan\dxkdufa.exe
C:\Users\Stefan\dxlabpuqo.exe
C:\Users\Stefan\dxlmhx.exe
C:\Users\Stefan\dxmwpq.exe
C:\Users\Stefan\dxojim.exe
C:\Users\Stefan\dxoyiv.exe
C:\Users\Stefan\dxqafz.exe
C:\Users\Stefan\dxriojni.exe
C:\Users\Stefan\dxrjiy.exe
C:\Users\Stefan\dxsezfjt.exe
C:\Users\Stefan\dxtjrk.exe
C:\Users\Stefan\dxtseu.exe
C:\Users\Stefan\dxudeh.exe
C:\Users\Stefan\dxvyvlii.exe
C:\Users\Stefan\dxxikia.exe
C:\Users\Stefan\dxxtwdeuo.exe
C:\Users\Stefan\dxyrsiu.exe
C:\Users\Stefan\dxzkhbwa.exe
C:\Users\Stefan\AppData\Local\Temp\1345545343.exe
C:\Users\Stefan\AppData\Local\Temp\1345550028.exe
C:\Users\Stefan\AppData\Local\Temp\1347056850.exe
C:\Users\Stefan\AppData\Local\Temp\1348369731.exe
C:\Users\Stefan\AppData\Local\Temp\1348385342.exe
C:\Users\Stefan\AppData\Local\Temp\1348385637.exe
C:\Users\Stefan\AppData\Local\Temp\1364500553.exe
C:\Users\Stefan\AppData\Local\Temp\1364503380.exe
C:\Users\Stefan\AppData\Local\Temp\1373093828.exe
C:\Users\Stefan\AppData\Local\Temp\1373099186.exe
C:\Users\Stefan\AppData\Local\Temp\1373307441.exe
C:\Users\Stefan\AppData\Local\Temp\1390877027.exe
C:\Users\Stefan\AppData\Local\Temp\1423717569.exe
C:\Users\Stefan\AppData\Local\Temp\77Zip973867.exe
C:\Users\Stefan\AppData\Local\Temp\AutoRun.exe
C:\Users\Stefan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Stefan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Stefan\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Stefan\AppData\Local\Temp\csrss.exe
C:\Users\Stefan\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Stefan\AppData\Local\Temp\EBU1489.EXE
C:\Users\Stefan\AppData\Local\Temp\EBU14F6.DLL
C:\Users\Stefan\AppData\Local\Temp\EBU34D5.EXE
C:\Users\Stefan\AppData\Local\Temp\EBU35EE.DLL
C:\Users\Stefan\AppData\Local\Temp\EBU7B27.EXE
C:\Users\Stefan\AppData\Local\Temp\EBU7BA4.DLL
C:\Users\Stefan\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Stefan\AppData\Local\Temp\msdt.exe
C:\Users\Stefan\AppData\Local\Temp\ootp13setup.exe
C:\Users\Stefan\AppData\Local\Temp\ose00000.exe
C:\Users\Stefan\AppData\Local\Temp\SIntf16.dll
C:\Users\Stefan\AppData\Local\Temp\SIntf32.dll
C:\Users\Stefan\AppData\Local\Temp\SIntfNT.dll
C:\Users\Stefan\AppData\Local\Temp\SweetIMSetup.exe
C:\Users\Stefan\AppData\Local\Temp\ubiC524.tmp.exe
C:\Users\Stefan\AppData\Local\Temp\uninstaller.exe
C:\Users\Stefan\AppData\Local\Temp\utt5FE5.tmp.exe
C:\Users\Stefan\AppData\Local\Temp\WAKUNX.exe
C:\Users\Stefan\AppData\Local\Temp\_isFD26.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
CMD: netsh winsock reset


*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Hosting Service => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\44992 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\3212083974 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Hosting Service => Value not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
DefaultTabSearch => Service deleted successfully.
DefaultTabUpdate => Service deleted successfully.
rpcapd => Service deleted successfully.
*etadpug => Service deleted successfully.
iBurstu => Service deleted successfully.
C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\csrss.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Google\Desktop\Install => Moved successfully.

"C:\Program Files\Google\Desktop\Install" directory move:

Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.

C:\ProgramData\dxrrblix.exe => Moved successfully.
C:\Users\Stefan\dxakokxu.exe => Moved successfully.
C:\Users\Stefan\dxavzr.exe => Moved successfully.
C:\Users\Stefan\dxbesgdoq.exe => Moved successfully.
C:\Users\Stefan\dxcadh.exe => Moved successfully.
C:\Users\Stefan\dxcbaathv.exe => Moved successfully.
C:\Users\Stefan\dxddoi.exe => Moved successfully.
C:\Users\Stefan\dxdjbu.exe => Moved successfully.
C:\Users\Stefan\dxehlohv.exe => Moved successfully.
C:\Users\Stefan\dxgcftur.exe => Moved successfully.
C:\Users\Stefan\dxhuamnw.exe => Moved successfully.
C:\Users\Stefan\dxhvrn.exe => Moved successfully.
C:\Users\Stefan\dxiewkke.exe => Moved successfully.
C:\Users\Stefan\dxifgxuu.exe => Moved successfully.
C:\Users\Stefan\dxiynj.exe => Moved successfully.
C:\Users\Stefan\dxizkvbep.exe => Moved successfully.
C:\Users\Stefan\dxkdufa.exe => Moved successfully.
C:\Users\Stefan\dxlabpuqo.exe => Moved successfully.
C:\Users\Stefan\dxlmhx.exe => Moved successfully.
C:\Users\Stefan\dxmwpq.exe => Moved successfully.
C:\Users\Stefan\dxojim.exe => Moved successfully.
C:\Users\Stefan\dxoyiv.exe => Moved successfully.
C:\Users\Stefan\dxqafz.exe => Moved successfully.
C:\Users\Stefan\dxriojni.exe => Moved successfully.
C:\Users\Stefan\dxrjiy.exe => Moved successfully.
C:\Users\Stefan\dxsezfjt.exe => Moved successfully.
C:\Users\Stefan\dxtjrk.exe => Moved successfully.
C:\Users\Stefan\dxtseu.exe => Moved successfully.
C:\Users\Stefan\dxudeh.exe => Moved successfully.
C:\Users\Stefan\dxvyvlii.exe => Moved successfully.
C:\Users\Stefan\dxxikia.exe => Moved successfully.
C:\Users\Stefan\dxxtwdeuo.exe => Moved successfully.
C:\Users\Stefan\dxyrsiu.exe => Moved successfully.
C:\Users\Stefan\dxzkhbwa.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1345545343.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1345550028.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1347056850.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1348369731.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1348385342.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1348385637.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1364500553.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1364503380.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1373093828.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1373099186.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1373307441.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1390877027.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\1423717569.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\77Zip973867.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\CmdLineExt03.dll => Moved successfully.
"C:\Users\Stefan\AppData\Local\Temp\csrss.exe" => File/Directory not found.
C:\Users\Stefan\AppData\Local\Temp\drm_dyndata_7400009.dll => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\EBU1489.EXE => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\EBU14F6.DLL => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\EBU34D5.EXE => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\EBU35EE.DLL => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\EBU7B27.EXE => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\EBU7BA4.DLL => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\mgsqlite3.dll => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\msdt.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\ootp13setup.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\SIntf16.dll => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\SIntf32.dll => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\SweetIMSetup.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\ubiC524.tmp.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\uninstaller.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\utt5FE5.tmp.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\WAKUNX.exe => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\_isFD26.exe => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000002\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll

========= netsh winsock reset =========

The following helper DLL cannot be loaded: WSHELPER.DLL.
The following command was not found: winsock reset.

========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

C:\Program Files\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Stefan (administrator) on STEFAN-PC on 24-10-2013 17:28:51
Running from C:\Users\Stefan\Downloads
Microsoft Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Amonetizé Ltd) C:\Users\Stefan\AppData\Local\SwvUpdater\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM\...\Run: [EKAiO2StatusMonitor] - C:\Windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe [2421760 2011-03-01] (Eastman Kodak Company)
HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [408576 2011-04-19] (Vodafone)
HKLM\...\Run: [Registry Helper] - "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
MountPoints2: I - I:\autorun.exe
MountPoints2: {031d204d-7e61-11e2-85f8-02c0ee6543d1} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {031d210d-7e61-11e2-85f8-02c0ee6543d1} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {031d2165-7e61-11e2-85f8-02c0ee6543d1} - I:\autorun.exe
MountPoints2: {16f87916-03ea-11e3-abb3-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {16fba005-1aa2-11e3-a79d-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {3a9f90e5-86e5-11e2-b64c-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {65538eaf-8c71-11e2-a1e4-02c0ee6562cf} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {65538eb4-8c71-11e2-a1e4-02c0ee6562cf} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {7127b1f2-1af4-11e3-ac9b-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {7127b204-1af4-11e3-ac9b-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {8f396b0a-ebb6-11e2-a859-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {ca4bcc16-1c3b-11e3-9400-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {f06774a7-b30b-11e2-8f64-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {f70ec47d-b898-11e2-a843-002618c91d6b} - F:\setup_vmb_lite.exe /checkApplicationPresence
AppInit_DLLs: [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.search....F6214E}&serpv=5
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.you...938&lg=EN&cc=ZA
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.you...938&lg=EN&cc=ZA
SearchScopes: HKCU - {5C49C060-6DEE-4BE9-8C91-B03DBFF55B81} URL = http://search.us.com...k={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.you...938&lg=EN&cc=ZA
SearchScopes: HKCU - {D735BCC8-CE8F-4074-A6F9-39F6424517E8} URL = http://search.yahoo....petb&type=10547
BHO: ElectroLyrics-1 - {11111111-1111-1111-1111-110411181144} - C:\Program Files\ElectroLyrics-1\ElectroLyrics-1-bho.dll (Lyrics)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 20 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 21 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 22 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 23 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 24 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 25 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 26 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 27 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 28 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 29 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 30 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 31 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 32 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 33 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 34 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 35 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 36 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 37 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 38 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 39 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 40 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 41 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 42 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 43 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 44 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 45 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 46 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 47 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 48 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 49 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 50 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 51 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 52 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 53 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 54 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 55 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 56 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 57 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 58 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 59 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 60 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 61 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 62 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 63 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 64 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 65 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 66 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 67 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 68 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{131B5047-1B2C-449F-9AAC-DC252D82C1E1}: [NameServer]196.207.36.251 196.207.36.254
Tcpip\..\Interfaces\{17F7B7DA-3406-4F8D-9541-EA905EED8D4A}: [NameServer]196.207.36.251 196.207.36.254
Tcpip\..\Interfaces\{C775872A-FCC3-42EA-AAFA-AD8B5396A367}: [NameServer]196.207.36.251 196.207.36.254
Tcpip\..\Interfaces\{CB318F49-15F3-407F-9EBE-BBA23BBCC213}: [NameServer]196.207.36.251 196.207.36.254

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default
FF Homepage: hxxp://start.search.us.com/v/2/?guid={5CD6CB79-8ADD-4852-82CF-00ED47F6214E}&serpv=5
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Stefan\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\Stefan\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com)
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\Extensions\[email protected]bd1d0f742.com

========================== Services (Whitelisted) =================

S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [87336 2010-10-05] (Dassault Systèmes SolidWorks Corp.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-07-18] (Flexera Software, Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [366000 2011-03-09] (Eastman Kodak Company)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2006-10-26] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-07-18] (SolidWorks)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone)
S2 Registry Helper Service; C:\Program Files\Registry Helper\RegistryHelperService.exe [x]

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-24] (DT Soft Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2011-01-04] (CACE Technologies)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [311808 2009-07-14] (Realtek)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-24 17:23 - 2013-10-24 17:23 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Stefan\Downloads\tdsskiller.exe
2013-10-24 17:20 - 2013-10-24 17:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Stefan\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-24 17:12 - 2013-10-24 17:13 - 05136677 _____ (Swearware) C:\Users\Stefan\Downloads\ComboFix.exe
2013-10-24 17:12 - 2013-10-24 17:13 - 01906472 _____ (Express Install ) C:\Users\Stefan\Downloads\setup.exe
2013-10-23 19:06 - 2013-10-23 21:06 - 00000000 ____D C:\Users\Stefan\Desktop\cd's musiek
2013-10-22 19:48 - 2013-10-22 21:19 - 00000000 ____D C:\Users\Stefan\Desktop\linds bday cd
2013-10-22 19:25 - 2013-10-22 19:25 - 00001336 _____ C:\Users\Stefan\Desktop\Free Video to MP3 Converter.lnk
2013-10-22 19:25 - 2013-10-22 19:25 - 00001201 _____ C:\Users\Stefan\Desktop\DVDVideoSoft Free Studio.lnk
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Stefan\Documents\DVDVideoSoft
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Program Files\Common Files\Plasmoo
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-10-08 08:18 - 2013-10-24 17:28 - 00001348 _____ C:\Windows\Tasks\ElectroLyrics-1-updater.job
2013-10-08 08:18 - 2013-10-24 17:28 - 00001254 _____ C:\Windows\Tasks\ElectroLyrics-1-codedownloader.job
2013-10-08 08:18 - 2013-10-24 17:28 - 00001154 _____ C:\Windows\Tasks\ElectroLyrics-1-enabler.job
2013-10-08 08:18 - 2013-10-08 08:18 - 00000985 _____ C:\Users\Stefan\Desktop\SevenZip.lnk
2013-10-08 08:18 - 2013-10-08 08:18 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SevenZip 9.20
2013-10-08 08:18 - 2013-10-08 08:18 - 00000000 ____D C:\Program Files\SevenZip
2013-10-08 08:17 - 2013-10-24 17:28 - 00001882 _____ C:\Windows\Tasks\ElectroLyrics-1-firefoxinstaller.job
2013-10-08 08:17 - 2013-10-08 08:18 - 00000000 ____D C:\Program Files\ElectroLyrics-1
2013-10-08 08:15 - 2013-10-24 17:28 - 00000360 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-10-08 08:15 - 2013-10-08 08:15 - 00000000 ____D C:\Users\Stefan\AppData\Local\SwvUpdater
2013-10-08 06:50 - 2013-10-24 17:28 - 00000000 ____D C:\FRST
2013-10-08 06:47 - 2013-10-08 06:47 - 01087213 _____ (Farbar) C:\Users\Stefan\Downloads\FRST.exe
2013-10-07 16:22 - 2013-10-07 16:23 - 00000000 ____D C:\ProgramData\MFAData
2013-10-07 16:22 - 2013-10-07 16:22 - 00000000 ____D C:\Users\Stefan\AppData\Local\MFAData
2013-10-07 16:22 - 2013-10-07 16:22 - 00000000 ____D C:\Users\Stefan\AppData\Local\Avg2014
2013-10-07 16:11 - 2013-10-07 16:12 - 04433128 _____ (AVG Technologies) C:\Users\Stefan\Downloads\avg_isct_stb_all_2014_4142_free.exe
2013-10-07 14:55 - 2013-10-07 14:54 - 00006396 _____ C:\Users\Stefan\Downloads\0677.mpssvc.reg
2013-10-07 14:54 - 2013-10-07 14:54 - 00229548 _____ C:\Users\Stefan\Downloads\1055.BFE.reg
2013-10-07 14:42 - 2013-10-23 05:26 - 00007632 _____ C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
2013-10-07 14:29 - 2013-10-24 17:28 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\NetSpeedMonitor
2013-10-07 14:29 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files\NetSpeedMonitor
2013-10-04 04:26 - 2013-10-04 04:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 17:08 - 2013-10-01 17:08 - 00002153 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
2013-10-01 17:08 - 2013-10-01 17:08 - 00000000 ____D C:\Users\Stefan\Documents\My Games
2013-10-01 17:08 - 2013-10-01 17:08 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2013-10-01 17:07 - 2013-10-01 17:07 - 00000000 ____D C:\Program Files\Firaxis Games

==================== One Month Modified Files and Folders =======

2013-10-24 17:28 - 2013-10-08 08:18 - 00001348 _____ C:\Windows\Tasks\ElectroLyrics-1-updater.job
2013-10-24 17:28 - 2013-10-08 08:18 - 00001254 _____ C:\Windows\Tasks\ElectroLyrics-1-codedownloader.job
2013-10-24 17:28 - 2013-10-08 08:18 - 00001154 _____ C:\Windows\Tasks\ElectroLyrics-1-enabler.job
2013-10-24 17:28 - 2013-10-08 08:17 - 00001882 _____ C:\Windows\Tasks\ElectroLyrics-1-firefoxinstaller.job
2013-10-24 17:28 - 2013-10-08 08:15 - 00000360 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-10-24 17:28 - 2013-10-08 06:50 - 00000000 ____D C:\FRST
2013-10-24 17:28 - 2013-10-07 14:29 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\NetSpeedMonitor
2013-10-24 17:28 - 2013-05-18 14:17 - 00000000 ____D C:\ProgramData\Kodak
2013-10-24 17:28 - 2013-02-24 13:13 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-24 17:28 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-24 17:28 - 2009-07-14 06:39 - 00162568 _____ C:\Windows\setupact.log
2013-10-24 17:27 - 2013-02-25 18:47 - 00019674 _____ C:\Windows\PFRO.log
2013-10-24 17:26 - 2013-02-24 10:55 - 00000000 ____D C:\Users\Stefan
2013-10-24 17:23 - 2013-10-24 17:23 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Stefan\Downloads\tdsskiller.exe
2013-10-24 17:20 - 2013-10-24 17:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Stefan\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-24 17:13 - 2013-10-24 17:12 - 05136677 _____ (Swearware) C:\Users\Stefan\Downloads\ComboFix.exe
2013-10-24 17:13 - 2013-10-24 17:12 - 01906472 _____ (Express Install ) C:\Users\Stefan\Downloads\setup.exe
2013-10-24 17:00 - 2013-02-24 10:59 - 00795074 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-24 16:59 - 2013-03-01 08:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 06:32 - 2013-03-08 03:05 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\vlc
2013-10-23 21:06 - 2013-10-23 19:06 - 00000000 ____D C:\Users\Stefan\Desktop\cd's musiek
2013-10-23 18:44 - 2013-02-24 11:55 - 00000000 ____D C:\Users\Stefan\Desktop\Start-up CD
2013-10-23 05:26 - 2013-10-07 14:42 - 00007632 _____ C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
2013-10-22 21:19 - 2013-10-22 19:48 - 00000000 ____D C:\Users\Stefan\Desktop\linds bday cd
2013-10-22 19:25 - 2013-10-22 19:25 - 00001336 _____ C:\Users\Stefan\Desktop\Free Video to MP3 Converter.lnk
2013-10-22 19:25 - 2013-10-22 19:25 - 00001201 _____ C:\Users\Stefan\Desktop\DVDVideoSoft Free Studio.lnk
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Stefan\Documents\DVDVideoSoft
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Program Files\Common Files\Plasmoo
2013-10-22 19:25 - 2013-10-22 19:25 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-10-17 03:41 - 2013-08-31 15:27 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\dvdcss
2013-10-17 03:03 - 2013-08-31 15:29 - 00000000 ____D C:\Users\Stefan\.dvdcss
2013-10-10 13:46 - 2013-07-19 00:59 - 00000000 ____D C:\Program Files\Industry Giant 2
2013-10-08 08:18 - 2013-10-08 08:18 - 00000985 _____ C:\Users\Stefan\Desktop\SevenZip.lnk
2013-10-08 08:18 - 2013-10-08 08:18 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SevenZip 9.20
2013-10-08 08:18 - 2013-10-08 08:18 - 00000000 ____D C:\Program Files\SevenZip
2013-10-08 08:18 - 2013-10-08 08:17 - 00000000 ____D C:\Program Files\ElectroLyrics-1
2013-10-08 08:15 - 2013-10-08 08:15 - 00000000 ____D C:\Users\Stefan\AppData\Local\SwvUpdater
2013-10-08 08:09 - 2013-07-03 17:21 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\BitTorrent
2013-10-08 06:47 - 2013-10-08 06:47 - 01087213 _____ (Farbar) C:\Users\Stefan\Downloads\FRST.exe
2013-10-07 16:23 - 2013-10-07 16:22 - 00000000 ____D C:\ProgramData\MFAData
2013-10-07 16:22 - 2013-10-07 16:22 - 00000000 ____D C:\Users\Stefan\AppData\Local\MFAData
2013-10-07 16:22 - 2013-10-07 16:22 - 00000000 ____D C:\Users\Stefan\AppData\Local\Avg2014
2013-10-07 16:12 - 2013-10-07 16:11 - 04433128 _____ (AVG Technologies) C:\Users\Stefan\Downloads\avg_isct_stb_all_2014_4142_free.exe
2013-10-07 16:09 - 2013-03-10 18:56 - 00000000 ____D C:\Users\Stefan\Desktop\Torrents
2013-10-07 14:54 - 2013-10-07 14:55 - 00006396 _____ C:\Users\Stefan\Downloads\0677.mpssvc.reg
2013-10-07 14:54 - 2013-10-07 14:54 - 00229548 _____ C:\Users\Stefan\Downloads\1055.BFE.reg
2013-10-07 14:29 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files\NetSpeedMonitor
2013-10-07 13:31 - 2013-09-12 14:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-04 09:20 - 2013-02-24 12:10 - 00000000 ____D C:\Users\Stefan\AppData\Local\Mozilla
2013-10-04 04:26 - 2013-10-04 04:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 17:09 - 2013-03-11 06:33 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-01 17:09 - 2013-02-24 11:02 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-01 17:08 - 2013-10-01 17:08 - 00002153 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
2013-10-01 17:08 - 2013-10-01 17:08 - 00000000 ____D C:\Users\Stefan\Documents\My Games
2013-10-01 17:08 - 2013-10-01 17:08 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2013-10-01 17:07 - 2013-10-01 17:07 - 00000000 ____D C:\Program Files\Firaxis Games
2013-10-01 17:06 - 2013-03-11 06:30 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-09-29 17:16 - 2013-08-23 11:17 - 00000000 ____D C:\Program Files\DefaultTab
2013-09-27 22:00 - 2013-02-24 12:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-27 22:00 - 2013-02-24 12:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Stefan\dxagvi.exe
C:\Users\Stefan\dxaleyl.exe
C:\Users\Stefan\dxayxcs.exe
C:\Users\Stefan\dxeccpws.exe
C:\Users\Stefan\dxemys.exe
C:\Users\Stefan\dxeriuw.exe
C:\Users\Stefan\dxfjnn.exe
C:\Users\Stefan\dxhbewgfq.exe
C:\Users\Stefan\dxhgyx.exe
C:\Users\Stefan\dxijldymn.exe
C:\Users\Stefan\dxivie.exe
C:\Users\Stefan\dxmfdot.exe
C:\Users\Stefan\dxnaku.exe
C:\Users\Stefan\dxnsqb.exe
C:\Users\Stefan\dxoaua.exe
C:\Users\Stefan\dxokxybd.exe
C:\Users\Stefan\dxqeuiurj.exe
C:\Users\Stefan\dxqzso.exe
C:\Users\Stefan\dxrkosal.exe
C:\Users\Stefan\dxuhweann.exe
C:\Users\Stefan\dxujed.exe
C:\Users\Stefan\dxupon.exe
C:\Users\Stefan\dxveae.exe
C:\Users\Stefan\dxxdag.exe


Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\0_Offer_1.exe
C:\Users\Stefan\AppData\Local\Temp\1_Offer_2.exe
C:\Users\Stefan\AppData\Local\Temp\20131008081028.14.exe
C:\Users\Stefan\AppData\Local\Temp\DownloadManager.exe
C:\Users\Stefan\AppData\Local\Temp\UpdateCheckerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 00:45

==================== End Of Log ============================

Combofix.txt

ComboFix 13-10-24.01 - Stefan 2013/10/24 17:33:17.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.27.1033.18.3583.2736 [GMT 2:00]
Running from: c:\users\Stefan\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DefaultTab
c:\program files\DefaultTab\DefaultTab.crx
c:\program files\DefaultTab\DefaultTabSearch.exe
c:\program files\DefaultTab\uid
c:\program files\ElectroLyrics-1
c:\program files\ElectroLyrics-1\41844.xpi
c:\program files\ElectroLyrics-1\background.html
c:\program files\ElectroLyrics-1\ElectroLyrics-1-bg.exe
c:\program files\ElectroLyrics-1\ElectroLyrics-1-bho.dll
c:\program files\ElectroLyrics-1\ElectroLyrics-1-buttonutil.dll
c:\program files\ElectroLyrics-1\ElectroLyrics-1-buttonutil.exe
c:\program files\ElectroLyrics-1\ElectroLyrics-1-codedownloader.exe
c:\program files\ElectroLyrics-1\ElectroLyrics-1-enabler.exe
c:\program files\ElectroLyrics-1\ElectroLyrics-1-firefoxinstaller.exe
c:\program files\ElectroLyrics-1\ElectroLyrics-1-helper.exe
c:\program files\ElectroLyrics-1\ElectroLyrics-1-updater.exe
c:\program files\ElectroLyrics-1\ElectroLyrics-1.ico
c:\program files\ElectroLyrics-1\Installer.log
c:\program files\ElectroLyrics-1\Uninstall.exe
c:\program files\ElectroLyrics-1\utils.exe
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome.manifest
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\asyncDB.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\background.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\browserAction.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\contextMenu.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\dbManager.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\dom_bg.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\fileManager.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\firefox.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\firefoxNotifications.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]153-723bd1d0f742.com\chrome\content\api\firefoxOmnibox.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\message.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\pageAction.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\request.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\tabs.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\api\webRequest.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\background.html
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\baseObject.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\browser.xul
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\console.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\consts.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\delegate.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\extensionDataStore.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\folderIOWrapper.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\httpObserver.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\IDBWrapper.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\installer.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\logFile.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\prefs.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\progressListenerObserver.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\registry.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\reloadObserver.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\reports.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\requestObject.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\searchSettings.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\uninstallObserver.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\updateManager.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\utils.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\core\xhr.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\dialog.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\main.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\options.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\options.xul
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\chrome\content\search_dialog.xul
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\defaults\preferences\prefs.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\manifest.xml
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins.json
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\1_base.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\101_cortica_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\102_dealply_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\103_intext_5_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\105_corticas_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\107_coupish_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\108_icm_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\116_ads_only_5_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\119_similar_web_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\120_luck_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\129_widdit_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\138_getdeal_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\17_jQuery.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\170_icm1_5_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\21_debug.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\22_resources.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\28_initializer.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\47_resources_background.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\64_appApiMessage.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\7_hooks.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\72_appApiValidation.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\92_superfish_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\plugins\98_omniCommands.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\userCode\background.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\extensionData\userCode\extension.js
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\install.rdf
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\locale\en-US\translations.dtd
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\button1.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\button2.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\button3.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\button4.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\button5.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\crossrider_statusbar.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\icon128.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\icon16.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\icon24.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\icon48.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\panelarrow-up.png
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\popup.html
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\skin.css
c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\[email protected]bd1d0f742.com\skin\update.css
c:\users\Stefan\dxagvi.exe
c:\users\Stefan\dxaleyl.exe
c:\users\Stefan\dxayxcs.exe
c:\users\Stefan\dxeccpws.exe
c:\users\Stefan\dxemys.exe
c:\users\Stefan\dxeriuw.exe
c:\users\Stefan\dxfjnn.exe
c:\users\Stefan\dxhbewgfq.exe
c:\users\Stefan\dxhgyx.exe
c:\users\Stefan\dxijldymn.exe
c:\users\Stefan\dxivie.exe
c:\users\Stefan\dxmfdot.exe
c:\users\Stefan\dxnaku.exe
c:\users\Stefan\dxnsqb.exe
c:\users\Stefan\dxoaua.exe
c:\users\Stefan\dxokxybd.exe
c:\users\Stefan\dxqeuiurj.exe
c:\users\Stefan\dxrkosal.exe
c:\users\Stefan\dxuhweann.exe
c:\users\Stefan\dxujed.exe
c:\users\Stefan\dxupon.exe
c:\users\Stefan\dxveae.exe
c:\users\Stefan\dxxdag.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\roboot.exe
c:\windows\system32\wpcap.dll
.
----- File Replicators -----
.
c:\frst\Quarantine\dxakokxu.exe
c:\frst\Quarantine\dxavzr.exe
c:\frst\Quarantine\dxbesgdoq.exe
c:\frst\Quarantine\dxcadh.exe
c:\frst\Quarantine\dxcbaathv.exe
c:\frst\Quarantine\dxddoi.exe
c:\frst\Quarantine\dxdjbu.exe
c:\frst\Quarantine\dxgcftur.exe
c:\frst\Quarantine\dxhuamnw.exe
c:\frst\Quarantine\dxhvrn.exe
c:\frst\Quarantine\dxiewkke.exe
c:\frst\Quarantine\dxiynj.exe
c:\frst\Quarantine\dxizkvbep.exe
c:\frst\Quarantine\dxkdufa.exe
c:\frst\Quarantine\dxlmhx.exe
c:\frst\Quarantine\dxojim.exe
c:\frst\Quarantine\dxoyiv.exe
c:\frst\Quarantine\dxqafz.exe
c:\frst\Quarantine\dxriojni.exe
c:\frst\Quarantine\dxrjiy.exe
c:\frst\Quarantine\dxrrblix.exe
c:\frst\Quarantine\dxsezfjt.exe
c:\frst\Quarantine\dxtjrk.exe
c:\frst\Quarantine\dxtseu.exe
c:\frst\Quarantine\dxudeh.exe
c:\frst\Quarantine\dxxtwdeuo.exe
c:\frst\Quarantine\dxyrsiu.exe
c:\frst\Quarantine\dxzkhbwa.exe
c:\users\Stefan\dxagvi.exe
c:\users\Stefan\dxaleyl.exe
c:\users\Stefan\dxayxcs.exe
c:\users\Stefan\dxeccpws.exe
c:\users\Stefan\dxemys.exe
c:\users\Stefan\dxeriuw.exe
c:\users\Stefan\dxfjnn.exe
c:\users\Stefan\dxhbewgfq.exe
c:\users\Stefan\dxhgyx.exe
c:\users\Stefan\dxijldymn.exe
c:\users\Stefan\dxivie.exe
c:\users\Stefan\dxmfdot.exe
c:\users\Stefan\dxnaku.exe
c:\users\Stefan\dxnsqb.exe
c:\users\Stefan\dxoaua.exe
c:\users\Stefan\dxokxybd.exe
c:\users\Stefan\dxqeuiurj.exe
c:\users\Stefan\dxrkosal.exe
c:\users\Stefan\dxuhweann.exe
c:\users\Stefan\dxujed.exe
c:\users\Stefan\dxupon.exe
c:\users\Stefan\dxveae.exe
c:\users\Stefan\dxxdag.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Service_Run
-------\Service_Registry Helper Service
.
.
((((((((((((((((((((((((( Files Created from 2013-09-24 to 2013-10-24 )))))))))))))))))))))))))))))))
.
.
2013-10-22 17:25 . 2013-10-22 17:25 -------- d-----w- c:\program files\Common Files\Plasmoo
2013-10-22 17:25 . 2013-10-22 17:25 -------- d-----w- c:\users\Stefan\AppData\Roaming\DVDVideoSoft
2013-10-22 17:25 . 2013-10-22 17:25 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-10-22 17:25 . 2013-10-22 17:25 -------- d-----w- c:\program files\DVDVideoSoft
2013-10-08 06:18 . 2013-10-08 06:18 -------- d-----w- c:\program files\SevenZip
2013-10-08 06:15 . 2013-10-08 06:15 -------- d-----w- c:\users\Stefan\AppData\Local\SwvUpdater
2013-10-08 04:50 . 2013-10-24 15:28 -------- d-----w- C:\FRST
2013-10-07 14:22 . 2013-10-07 14:23 -------- d-----w- c:\programdata\MFAData
2013-10-07 14:22 . 2013-10-07 14:22 -------- d--h--w- c:\programdata\Common Files
2013-10-07 14:22 . 2013-10-07 14:22 -------- d-----w- c:\users\Stefan\AppData\Local\MFAData
2013-10-07 14:22 . 2013-10-07 14:22 -------- d-----w- c:\users\Stefan\AppData\Local\Avg2014
2013-10-07 12:29 . 2013-10-24 15:41 -------- d-----w- c:\users\Stefan\AppData\Roaming\NetSpeedMonitor
2013-10-07 12:29 . 2013-10-07 12:29 -------- d-----w- c:\program files\NetSpeedMonitor
2013-10-01 15:07 . 2013-10-01 15:07 -------- d-----w- c:\program files\Firaxis Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-27 20:00 . 2013-02-24 10:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-27 20:00 . 2013-02-24 10:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 13:45 . 2013-09-20 13:45 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx
2013-08-23 13:24 . 2013-08-23 13:24 87392 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\VideoConverter5_St_10EBE4A00F514DB49EA9B218A1E9D3F5.exe
2013-08-23 13:24 . 2013-08-23 13:24 87392 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\NewShortcut4_941FA141AAB14924B185046EE8E1BDD9.exe
2013-08-23 13:24 . 2013-08-23 13:24 71008 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\VideoConverter5_St_BF4E5749C8A942ACA48E229C02AC7D3D.exe
2013-08-23 13:24 . 2013-08-23 13:24 71008 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\ARPPRODUCTICON.exe
2013-08-23 13:24 . 2013-08-23 13:24 136544 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\VideoConverter5_St_4949825D36F8486CAED8D1FA37A2B641.exe
2013-07-30 15:36 . 2013-07-30 15:36 4608 ----a-w- c:\windows\system32\w95inf32.dll
2013-07-30 15:36 . 2013-07-30 15:36 2272 ----a-w- c:\windows\system32\w95inf16.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-03-26 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-20 74752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-03-01 2421760]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2013-7-18 1826600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-04-18 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-04-18 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-04-18 85760]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-04-18 26496]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-04-18 168448]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-26 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-10-26 2799808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-24 242240]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 72832]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 20:00]
.
2013-10-24 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Stefan\AppData\Local\SwvUpdater\Updater.exe [2013-10-08 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.search.us.com/v/2/?guid={5CD6CB79-8ADD-4852-82CF-00ED47F6214E}&serpv=5
mStart Page = hxxp://websearch.youwillfind.info/?pid=658&r=2013/05/02&hid=763785938&lg=EN&cc=ZA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.42.129
TCP: Interfaces\{131B5047-1B2C-449F-9AAC-DC252D82C1E1}: NameServer = 196.207.36.251 196.207.36.254
TCP: Interfaces\{17F7B7DA-3406-4F8D-9541-EA905EED8D4A}: NameServer = 196.207.36.251 196.207.36.254
TCP: Interfaces\{C775872A-FCC3-42EA-AAFA-AD8B5396A367}: NameServer = 196.207.36.251 196.207.36.254
TCP: Interfaces\{CB318F49-15F3-407F-9EBE-BBA23BBCC213}: NameServer = 196.207.36.251 196.207.36.254
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={5CD6CB79-8ADD-4852-82CF-00ED47F6214E}&serpv=5
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Conime - c:\windows\system32\conime.exe
HKLM-Run-Registry Helper - c:\program files\Registry Helper\RegistryHelper.Exe
AddRemove-DefaultTab - c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-ElectroLyrics-1 - c:\program files\ElectroLyrics-1\Uninstall.exe
AddRemove-Registry Helper - c:\program files\Registry Helper\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2482761239-3750086217-1899643328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆL
( L
( ˜—5lÇW]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2482761239-3750086217-1899643328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆL
( L
( ˜—5lÇW\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2482761239-3750086217-1899643328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆL
( L
( ˜—5lÇW]
@Allowed: (Read) (RestrictedCode)
"0"=hex:44,3a,5c,4d,75,73,69,63,20,76,69,64,65,6f,73,5c,42,65,65,20,47,65,65,
73,20,2d,20,49,6e,20,54,68,65,20,28,4f,72,69,67,69,6e,61,6c,20,31,39,36,35,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-10-24 17:43:47 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-24 15:43
.
Pre-Run: 3 218 190 336 bytes free
Post-Run: 3 553 181 696 bytes free
.
- - End Of File - - 6F44EDAF8F8BC53FD95CB9C13EFCC856
A36C5E4F47E84449FF07ED3517B43A31

TDSSKiller.txt

17:46:01.0888 0x0f90 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
17:46:13.0962 0x0f90 ============================================================
17:46:13.0962 0x0f90 Current date / time: 2013/10/24 17:46:13.0962
17:46:13.0962 0x0f90 SystemInfo:
17:46:13.0962 0x0f90
17:46:13.0962 0x0f90 OS Version: 6.1.7600 ServicePack: 0.0
17:46:13.0962 0x0f90 Product type: Workstation
17:46:13.0962 0x0f90 ComputerName: STEFAN-PC
17:46:13.0962 0x0f90 UserName: Stefan
17:46:13.0962 0x0f90 Windows directory: C:\Windows
17:46:13.0962 0x0f90 System windows directory: C:\Windows
17:46:13.0962 0x0f90 Processor architecture: Intel x86
17:46:13.0962 0x0f90 Number of processors: 2
17:46:13.0962 0x0f90 Page size: 0x1000
17:46:13.0962 0x0f90 Boot type: Normal boot
17:46:13.0962 0x0f90 ============================================================
17:46:17.0878 0x0f90 System UUID: {4B2E4CFA-89B4-4330-DA2F-200EFCDF1139}
17:46:18.0206 0x0f90 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
17:46:18.0206 0x0f90 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:46:18.0830 0x0f90 Drive \Device\Harddisk2\DR2 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:46:18.0830 0x0f90 ============================================================
17:46:18.0830 0x0f90 \Device\Harddisk0\DR0:
17:46:18.0830 0x0f90 MBR partitions:
17:46:18.0830 0x0f90 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:46:18.0830 0x0f90 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC350000
17:46:18.0830 0x0f90 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC382800, BlocksNum 0x2E002800
17:46:18.0830 0x0f90 \Device\Harddisk1\DR1:
17:46:18.0830 0x0f90 MBR partitions:
17:46:18.0830 0x0f90 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
17:46:18.0830 0x0f90 \Device\Harddisk2\DR2:
17:46:18.0830 0x0f90 MBR partitions:
17:46:18.0830 0x0f90 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x1F80, BlocksNum 0x3BA080
17:46:18.0830 0x0f90 ============================================================
17:46:18.0845 0x0f90 C: <-> \Device\Harddisk0\DR0\Partition2
17:46:18.0876 0x0f90 D: <-> \Device\Harddisk0\DR0\Partition3
17:46:18.0986 0x0f90 H: <-> \Device\Harddisk1\DR1\Partition1
17:46:18.0986 0x0f90 ============================================================
17:46:18.0986 0x0f90 Initialize success
17:46:18.0986 0x0f90 ============================================================
17:47:21.0105 0x0d30 ============================================================
17:47:21.0105 0x0d30 Scan started
17:47:21.0105 0x0d30 Mode: Manual; SigCheck; TDLFS;
17:47:21.0105 0x0d30 ============================================================
17:47:21.0105 0x0d30 KSN ping started
17:47:26.0893 0x0d30 KSN ping finished: true
17:47:27.0704 0x0d30 ================ Scan system memory ========================
17:47:27.0704 0x0d30 System memory - ok
17:47:27.0704 0x0d30 ================ Scan services =============================
17:47:27.0813 0x0d30 [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:47:27.0891 0x0d30 1394ohci - ok
17:47:27.0938 0x0d30 [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:47:27.0953 0x0d30 ACPI - ok
17:47:27.0969 0x0d30 [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:47:28.0016 0x0d30 AcpiPmi - ok
17:47:28.0078 0x0d30 [ 24A0876D07EF356DCBC1D7A7929354AB, 765653E856EC5841DB851363E7C7CFC332D3605789ECD0998762F60ADD56A0D8 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:47:28.0094 0x0d30 AdobeFlashPlayerUpdateSvc - ok
17:47:28.0156 0x0d30 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:47:28.0172 0x0d30 adp94xx - ok
17:47:28.0203 0x0d30 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:47:28.0219 0x0d30 adpahci - ok
17:47:28.0234 0x0d30 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:47:28.0250 0x0d30 adpu320 - ok
17:47:28.0265 0x0d30 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:47:28.0297 0x0d30 AeLookupSvc - ok
17:47:28.0343 0x0d30 [ DDC040FDB01EF1712A6B13E52AFB104C, BF17E91BBB85A04F1EEF580CD006101332CDE5B876A0D04C6932F30707BB184F ] AFD C:\Windows\system32\drivers\afd.sys
17:47:28.0375 0x0d30 AFD - ok
17:47:28.0390 0x0d30 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:47:28.0406 0x0d30 agp440 - ok
17:47:28.0437 0x0d30 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:47:28.0453 0x0d30 aic78xx - ok
17:47:28.0468 0x0d30 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
17:47:28.0484 0x0d30 ALG - ok
17:47:28.0499 0x0d30 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:47:28.0499 0x0d30 aliide - ok
17:47:28.0499 0x0d30 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
17:47:28.0515 0x0d30 amdagp - ok
17:47:28.0531 0x0d30 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:47:28.0531 0x0d30 amdide - ok
17:47:28.0546 0x0d30 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:47:28.0546 0x0d30 AmdK8 - ok
17:47:28.0562 0x0d30 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:47:28.0577 0x0d30 AmdPPM - ok
17:47:28.0609 0x0d30 [ 2101A86C25C154F8314B24EF49D7FBC2, E4C1326CF55850793B45B2BFDF361C4E98A07FB13E08BFD6DB50135489700998 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
17:47:28.0609 0x0d30 amdsata - ok
17:47:28.0640 0x0d30 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:47:28.0640 0x0d30 amdsbs - ok
17:47:28.0655 0x0d30 [ B81C2B5616F6420A9941EA093A92B150, DA2000C9E06533232F8716A6674BC9DFD5C3AAE1FC46F7A91B8E917DB913F42F ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
17:47:28.0671 0x0d30 amdxata - ok
17:47:28.0687 0x0d30 [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID C:\Windows\system32\drivers\appid.sys
17:47:28.0702 0x0d30 AppID - ok
17:47:28.0718 0x0d30 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:47:28.0749 0x0d30 AppIDSvc - ok
17:47:28.0765 0x0d30 [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo C:\Windows\System32\appinfo.dll
17:47:28.0796 0x0d30 Appinfo - ok
17:47:28.0843 0x0d30 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:47:28.0858 0x0d30 AppMgmt - ok
17:47:28.0874 0x0d30 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:47:28.0889 0x0d30 arc - ok
17:47:28.0921 0x0d30 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:47:28.0921 0x0d30 arcsas - ok
17:47:29.0045 0x0d30 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:47:29.0045 0x0d30 aspnet_state - ok
17:47:29.0077 0x0d30 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:47:29.0108 0x0d30 AsyncMac - ok
17:47:29.0123 0x0d30 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:47:29.0123 0x0d30 atapi - ok
17:47:29.0186 0x0d30 [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:47:29.0217 0x0d30 AudioEndpointBuilder - ok
17:47:29.0233 0x0d30 [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:47:29.0264 0x0d30 Audiosrv - ok
17:47:29.0311 0x0d30 [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:47:29.0326 0x0d30 AxInstSV - ok
17:47:29.0357 0x0d30 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:47:29.0389 0x0d30 b06bdrv - ok
17:47:29.0420 0x0d30 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:47:29.0435 0x0d30 b57nd60x - ok
17:47:29.0467 0x0d30 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
17:47:29.0482 0x0d30 BDESVC - ok
17:47:29.0513 0x0d30 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
17:47:29.0529 0x0d30 Beep - ok
17:47:29.0607 0x0d30 [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE C:\Windows\System32\bfe.dll
17:47:29.0638 0x0d30 BFE - ok
17:47:29.0732 0x0d30 [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS C:\Windows\system32\qmgr.dll
17:47:29.0779 0x0d30 BITS - ok
17:47:29.0794 0x0d30 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:47:29.0810 0x0d30 blbdrive - ok
17:47:29.0857 0x0d30 [ FCAFAEF6798D7B51FF029F99A9898961, BFB37686B1386EB883B99DB6AC342C20514939F8B7A5CEC5D63865B3DC2B4D4F ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:47:29.0872 0x0d30 bowser - ok
17:47:29.0888 0x0d30 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:47:29.0903 0x0d30 BrFiltLo - ok
17:47:29.0903 0x0d30 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:47:29.0919 0x0d30 BrFiltUp - ok
17:47:29.0935 0x0d30 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:47:29.0950 0x0d30 BridgeMP - ok
17:47:29.0981 0x0d30 [ 598E1280E7FF3744F4B8329366CC5635, 9B6392AEBE7EF26253487AF8C7C114822ABB187BA32DA8DBF622DB1B8DA6F1C0 ] Browser C:\Windows\System32\browser.dll
17:47:29.0997 0x0d30 Browser - ok
17:47:30.0028 0x0d30 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:47:30.0044 0x0d30 Brserid - ok
17:47:30.0044 0x0d30 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:47:30.0075 0x0d30 BrSerWdm - ok
17:47:30.0075 0x0d30 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:47:30.0091 0x0d30 BrUsbMdm - ok
17:47:30.0091 0x0d30 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:47:30.0106 0x0d30 BrUsbSer - ok
17:47:30.0106 0x0d30 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:47:30.0122 0x0d30 BTHMODEM - ok
17:47:30.0153 0x0d30 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
17:47:30.0184 0x0d30 bthserv - ok
17:47:30.0278 0x0d30 catchme - ok
17:47:30.0309 0x0d30 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:47:30.0340 0x0d30 cdfs - ok
17:47:30.0387 0x0d30 [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:47:30.0403 0x0d30 cdrom - ok
17:47:30.0449 0x0d30 [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc C:\Windows\System32\certprop.dll
17:47:30.0481 0x0d30 CertPropSvc - ok
17:47:30.0496 0x0d30 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:47:30.0496 0x0d30 circlass - ok
17:47:30.0512 0x0d30 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
17:47:30.0527 0x0d30 CLFS - ok
17:47:30.0559 0x0d30 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:47:30.0559 0x0d30 clr_optimization_v2.0.50727_32 - ok
17:47:30.0637 0x0d30 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:47:30.0637 0x0d30 clr_optimization_v4.0.30319_32 - ok
17:47:30.0652 0x0d30 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:47:30.0668 0x0d30 CmBatt - ok
17:47:30.0683 0x0d30 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:47:30.0699 0x0d30 cmdide - ok
17:47:30.0715 0x0d30 [ 1B675691ED940766149C93E8F4488D68, A55C41B2B343B1CF53D737ED1752D0510052094FFC60FDB833279A8A52398132 ] CNG C:\Windows\system32\Drivers\cng.sys
17:47:30.0746 0x0d30 CNG - ok
17:47:30.0761 0x0d30 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:47:30.0761 0x0d30 Compbatt - ok
17:47:30.0793 0x0d30 [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:47:30.0808 0x0d30 CompositeBus - ok
17:47:30.0808 0x0d30 COMSysApp - ok
17:47:30.0933 0x0d30 [ F46FF007508C32788D8D5F32F27C25C7, C93BA43D1AA760005DCE6B10D8209470C1BC442A7AF5208235A709185893DBAC ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
17:47:30.0964 0x0d30 CoordinatorServiceHost - ok
17:47:30.0980 0x0d30 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:47:30.0995 0x0d30 crcdisk - ok
17:47:31.0027 0x0d30 [ 9C231178CE4FB385F4B54B0A9080B8A4, 08EFAEBFF68D5CCE432D75116ED4BDC63FEA651459C9AD363CBEEDB769806527 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:47:31.0058 0x0d30 CryptSvc - ok
17:47:31.0089 0x0d30 [ 27C9490BDD0AE48911AB8CF1932591ED, 751F576F797F8A7BA576C32598BD6FD2E60D4FACC7836CC5BA3F68C38D27CCCA ] CSC C:\Windows\system32\drivers\csc.sys
17:47:31.0120 0x0d30 CSC - ok
17:47:31.0151 0x0d30 [ 56FB5F222EA30D3D3FC459879772CB73, 2C4646774575858E26DBA9C73853E06D0BD18CC8A4C73C633071FF5FE04CA0F4 ] CscService C:\Windows\System32\cscsvc.dll
17:47:31.0167 0x0d30 CscService - ok
17:47:31.0214 0x0d30 [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch C:\Windows\system32\rpcss.dll
17:47:31.0245 0x0d30 DcomLaunch - ok
17:47:31.0276 0x0d30 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
17:47:31.0323 0x0d30 defragsvc - ok
17:47:31.0354 0x0d30 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB, B03D0CF11C1D0DCBB76E74D796F3AFA2F9598C918017C29670BED4E3A9962EF5 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:47:31.0385 0x0d30 DfsC - ok
17:47:31.0432 0x0d30 [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:47:31.0463 0x0d30 Dhcp - ok
17:47:31.0479 0x0d30 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
17:47:31.0510 0x0d30 discache - ok
17:47:31.0541 0x0d30 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:47:31.0541 0x0d30 Disk - ok
17:47:31.0573 0x0d30 [ D0722E963D3C6145446874241401B209, 542B3E6EC7E0161AB4732380343139959775E749996A97684A5D423833DDB196 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:47:31.0604 0x0d30 Dnscache - ok
17:47:31.0619 0x0d30 [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc C:\Windows\System32\dot3svc.dll
17:47:31.0651 0x0d30 dot3svc - ok
17:47:31.0682 0x0d30 [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS C:\Windows\system32\dps.dll
17:47:31.0713 0x0d30 DPS - ok
17:47:31.0744 0x0d30 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:47:31.0760 0x0d30 drmkaud - ok
17:47:31.0791 0x0d30 [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:47:40.0090 0x0d30 dtsoftbus01 - ok
17:47:40.0137 0x0d30 [ 39806CFEDDCC55E686A49BCCD2972F23, EFD5816D3E8E7F0F8D8E52AB9C534737F32D2D6D3EACCA78940792C553881C64 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:47:40.0184 0x0d30 DXGKrnl - ok
17:47:40.0231 0x0d30 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
17:47:40.0262 0x0d30 EapHost - ok
17:47:40.0371 0x0d30 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:47:40.0496 0x0d30 ebdrv - ok
17:47:40.0511 0x0d30 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] EFS C:\Windows\System32\lsass.exe
17:47:40.0527 0x0d30 EFS - ok
17:47:40.0543 0x0d30 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:47:40.0574 0x0d30 elxstor - ok
17:47:40.0589 0x0d30 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:47:40.0605 0x0d30 ErrDev - ok
17:47:40.0652 0x0d30 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
17:47:40.0683 0x0d30 EventSystem - ok
17:47:40.0730 0x0d30 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
17:47:40.0745 0x0d30 ew_hwusbdev - ok
17:47:40.0777 0x0d30 [ 61A973F60E94A551BA7B15F3460444FB, FC2FB69978D99D75673AFE9F08176F3139DCBAEDE4D339BD09DA29CD3EC01005 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
17:47:40.0808 0x0d30 ew_usbenumfilter - ok
17:47:40.0823 0x0d30 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
17:47:40.0855 0x0d30 exfat - ok
17:47:40.0870 0x0d30 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:47:40.0901 0x0d30 fastfat - ok
17:47:40.0948 0x0d30 [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax C:\Windows\system32\fxssvc.exe
17:47:40.0995 0x0d30 Fax - ok
17:47:41.0011 0x0d30 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:47:41.0011 0x0d30 fdc - ok
17:47:41.0026 0x0d30 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
17:47:41.0057 0x0d30 fdPHost - ok
17:47:41.0073 0x0d30 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
17:47:41.0104 0x0d30 FDResPub - ok
17:47:41.0120 0x0d30 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:47:41.0120 0x0d30 FileInfo - ok
17:47:41.0151 0x0d30 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:47:41.0198 0x0d30 Filetrace - ok
17:47:41.0323 0x0d30 [ 73081CF28F0AE20A52CA4F67CEE6E6B0, 806C769F3638D25FF1892C7223E7250AA3B9F627DF3AD83BC5AE1FEF7016F86A ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:47:41.0354 0x0d30 FLEXnet Licensing Service - ok
17:47:41.0369 0x0d30 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:47:41.0385 0x0d30 flpydisk - ok
17:47:41.0463 0x0d30 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:47:41.0494 0x0d30 FltMgr - ok
17:47:41.0525 0x0d30 [ B6512A85815FDC3D560C3705F5BDB93D, A04D60BF4649DD7582C0E26E9CED93841D8B2729FDF6E1551F48A94AFD5A6436 ] FontCache C:\Windows\system32\FntCache.dll
17:47:41.0572 0x0d30 FontCache - ok
17:47:41.0603 0x0d30 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:47:41.0603 0x0d30 FontCache3.0.0.0 - ok
17:47:41.0619 0x0d30 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:47:41.0635 0x0d30 FsDepends - ok
17:47:41.0635 0x0d30 [ A574B4360E438977038AAE4BF60D79A2, 7255CCDDDAC4853FA72E6487408C4B7390CBA37549CE952929B2A9CF3327C616 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:47:41.0650 0x0d30 Fs_Rec - ok
17:47:41.0681 0x0d30 [ 5592F5DBA26282D24D2B080EB438A4D7, 5376D6CFFE9A1406CFA0BF4325EB65206F57A5C50034DA7EB4238BEB08D4D6DB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:47:41.0697 0x0d30 fvevol - ok
17:47:41.0713 0x0d30 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:47:41.0713 0x0d30 gagp30kx - ok
17:47:41.0744 0x0d30 [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc C:\Windows\System32\gpsvc.dll
17:47:41.0775 0x0d30 gpsvc - ok
17:47:41.0791 0x0d30 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:47:41.0806 0x0d30 hcw85cir - ok
17:47:41.0853 0x0d30 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:47:41.0884 0x0d30 HdAudAddService - ok
17:47:41.0915 0x0d30 [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:47:41.0931 0x0d30 HDAudBus - ok
17:47:41.0947 0x0d30 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:47:41.0962 0x0d30 HidBatt - ok
17:47:41.0962 0x0d30 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:47:41.0978 0x0d30 HidBth - ok
17:47:41.0993 0x0d30 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:47:42.0009 0x0d30 HidIr - ok
17:47:42.0025 0x0d30 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
17:47:42.0071 0x0d30 hidserv - ok
17:47:42.0087 0x0d30 [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:47:42.0103 0x0d30 HidUsb - ok
17:47:42.0118 0x0d30 [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:47:42.0149 0x0d30 hkmsvc - ok
17:47:42.0181 0x0d30 [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:47:42.0196 0x0d30 HomeGroupListener - ok
17:47:42.0227 0x0d30 [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:47:42.0243 0x0d30 HomeGroupProvider - ok
17:47:42.0259 0x0d30 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:47:42.0274 0x0d30 HpSAMD - ok
17:47:42.0305 0x0d30 [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:47:42.0337 0x0d30 HTTP - ok
17:47:42.0368 0x0d30 [ FB572C3FC151C308D1DC3A99954D97B7, 86AB7C90E0375A546C305548716DD40E76F619A2FDD5F178F0BA0C171D3F445B ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
17:47:42.0383 0x0d30 huawei_cdcacm - ok
17:47:42.0415 0x0d30 [ 00B363D211909FB85BC6300A3214AC03, C971B95187233131C42A10F4B86760810FF0B4D1938D96B918794C31707FE8D7 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
17:47:42.0446 0x0d30 huawei_enumerator - ok
17:47:42.0446 0x0d30 [ 7B1DED0BE9A4203857AB0DED695983E6, 7B3611CEE17210E940D0E2F9E6CFFE7F907202B614DC27253D347A1237F67102 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
17:47:42.0461 0x0d30 huawei_ext_ctrl - ok
17:47:42.0477 0x0d30 [ 189AC9CB8630FAEB1DCAE2F97B8FF98C, 99120000693624B72A31D3281BEB93B0E8A074CD2FCCE08AE27D8A5E18AC351D ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
17:47:42.0508 0x0d30 huawei_wwanecm - ok
17:47:42.0555 0x0d30 [ 1C09309A3D793C57EF87AC60C6BBD739, DBC453F8B58CA7DB75E5771695EE0A011E536C2805341DFEEE91B02821B52972 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:47:42.0602 0x0d30 hwdatacard - ok
17:47:42.0617 0x0d30 [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:47:42.0633 0x0d30 hwpolicy - ok
17:47:42.0664 0x0d30 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:47:42.0695 0x0d30 i8042prt - ok
17:47:42.0727 0x0d30 [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
17:47:42.0742 0x0d30 iaStorV - ok
17:47:42.0836 0x0d30 [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:47:42.0867 0x0d30 idsvc - ok
17:47:42.0883 0x0d30 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:47:42.0883 0x0d30 iirsp - ok
17:47:42.0929 0x0d30 [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT C:\Windows\System32\ikeext.dll
17:47:42.0976 0x0d30 IKEEXT - ok
17:47:43.0007 0x0d30 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:47:43.0007 0x0d30 intelide - ok
17:47:43.0039 0x0d30 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:47:43.0054 0x0d30 intelppm - ok
17:47:43.0070 0x0d30 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:47:43.0085 0x0d30 IPBusEnum - ok
17:47:43.0117 0x0d30 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:47:43.0132 0x0d30 IpFilterDriver - ok
17:47:43.0179 0x0d30 [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:47:43.0241 0x0d30 iphlpsvc - ok
17:47:43.0241 0x0d30 [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:47:43.0257 0x0d30 IPMIDRV - ok
17:47:43.0273 0x0d30 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:47:43.0304 0x0d30 IPNAT - ok
17:47:43.0319 0x0d30 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:47:43.0335 0x0d30 IRENUM - ok
17:47:43.0366 0x0d30 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:47:43.0366 0x0d30 isapnp - ok
17:47:43.0382 0x0d30 [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:47:43.0397 0x0d30 iScsiPrt - ok
17:47:43.0429 0x0d30 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:47:43.0429 0x0d30 kbdclass - ok
17:47:43.0444 0x0d30 [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:47:43.0460 0x0d30 kbdhid - ok
17:47:43.0475 0x0d30 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] KeyIso C:\Windows\system32\lsass.exe
17:47:43.0475 0x0d30 KeyIso - ok
17:47:43.0631 0x0d30 [ 9249D2ACEC11F8958E0FCA436C5630BD, DB07B8A535179C1DF7C083BEE27822F9E7BB0E7E49E02CF9401106FE5C21F457 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
17:47:43.0647 0x0d30 Kodak AiO Network Discovery Service - ok
17:47:43.0663 0x0d30 [ E36A061EC11B373826905B21BE10948F, CB9F8B76E0A99307A841B66CBD96C7087CC0B068699CBEF01040E37C6EA60E6A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:47:43.0694 0x0d30 KSecDD - ok
17:47:43.0725 0x0d30 [ 26C046977E85B95036453D7B88BA1820, 375B284AFB407CAE417D2090B112A0ED1CCD516ABFDDBFCD5D6AADE859F14ACD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:47:43.0741 0x0d30 KSecPkg - ok
17:47:43.0772 0x0d30 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:47:43.0819 0x0d30 KtmRm - ok
17:47:43.0865 0x0d30 [ BCA92CB047A4326925ECEF759DBAA233, C2A188F5526882A2E3AC4CC0190452DA37CBD93043DFE5571A20E8EFE9D56DA3 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:47:43.0897 0x0d30 LanmanServer - ok
17:47:43.0912 0x0d30 [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:47:43.0928 0x0d30 LanmanWorkstation - ok
17:47:43.0975 0x0d30 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:47:43.0990 0x0d30 lltdio - ok
17:47:44.0006 0x0d30 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:47:44.0037 0x0d30 lltdsvc - ok
17:47:44.0053 0x0d30 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:47:44.0099 0x0d30 lmhosts - ok
17:47:44.0131 0x0d30 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:47:44.0146 0x0d30 LSI_FC - ok
17:47:44.0162 0x0d30 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:47:44.0162 0x0d30 LSI_SAS - ok
17:47:44.0177 0x0d30 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:47:44.0177 0x0d30 LSI_SAS2 - ok
17:47:44.0193 0x0d30 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:47:44.0209 0x0d30 LSI_SCSI - ok
17:47:44.0240 0x0d30 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
17:47:44.0271 0x0d30 luafv - ok
17:47:44.0271 0x0d30 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:47:44.0287 0x0d30 megasas - ok
17:47:44.0302 0x0d30 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:47:44.0318 0x0d30 MegaSR - ok
17:47:44.0411 0x0d30 [ 033B947AF4A997820E86FCB070B1F450, 2F54F9D1E8374187B2F206E7CF22A907C735C71F38445A94BDC84E83081D3A88 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:47:44.0411 0x0d30 Microsoft Office Groove Audit Service - ok
17:47:44.0443 0x0d30 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
17:47:44.0458 0x0d30 MMCSS - ok
17:47:44.0474 0x0d30 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
17:47:44.0489 0x0d30 Modem - ok
17:47:44.0521 0x0d30 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:47:44.0536 0x0d30 monitor - ok
17:47:44.0552 0x0d30 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:47:44.0567 0x0d30 mouclass - ok
17:47:44.0583 0x0d30 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:47:44.0599 0x0d30 mouhid - ok
17:47:44.0614 0x0d30 [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:47:44.0614 0x0d30 mountmgr - ok
17:47:44.0692 0x0d30 [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:47:44.0692 0x0d30 MozillaMaintenance - ok
17:47:44.0723 0x0d30 [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:47:44.0739 0x0d30 mpio - ok
17:47:44.0770 0x0d30 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:47:44.0786 0x0d30 mpsdrv - ok
17:47:44.0879 0x0d30 [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:47:44.0926 0x0d30 MpsSvc - ok
17:47:44.0957 0x0d30 [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:47:44.0957 0x0d30 MRxDAV - ok
17:47:44.0989 0x0d30 [ F4A054BE78AF7F410129C4B64B07DC9B, 65E14D38CCAB4FBB0C0D4A12F11B2E150AEC00AC692EE92A5CE6C982CF1190F5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:47:45.0020 0x0d30 mrxsmb - ok
17:47:45.0035 0x0d30 [ DEFFA295BD1895C6ED8E3078412AC60B, 3F13CD67659EC2C8ABADC2C5B48B939ECDC6DB7CAAAAC3C2823AC12842BC1630 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:47:45.0067 0x0d30 mrxsmb10 - ok
17:47:45.0082 0x0d30 [ 24D76ABE5DCAD22F19D105F76FDF0CE1, D0A7E033B4DF4AA5A9600A2A7A890FDE20AC7CE87C660817EB92FE10E2DAD343 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:47:45.0098 0x0d30 mrxsmb20 - ok
17:47:45.0113 0x0d30 [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:47:45.0129 0x0d30 msahci - ok
17:47:45.0145 0x0d30 [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:47:45.0145 0x0d30 msdsm - ok
17:47:45.0160 0x0d30 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
17:47:45.0191 0x0d30 MSDTC - ok
17:47:45.0223 0x0d30 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:47:45.0238 0x0d30 Msfs - ok
17:47:45.0238 0x0d30 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:47:45.0269 0x0d30 mshidkmdf - ok
17:47:45.0285 0x0d30 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:47:45.0285 0x0d30 msisadrv - ok
17:47:45.0332 0x0d30 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:47:45.0379 0x0d30 MSiSCSI - ok
17:47:45.0394 0x0d30 msiserver - ok
17:47:45.0425 0x0d30 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:47:45.0441 0x0d30 MSKSSRV - ok
17:47:45.0457 0x0d30 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:47:45.0472 0x0d30 MSPCLOCK - ok
17:47:45.0472 0x0d30 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:47:45.0503 0x0d30 MSPQM - ok
17:47:45.0519 0x0d30 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:47:45.0535 0x0d30 MsRPC - ok
17:47:45.0550 0x0d30 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:47:45.0550 0x0d30 mssmbios - ok
17:47:45.0566 0x0d30 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:47:45.0581 0x0d30 MSTEE - ok
17:47:45.0753 0x0d30 [ 73FA09B84B23A1897809A84F976D5D99, 8ADBEE035DF08DB860D56597C88230F4ECE80B214A13AF22D5D5475C9B7FEFC1 ] msvsmon80 C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
17:47:45.0847 0x0d30 msvsmon80 - ok
17:47:45.0862 0x0d30 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:47:45.0878 0x0d30 MTConfig - ok
17:47:45.0909 0x0d30 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
17:47:45.0909 0x0d30 Mup - ok
17:47:45.0940 0x0d30 [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent C:\Windows\system32\qagentRT.dll
17:47:45.0956 0x0d30 napagent - ok
17:47:46.0003 0x0d30 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:47:46.0034 0x0d30 NativeWifiP - ok
17:47:46.0065 0x0d30 [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:47:46.0096 0x0d30 NDIS - ok
17:47:46.0096 0x0d30 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:47:46.0127 0x0d30 NdisCap - ok
17:47:46.0159 0x0d30 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:47:46.0174 0x0d30 NdisTapi - ok
17:47:46.0205 0x0d30 [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:47:46.0221 0x0d30 Ndisuio - ok
17:47:46.0237 0x0d30 [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:47:46.0268 0x0d30 NdisWan - ok
17:47:46.0283 0x0d30 [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:47:46.0299 0x0d30 NDProxy - ok
17:47:46.0315 0x0d30 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:47:46.0330 0x0d30 NetBIOS - ok
17:47:46.0346 0x0d30 [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:47:46.0361 0x0d30 NetBT - ok
17:47:46.0377 0x0d30 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] Netlogon C:\Windows\system32\lsass.exe
17:47:46.0377 0x0d30 Netlogon - ok
17:47:46.0408 0x0d30 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
17:47:46.0439 0x0d30 Netman - ok
17:47:46.0502 0x0d30 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:47:46.0517 0x0d30 NetMsmqActivator - ok
17:47:46.0533 0x0d30 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:47:46.0533 0x0d30 NetPipeActivator - ok
17:47:46.0549 0x0d30 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
17:47:46.0580 0x0d30 netprofm - ok
17:47:46.0595 0x0d30 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:47:46.0595 0x0d30 NetTcpActivator - ok
17:47:46.0611 0x0d30 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:47:46.0611 0x0d30 NetTcpPortSharing - ok
17:47:46.0642 0x0d30 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:47:46.0658 0x0d30 nfrd960 - ok
17:47:46.0689 0x0d30 [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:47:46.0736 0x0d30 NlaSvc - ok
17:47:46.0751 0x0d30 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:47:46.0798 0x0d30 Npfs - ok
17:47:46.0814 0x0d30 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
17:47:46.0845 0x0d30 nsi - ok
17:47:46.0861 0x0d30 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:47:46.0892 0x0d30 nsiproxy - ok
17:47:46.0923 0x0d30 [ 3795DCD21F740EE799FB7223234215AF, B03DBFD33B201134473D23038E0BD86CFE64556754BF4EBA42C10B67AEECAEA6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:47:46.0954 0x0d30 Ntfs - ok
17:47:46.0970 0x0d30 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
17:47:46.0985 0x0d30 Null - ok
17:47:47.0875 0x0d30 [ AFB33A823AABC112FC7BD62AFBCDB0CD, B267AA94024363B1C4A26D853094F84895D7EA232B8A6690C315D99D3D4C79BD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:47:48.0093 0x0d30 nvlddmkm - ok
17:47:48.0202 0x0d30 [ 3F3D04B1D08D43C16EA7963954EC768D, BA82C1D3D9F4AA5F1C9729D61D4E06DB961FDF2B1E9B483D29DB308204DF0754 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
17:47:48.0249 0x0d30 nvraid - ok
17:47:48.0265 0x0d30 [ C99F251A5DE63C6F129CF71933ACED0F, 24D48A5F5D699AB0DD4D4435F8F7C6B73A924AEF8F9D1170FD644E26499546A2 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
17:47:48.0280 0x0d30 nvstor - ok
17:47:48.0327 0x0d30 [ 782945716AD010AC3D41758E8E52C735, 5A2B869B697D5BCD31F59BF39E3B0C8C570DD01B1FC82063CD9530F2FC49C7D6 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:47:48.0358 0x0d30 nvsvc - ok
17:47:48.0405 0x0d30 [ A974E5C310B9B00894070CEB055D467F, 37246487C0F38EE2F2F1892D7E4FF9742D2E4C5EC8185D8A0C3CACB23AF6D625 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:47:48.0483 0x0d30 nvUpdatusService - ok
17:47:48.0514 0x0d30 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:47:48.0530 0x0d30 nv_agp - ok
17:47:48.0639 0x0d30 [ E54AA592A65F317390EEE386A8821692, 7997F8C07802F6C49F06620B35C4C382ADD5419EA8BE02CD7AF0F2EF42A93E53 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:47:48.0670 0x0d30 odserv - ok
17:47:48.0701 0x0d30 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:47:48.0733 0x0d30 ohci1394 - ok
17:47:48.0764 0x0d30 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:47:48.0779 0x0d30 ose - ok
17:47:48.0811 0x0d30 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:47:48.0842 0x0d30 p2pimsvc - ok
17:47:48.0857 0x0d30 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
17:47:48.0873 0x0d30 p2psvc - ok
17:47:48.0889 0x0d30 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:47:48.0889 0x0d30 Parport - ok
17:47:48.0904 0x0d30 [ FF4218952B51DE44FE910953A3E686B9, 871E4F8300AFE2AE770B8F00C12911A08D8BBD8E07C37A11AFF67CA92607A602 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:47:48.0904 0x0d30 partmgr - ok
17:47:48.0951 0x0d30 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:47:48.0967 0x0d30 Parvdm - ok
17:47:49.0013 0x0d30 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:47:49.0029 0x0d30 PcaSvc - ok
17:47:49.0060 0x0d30 [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci C:\Windows\system32\DRIVERS\pci.sys
17:47:49.0060 0x0d30 pci - ok
17:47:49.0076 0x0d30 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:47:49.0076 0x0d30 pciide - ok
17:47:49.0091 0x0d30 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:47:49.0107 0x0d30 pcmcia - ok
17:47:49.0123 0x0d30 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
17:47:49.0123 0x0d30 pcw - ok
17:47:49.0169 0x0d30 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:47:49.0232 0x0d30 PEAUTH - ok
17:47:49.0294 0x0d30 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:47:49.0341 0x0d30 PeerDistSvc - ok
17:47:49.0497 0x0d30 [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla C:\Windows\system32\pla.dll
17:47:49.0606 0x0d30 pla - ok
17:47:49.0684 0x0d30 [ 2CC2008F1296968FBA162ED9F9AFE328, 670E2BE4EB8210C9D6AEA635DFA20E390936762A22B2BB413BF9C7AF418150D6 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:47:49.0747 0x0d30 PlugPlay - ok
17:47:49.0747 0x0d30 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:47:49.0762 0x0d30 PNRPAutoReg - ok
17:47:49.0778 0x0d30 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:47:49.0793 0x0d30 PNRPsvc - ok
17:47:49.0840 0x0d30 [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:47:49.0887 0x0d30 PolicyAgent - ok
17:47:49.0903 0x0d30 [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power C:\Windows\system32\umpo.dll
17:47:49.0934 0x0d30 Power - ok
17:47:49.0965 0x0d30 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:47:49.0981 0x0d30 PptpMiniport - ok
17:47:49.0996 0x0d30 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:47:50.0012 0x0d30 Processor - ok
17:47:50.0059 0x0d30 [ 630CF26F0227498B7D5A92B12548960F, 7B6E2A3C398DF2E8F63C03ED5B59BB8DA47D5C1ACA9F37438F71F35633ACD6CD ] ProfSvc C:\Windows\system32\profsvc.dll
17:47:50.0074 0x0d30 ProfSvc - ok
17:47:50.0090 0x0d30 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:47:50.0090 0x0d30 ProtectedStorage - ok
17:47:50.0137 0x0d30 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:47:50.0152 0x0d30 Psched - ok
17:47:50.0199 0x0d30 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:47:50.0261 0x0d30 ql2300 - ok
17:47:50.0293 0x0d30 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:47:50.0293 0x0d30 ql40xx - ok
17:47:50.0324 0x0d30 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
17:47:50.0355 0x0d30 QWAVE - ok
17:47:50.0371 0x0d30 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:47:50.0386 0x0d30 QWAVEdrv - ok
17:47:50.0386 0x0d30 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:47:50.0417 0x0d30 RasAcd - ok
17:47:50.0449 0x0d30 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:47:50.0480 0x0d30 RasAgileVpn - ok
17:47:50.0480 0x0d30 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
17:47:50.0511 0x0d30 RasAuto - ok
17:47:50.0527 0x0d30 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:47:50.0542 0x0d30 Rasl2tp - ok
17:47:50.0589 0x0d30 [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan C:\Windows\System32\rasmans.dll
17:47:50.0605 0x0d30 RasMan - ok
17:47:50.0620 0x0d30 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:47:50.0636 0x0d30 RasPppoe - ok
17:47:50.0651 0x0d30 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:47:50.0667 0x0d30 RasSstp - ok
17:47:50.0683 0x0d30 [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:47:50.0714 0x0d30 rdbss - ok
17:47:50.0714 0x0d30 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:47:50.0729 0x0d30 rdpbus - ok
17:47:50.0745 0x0d30 [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:47:50.0761 0x0d30 RDPCDD - ok
17:47:50.0823 0x0d30 [ C5FF95883FFEF704D50C40D21CFB3AB5, 26CC53DDE126A6BD99F606695F063BB7FDC4BBABB9F75F7AD7A84B58C837EEAA ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:47:50.0839 0x0d30 RDPDR - ok
17:47:50.0870 0x0d30 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:47:50.0901 0x0d30 RDPENCDD - ok
17:47:50.0901 0x0d30 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:47:50.0932 0x0d30 RDPREFMP - ok
17:47:50.0948 0x0d30 [ 801371BA9782282892D00AADB08EE367, 884DDC24B8400E76F65F54C249053333AD29543224F9EC156C64A6BDF584DDCD ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:47:50.0979 0x0d30 RDPWD - ok
17:47:51.0010 0x0d30 [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:47:51.0010 0x0d30 rdyboost - ok
17:47:51.0073 0x0d30 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:47:51.0088 0x0d30 RemoteRegistry - ok
17:47:51.0119 0x0d30 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:47:51.0151 0x0d30 RpcEptMapper - ok
17:47:51.0166 0x0d30 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
17:47:51.0182 0x0d30 RpcLocator - ok
17:47:51.0197 0x0d30 [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs C:\Windows\System32\rpcss.dll
17:47:51.0229 0x0d30 RpcSs - ok
17:47:51.0275 0x0d30 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:47:51.0307 0x0d30 rspndr - ok
17:47:51.0322 0x0d30 [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
17:47:51.0338 0x0d30 RTL8167 - ok
17:47:51.0369 0x0d30 [ C9B9B3219322786EF82745E09FE9CBE8, B704FEE5B7FC5B662ED80E51E53336DBBAC7402BC99A35E67036327DF6431D45 ] RTL85n86 C:\Windows\system32\DRIVERS\RTL85n86.sys
17:47:51.0385 0x0d30 RTL85n86 - ok
17:47:51.0416 0x0d30 [ 5423D8437051E89DD34749F242C98648, 28FD190E13676B0FD452A73C3069B72206E2938DB2240BAA9BDB56687C748A2B ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
17:47:51.0431 0x0d30 s3cap - ok
17:47:51.0447 0x0d30 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] SamSs C:\Windows\system32\lsass.exe
17:47:51.0447 0x0d30 SamSs - ok
17:47:51.0494 0x0d30 [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:47:51.0494 0x0d30 sbp2port - ok
17:47:51.0525 0x0d30 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:47:51.0541 0x0d30 SCardSvr - ok
17:47:51.0572 0x0d30 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:47:51.0603 0x0d30 scfilter - ok
17:47:51.0650 0x0d30 [ 3E8B0C453E25613A1F59762A5C42AA75, 86801C49664441A08F7E95031E52AD2518D61CCB945A857A18F0714351A8158C ] Schedule C:\Windows\system32\schedsvc.dll
17:47:51.0681 0x0d30 Schedule - ok
17:47:51.0712 0x0d30 [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:47:51.0728 0x0d30 SCPolicySvc - ok
17:47:51.0743 0x0d30 [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:47:51.0759 0x0d30 SDRSVC - ok
17:47:51.0806 0x0d30 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:47:51.0837 0x0d30 secdrv - ok
17:47:51.0853 0x0d30 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
17:47:51.0884 0x0d30 seclogon - ok
17:47:51.0884 0x0d30 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
17:47:51.0915 0x0d30 SENS - ok
17:47:51.0931 0x0d30 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:47:51.0962 0x0d30 SensrSvc - ok
17:47:51.0962 0x0d30 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:47:51.0977 0x0d30 Serenum - ok
17:47:51.0993 0x0d30 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:47:52.0009 0x0d30 Serial - ok
17:47:52.0009 0x0d30 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:47:52.0024 0x0d30 sermouse - ok
17:47:52.0055 0x0d30 [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv C:\Windows\system32\sessenv.dll
17:47:52.0087 0x0d30 SessionEnv - ok
17:47:52.0087 0x0d30 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:47:52.0102 0x0d30 sffdisk - ok
17:47:52.0102 0x0d30 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:47:52.0118 0x0d30 sffp_mmc - ok
17:47:52.0133 0x0d30 [ 4F1E5B0FE7C8050668DBFADE8999AEFB, E36DAACC3D11F004808A3F44C471BBFDC2F33411D9F5C18B55B0DB2A6DA6E74C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:47:52.0133 0x0d30 sffp_sd - ok
17:47:52.0149 0x0d30 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:47:52.0149 0x0d30 sfloppy - ok
17:47:52.0211 0x0d30 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:47:52.0227 0x0d30 SharedAccess - ok
17:47:52.0274 0x0d30 [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:47:52.0305 0x0d30 ShellHWDetection - ok
17:47:52.0321 0x0d30 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
17:47:52.0321 0x0d30 sisagp - ok
17:47:52.0352 0x0d30 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:47:52.0352 0x0d30 SiSRaid2 - ok
17:47:52.0367 0x0d30 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:47:52.0383 0x0d30 SiSRaid4 - ok
17:47:52.0414 0x0d30 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:47:52.0430 0x0d30 Smb - ok
17:47:52.0477 0x0d30 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:47:52.0477 0x0d30 SNMPTRAP - ok
17:47:52.0555 0x0d30 [ 4945020BC094C322571184A6E8056B3A, 9E09257411F7C3631537D0198E0E64CDD1A697D80430F6379139B15A2BA8A6C9 ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
17:47:52.0570 0x0d30 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
17:47:58.0061 0x0d30 Detect skipped due to KSN trusted
17:47:58.0061 0x0d30 SolidWorks Licensing Service - ok
17:47:58.0108 0x0d30 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
17:47:58.0108 0x0d30 spldr - ok
17:47:58.0171 0x0d30 [ 49B6DD6AB3715B7A67965F17194E98A9, 331D69F3630BA978AC13471A2E7465351D04416343A595C62B94BADFFCD02B3A ] Spooler C:\Windows\System32\spoolsv.exe
17:47:58.0202 0x0d30 Spooler - ok
17:47:58.0545 0x0d30 [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc C:\Windows\system32\sppsvc.exe
17:47:58.0654 0x0d30 sppsvc - ok
17:47:58.0685 0x0d30 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:47:58.0701 0x0d30 sppuinotify - ok
17:47:58.0732 0x0d30 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33, 58D0B957469D55026A53C3963508C8B36BDB360A0A5B870332B79A39200DB3AC ] srv C:\Windows\system32\DRIVERS\srv.sys
17:47:58.0763 0x0d30 srv - ok
17:47:58.0763 0x0d30 [ DCE7E10FEAABD4CAE95948B3DE5340BB, B1E9CD14DC24BB161EFC83D83CE95D0A98008AD790041785C6C8B87564A491D7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:47:58.0795 0x0d30 srv2 - ok
17:47:58.0810 0x0d30 [ B5665BAA2120B8A54E22E9CD07C05106, 86E50853D412ACDC752AD182ED52B49DD679D75843E1E9D6A6425E750594692C ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:47:58.0841 0x0d30 srvnet - ok
17:47:58.0857 0x0d30 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:47:58.0888 0x0d30 SSDPSRV - ok
17:47:58.0904 0x0d30 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:47:58.0919 0x0d30 SstpSvc - ok
17:47:58.0966 0x0d30 [ C354621B6B94E10AE7F5CDBE745FEB86, 790F739C71432AFFA69842C8C8BD62914A6F69FE0D242828AA317009B7176E0A ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:47:58.0982 0x0d30 Stereo Service - ok
17:47:58.0997 0x0d30 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:47:59.0013 0x0d30 stexstor - ok
17:47:59.0044 0x0d30 [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc C:\Windows\System32\wiaservc.dll
17:47:59.0060 0x0d30 StiSvc - ok
17:47:59.0091 0x0d30 [ 957E346CA948668F2496A6CCF6FF82CC, 5C0E0F0E0F2D36E3213885C60BC3B075AFD2257FEB4B8186FC1FE253E0C218AF ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
17:47:59.0091 0x0d30 storflt - ok
17:47:59.0122 0x0d30 [ D5751969DC3E4B88BF482AC8EC9FE019, DAEB50C0045364C75965B0E94744C6E2E1E85C8D00F1E8A5593F3EC780BDD7D9 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
17:47:59.0122 0x0d30 storvsc - ok
17:47:59.0138 0x0d30 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:47:59.0138 0x0d30 swenum - ok
17:47:59.0153 0x0d30 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
17:47:59.0200 0x0d30 swprv - ok
17:47:59.0231 0x0d30 [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain C:\Windows\system32\sysmain.dll
17:47:59.0278 0x0d30 SysMain - ok
17:47:59.0309 0x0d30 [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:47:59.0325 0x0d30 TabletInputService - ok
17:47:59.0341 0x0d30 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:47:59.0356 0x0d30 TapiSrv - ok
17:47:59.0403 0x0d30 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
17:47:59.0419 0x0d30 TBS - ok
17:47:59.0621 0x0d30 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC, 62917CDBC6529D1CC3D7F6E211C717DC44033955749333DCBD052F9BF6639767 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:47:59.0668 0x0d30 Tcpip - ok
17:47:59.0731 0x0d30 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC, 62917CDBC6529D1CC3D7F6E211C717DC44033955749333DCBD052F9BF6639767 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:47:59.0762 0x0d30 TCPIP6 - ok
17:47:59.0762 0x0d30 [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:47:59.0793 0x0d30 tcpipreg - ok
17:47:59.0824 0x0d30 [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:47:59.0840 0x0d30 TDPIPE - ok
17:47:59.0855 0x0d30 [ 7551E91EA999EE9A8E9C331D5A9C31F3, C98C97DFD6C7276CD999545A7BC67B56E1BDDFB2886412E9198012322F95A10D ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:47:59.0871 0x0d30 TDTCP - ok
17:47:59.0902 0x0d30 [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:47:59.0918 0x0d30 tdx - ok
17:47:59.0933 0x0d30 [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:47:59.0949 0x0d30 TermDD - ok
17:47:59.0996 0x0d30 [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService C:\Windows\System32\termsrv.dll
17:48:00.0027 0x0d30 TermService - ok
17:48:00.0043 0x0d30 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
17:48:00.0089 0x0d30 Themes - ok
17:48:00.0105 0x0d30 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
17:48:00.0121 0x0d30 THREADORDER - ok
17:48:00.0152 0x0d30 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
17:48:00.0183 0x0d30 TrkWks - ok
17:48:00.0230 0x0d30 [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:48:00.0245 0x0d30 TrustedInstaller - ok
17:48:00.0261 0x0d30 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:48:00.0277 0x0d30 tssecsrv - ok
17:48:00.0308 0x0d30 [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:48:00.0339 0x0d30 tunnel - ok
17:48:00.0355 0x0d30 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:48:00.0370 0x0d30 uagp35 - ok
17:48:00.0386 0x0d30 [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:48:00.0417 0x0d30 udfs - ok
17:48:00.0433 0x0d30 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:48:00.0448 0x0d30 UI0Detect - ok
17:48:00.0479 0x0d30 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:48:00.0479 0x0d30 uliagpkx - ok
17:48:00.0511 0x0d30 [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:48:00.0511 0x0d30 umbus - ok
17:48:00.0526 0x0d30 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:48:00.0557 0x0d30 UmPass - ok
17:48:00.0589 0x0d30 [ 8ECACA5454844F66386F7BE4AE0D7CD1, F3B02A9F598C6A9EFA019F5833959DD1A86FDFDB9FDDF99A8687BBB6211AAD00 ] UmRdpService C:\Windows\System32\umrdp.dll
17:48:00.0604 0x0d30 UmRdpService - ok
17:48:00.0620 0x0d30 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
17:48:00.0651 0x0d30 upnphost - ok
17:48:00.0667 0x0d30 [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:48:00.0682 0x0d30 usbccgp - ok
17:48:00.0682 0x0d30 [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:48:00.0698 0x0d30 usbcir - ok
17:48:00.0713 0x0d30 [ 1C333BFD60F2FED2C7AD5DAF533CB742, 97AE9CA39482B886FCD063E80B8AB153E1FC1459452657393D8B1745EF69E1C3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:48:00.0713 0x0d30 usbehci - ok
17:48:00.0745 0x0d30 [ EE6EF93CCFA94FAE8C6AB298273D8AE2, CBEE16CEAD02E994F0C2AD77DD8C01CB9964C6B42DE49FF7A787849CD25767B4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:48:00.0760 0x0d30 usbhub - ok
17:48:00.0776 0x0d30 [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:48:00.0791 0x0d30 usbohci - ok
17:48:00.0823 0x0d30 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:48:00.0838 0x0d30 usbprint - ok
17:48:00.0869 0x0d30 [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:48:00.0885 0x0d30 usbscan - ok
17:48:00.0901 0x0d30 [ D8889D56E0D27E57ED4591837FE71D27, DB1B65EEBFB036086EC3347C1181D9D01FF65870EAEC4A1BA08AF43C35075647 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:48:00.0916 0x0d30 USBSTOR - ok
17:48:00.0932 0x0d30 [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:48:00.0932 0x0d30 usbuhci - ok
17:48:00.0963 0x0d30 [ D82F43D15FDAA666856C0190CB73E7C9, A998F5F0535ADCFE0E6F37E4B222262F59D4E43CB596D62E785EF8E0D7E296F6 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
17:48:00.0979 0x0d30 usb_rndisx - ok
17:48:01.0010 0x0d30 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
17:48:01.0041 0x0d30 UxSms - ok
17:48:01.0057 0x0d30 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] VaultSvc C:\Windows\system32\lsass.exe
17:48:01.0057 0x0d30 VaultSvc - ok
17:48:01.0088 0x0d30 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:48:01.0103 0x0d30 vdrvroot - ok
17:48:01.0119 0x0d30 [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds C:\Windows\System32\vds.exe
17:48:01.0150 0x0d30 vds - ok
17:48:01.0166 0x0d30 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:48:01.0166 0x0d30 vga - ok
17:48:01.0181 0x0d30 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:48:01.0197 0x0d30 VgaSave - ok
17:48:01.0213 0x0d30 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:48:01.0228 0x0d30 vhdmp - ok
17:48:01.0228 0x0d30 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
17:48:01.0244 0x0d30 viaagp - ok
17:48:01.0244 0x0d30 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:48:01.0259 0x0d30 ViaC7 - ok
17:48:01.0275 0x0d30 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:48:01.0291 0x0d30 viaide - ok
17:48:01.0353 0x0d30 [ 59E6D1CC4EA1A19D07570AA0657ED966, 27E3366E7D2862148E6A8F6FAD02204FCAB50496ADCE49669096C54AA0A74022 ] VmbService C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
17:48:01.0369 0x0d30 VmbService - detected UnsignedFile.Multi.Generic ( 1 )
17:48:05.0035 0x0d30 Detect skipped due to KSN trusted
17:48:05.0035 0x0d30 VmbService - ok
17:48:05.0066 0x0d30 [ 379B349F65F453D2A6E75EA6B7448E49, F52B1B3AE9F5D38B45C889A7B1EBE59533C17E73678D355D1466B5EF3338BF16 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
17:48:05.0097 0x0d30 vmbus - ok
17:48:05.0097 0x0d30 [ EC2BBAB4B84D0738C6C83D2234DC36FE, 8BA2FA187DAC6994D5A29897AE5F46E6424FB53C827553E0BB148E31825D6676 ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
17:48:05.0113 0x0d30 VMBusHID - ok
17:48:05.0128 0x0d30 [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:48:05.0144 0x0d30 volmgr - ok
17:48:05.0144 0x0d30 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:48:05.0159 0x0d30 volmgrx - ok
17:48:05.0175 0x0d30 [ 58DF9D2481A56EDDE167E51B334D44FD, C77D7BE83CF1C0DEC80429C5A519E794FD2E8C1E6DAD6F5C92B5EB5694CEB8EA ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:48:05.0191 0x0d30 volsnap - ok
17:48:05.0222 0x0d30 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:48:05.0237 0x0d30 vsmraid - ok
17:48:05.0284 0x0d30 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS C:\Windows\system32\vssvc.exe
17:48:05.0315 0x0d30 VSS - ok
17:48:05.0331 0x0d30 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:48:05.0347 0x0d30 vwifibus - ok
17:48:05.0362 0x0d30 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
17:48:05.0393 0x0d30 W32Time - ok
17:48:05.0409 0x0d30 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:48:05.0440 0x0d30 WacomPen - ok
17:48:05.0456 0x0d30 [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:48:05.0487 0x0d30 WANARP - ok
17:48:05.0487 0x0d30 [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:48:05.0503 0x0d30 Wanarpv6 - ok
17:48:05.0596 0x0d30 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:48:05.0643 0x0d30 WatAdminSvc - ok
17:48:05.0705 0x0d30 [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine C:\Windows\system32\wbengine.exe
17:48:05.0752 0x0d30 wbengine - ok
17:48:05.0768 0x0d30 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:48:05.0783 0x0d30 WbioSrvc - ok
17:48:05.0799 0x0d30 [ D0F88AA11EE1A62BCC6D6A8A7783CA11, 3DBC1806E6F8CD58A9E93EA2A0CDC83C1A90E37B5E385209E4D9A0C81922F447 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:48:05.0830 0x0d30 wcncsvc - ok
17:48:05.0846 0x0d30 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:48:05.0861 0x0d30 WcsPlugInService - ok
17:48:05.0861 0x0d30 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:48:05.0877 0x0d30 Wd - ok
17:48:05.0893 0x0d30 [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:48:05.0908 0x0d30 Wdf01000 - ok
17:48:05.0924 0x0d30 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:48:05.0939 0x0d30 WdiServiceHost - ok
17:48:05.0939 0x0d30 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:48:05.0955 0x0d30 WdiSystemHost - ok
17:48:05.0971 0x0d30 [ D87C7D2C517F82A5AB7A73E203063D9E, 8861AB4ECEDAE801008BE0406FCB19418AA2864E89D0776B94E25773E6DB5E88 ] WebClient C:\Windows\System32\webclnt.dll
17:48:05.0986 0x0d30 WebClient - ok
17:48:05.0986 0x0d30 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:48:06.0017 0x0d30 Wecsvc - ok
17:48:06.0033 0x0d30 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:48:06.0049 0x0d30 wercplsupport - ok
17:48:06.0095 0x0d30 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
17:48:06.0127 0x0d30 WerSvc - ok
17:48:06.0142 0x0d30 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:48:06.0173 0x0d30 WfpLwf - ok
17:48:06.0189 0x0d30 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:48:06.0189 0x0d30 WIMMount - ok
17:48:06.0267 0x0d30 [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:48:06.0298 0x0d30 WinDefend - ok
17:48:06.0298 0x0d30 WinHttpAutoProxySvc - ok
17:48:06.0345 0x0d30 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:48:06.0376 0x0d30 Winmgmt - ok
17:48:06.0423 0x0d30 [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM C:\Windows\system32\WsmSvc.dll
17:48:06.0501 0x0d30 WinRM - ok
17:48:06.0548 0x0d30 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:48:06.0563 0x0d30 WinUsb - ok
17:48:06.0595 0x0d30 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:48:06.0641 0x0d30 Wlansvc - ok
17:48:06.0657 0x0d30 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:48:06.0673 0x0d30 WmiAcpi - ok
17:48:06.0704 0x0d30 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:48:06.0704 0x0d30 wmiApSrv - ok
17:48:06.0719 0x0d30 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:48:06.0735 0x0d30 WPCSvc - ok
17:48:06.0751 0x0d30 [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:48:06.0766 0x0d30 WPDBusEnum - ok
17:48:06.0782 0x0d30 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:48:06.0797 0x0d30 ws2ifsl - ok
17:48:06.0844 0x0d30 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
17:48:06.0875 0x0d30 wscsvc - ok
17:48:06.0875 0x0d30 WSearch - ok
17:48:06.0938 0x0d30 [ A33408CC036F9C08142B11BE5E93F0A1, A6CE3681EE4DE3C9A8B8B5DA4E8E46DB4443A32D1339F7D0893F1F2153635D86 ] wuauserv C:\Windows\system32\wuaueng.dll
17:48:07.0016 0x0d30 wuauserv - ok
17:48:07.0031 0x0d30 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E, C685A458951820ED0F09E6197251CE6FC55AAB75D4FBEFF2992805309239A47A ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:48:07.0063 0x0d30 WudfPf - ok
17:48:07.0078 0x0d30 [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:48:07.0109 0x0d30 WUDFRd - ok
17:48:07.0141 0x0d30 [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:48:07.0156 0x0d30 wudfsvc - ok
17:48:07.0172 0x0d30 [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:48:07.0203 0x0d30 WwanSvc - ok
17:48:07.0250 0x0d30 ================ Scan global ===============================
17:48:07.0281 0x0d30 [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
17:48:07.0297 0x0d30 [ 827E4F75901CA3F990B1487D3301841E, A0B17C83D52DB95EDBA81C6ABD78E5E4E3BB65CB57F977B07172A96D4C2B743B ] C:\Windows\system32\winsrv.dll
17:48:07.0312 0x0d30 [ 827E4F75901CA3F990B1487D3301841E, A0B17C83D52DB95EDBA81C6ABD78E5E4E3BB65CB57F977B07172A96D4C2B743B ] C:\Windows\system32\winsrv.dll
17:48:07.0328 0x0d30 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
17:48:07.0343 0x0d30 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
17:48:07.0359 0x0d30 [ Global ] - ok
17:48:07.0359 0x0d30 ================ Scan MBR ==================================
17:48:07.0359 0x0d30 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:48:07.0562 0x0d30 \Device\Harddisk0\DR0 - ok
17:48:07.0624 0x0d30 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:48:07.0749 0x0d30 \Device\Harddisk1\DR1 - ok
17:48:07.0765 0x0d30 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
17:48:07.0843 0x0d30 \Device\Harddisk2\DR2 - ok
17:48:07.0843 0x0d30 ================ Scan VBR ==================================
17:48:07.0874 0x0d30 [ 3A25597DBAB4E92DD5A7B6A35AC603D5 ] \Device\Harddisk0\DR0\Partition1
17:48:07.0874 0x0d30 \Device\Harddisk0\DR0\Partition1 - ok
17:48:07.0889 0x0d30 [ CC14C2FAA6D6137FEB8B012A65C7D01A ] \Device\Harddisk0\DR0\Partition2
17:48:07.0889 0x0d30 \Device\Harddisk0\DR0\Partition2 - ok
17:48:07.0905 0x0d30 [ 01730BADB69EE7A6D5B248CF09A2EE61 ] \Device\Harddisk0\DR0\Partition3
17:48:07.0905 0x0d30 \Device\Harddisk0\DR0\Partition3 - ok
17:48:07.0921 0x0d30 [ 2F7FCDA48F34901C96BDCCFDBAEF2BA4 ] \Device\Harddisk1\DR1\Partition1
17:48:07.0921 0x0d30 \Device\Harddisk1\DR1\Partition1 - ok
17:48:07.0921 0x0d30 [ 1D622D90A3B7B872396AA730B8C52E01 ] \Device\Harddisk2\DR2\Partition1
17:48:07.0921 0x0d30 \Device\Harddisk2\DR2\Partition1 - ok
17:48:07.0921 0x0d30 Waiting for KSN requests completion. In queue: 43
17:48:08.0935 0x0d30 Waiting for KSN requests completion. In queue: 43
17:48:09.0949 0x0d30 Waiting for KSN requests completion. In queue: 43
17:48:10.0963 0x0d30 Waiting for KSN requests completion. In queue: 43
17:48:11.0977 0x0d30 Win FW state via NFP2: enabled
17:48:16.0875 0x0d30 ============================================================
17:48:16.0875 0x0d30 Scan finished
17:48:16.0875 0x0d30 ============================================================
17:48:16.0891 0x0d44 Detected object count: 0
17:48:16.0891 0x0d44 Actual detected object count: 0


mbam-log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.24.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Stefan :: STEFAN-PC [administrator]

2013/10/24 17:54:56 PM
mbam-log-2013-10-24 (17-54-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244779
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 29
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96E277C1-EFCC-6C5F-F089-7BF080367B2E} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29A2FD27-9630-A0E7-005B-845CC22AE62A} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0041844.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0041844.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0041844.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKLM\Software\ElectroLyrics-1 (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2T1U1Q0StGyEtH1I2Y0StGtBtH1N1QtI0EtGzv -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Roaming\OpenCandy\0F379A89265945DEAD8E072F98CB17CC (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Roaming\OpenCandy\A7B1587E199847E3A81B5C9C2D01AFD5 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Roaming\OpenCandy\OpenCandy_A7B1587E199847E3A81B5C9C2D01AFD5 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.

Files Detected: 25
C:\Users\Stefan\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\ProgramData\ccoonntoinuUEtossavea\5182b065d252e.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{AF0AF371-584C-4B47-A9AC-106E74E9D187}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{AF0AF371-584C-4B47-A9AC-106E74E9D187}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{CEFF2BF8-4E61-49C6-AB2D-0643151C090E}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{CEFF2BF8-4E61-49C6-AB2D-0643151C090E}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\Stefan\dxqzso.exe (Trojan.Dropper.AI) -> Quarantined and deleted successfully.
C:\Users\Stefan\Downloads\77ZipSetup.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Stefan\Downloads\setup.exe (PUP.Optional.ExpressInstall.A) -> Quarantined and deleted successfully.
C:\Users\Stefan\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Stefan\Downloads\SoftonicDownloader_for_winamp.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Stefan\Downloads\sweetimsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Stefan\Downloads\ELe.1.20.x264.rar.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Stefan\Downloads\Dexter.S08E02.Every.Silver.Lining..XviD-MGD[ettv].exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Roaming\OpenCandy\0F379A89265945DEAD8E072F98CB17CC\IE9-Windows7-x86-enu.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Roaming\OpenCandy\A7B1587E199847E3A81B5C9C2D01AFD5\PCSU_SL_3.1.2.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.

(end)

Attached Files


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,006 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.


Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Run OTL, Quickscan and post the log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP