Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MBR:Whistler-C [Rtk] detected by Avast. [Solved]


  • This topic is locked This topic is locked

#1
profphat

profphat

    Member

  • Member
  • PipPip
  • 39 posts

Hi

I ran the avast scan yesterday and it found MBR:Whistler-C[Rtk]

I noticed this previous post http://www.geekstogo...ler-rtk-solved/

and I understand it is a tricky one to get rid of.

My PC symptoms are similar only on loading up windows or when I open a new internet window.

I would like to know how to solve this issue and whether I can follow the steps in the post.

Any help would be appreciated.

cheers


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets have a look see :)

Download aswMBR.exe ( 4.9mb ) to your desktop.
Double click the aswMBR.exe to run it
Allow virtualisation if offered
Click the "Scan" button to start scan
If Avast is not your AV it will ask to download virus definitions, allow this

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

  • 0

#3
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Hi Essexboy, thanks for helping out. I am pasting the results of the aswMBR result.

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-02 21:50:44
-----------------------------
21:50:44.156    OS Version: Windows 5.1.2600 Service Pack 2
21:50:44.156    Number of processors: 2 586 0xF06
21:50:44.156    ComputerName: MASTER  UserName: martin
21:50:45.296    Initialize success
21:50:45.343    VM: initialized successfully
21:50:45.390    VM: outdated driver version !
21:50:52.750    AVAST engine defs: 14070200
21:51:22.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7
21:51:22.578    Disk 0 Vendor: WDC_WD3200KS-00PFB0 21.00M21 Size: 305245MB BusType: 3
21:51:22.578    Device \Driver\atapi -> MajorFunction 89e1aa68
21:51:22.593    Disk 0 MBR read successfully
21:51:22.593    Disk 0 MBR scan
21:51:22.609    Disk 0 Windows XP default MBR code
21:51:22.609    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        99998 MB offset 63
21:51:22.625    Disk 0 unknown boot code
21:51:22.625    Disk 0 Partition - 00     0F Extended LBA            205236 MB offset 204796620
21:51:22.640    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99998 MB offset 204796683
21:51:22.640    Disk 0 Partition - 00     05     Extended            105238 MB offset 409593240
21:51:22.671    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       105238 MB offset 409593303
21:51:22.687    Scan finished successfully
21:51:39.468    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\martin\Desktop\MBR.dat"
21:51:39.468    The log file has been saved successfully to "C:\Documents and Settings\martin\Desktop\aswMBR.txt"


Edited by profphat, 02 July 2014 - 07:57 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm has Avast cured it already ?
  • 0

#5
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I've atttached the OTL documents, or did u want me to paste them in the reply?

OTL logfile created on: 7/2/2014 9:54:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\martin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.82% Memory free
3.85 Gb Paging File | 2.73 Gb Available in Paging File | 70.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 4.58 Gb Free Space | 4.68% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 2.59 Gb Free Space | 2.65% Space Free | Partition Type: NTFS
Drive E: | 102.77 Gb Total Space | 4.57 Gb Free Space | 4.44% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 1069.42 Gb Free Space | 57.40% Space Free | Partition Type: NTFS

Computer Name: MASTER | User Name: martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/02 21:53:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\martin\My Documents\Downloads\OTL.exe
PRC - [2014/06/11 22:01:23 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/01/10 13:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/09/10 20:43:32 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/03/07 07:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 07:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/28 10:59:26 | 005,529,328 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\LCore.exe
PRC - [2013/02/19 15:41:44 | 012,805,888 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe
PRC - [2011/12/01 14:37:00 | 000,215,552 | ---- | M] () -- C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
PRC - [2011/12/01 14:37:00 | 000,206,336 | ---- | M] () -- C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
PRC - [2011/12/01 14:37:00 | 000,080,384 | ---- | M] () -- C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
PRC - [2011/11/08 02:04:36 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/10/20 16:01:26 | 000,700,416 | ---- | M] () -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe
PRC - [2008/10/20 16:00:12 | 000,102,400 | ---- | M] (PacketVideo) -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe
PRC - [2008/02/20 20:10:12 | 000,619,832 | ---- | M] (Apple Inc.) -- C:\Program Files\DVD or CD Sharing\ODSAgent.exe
PRC - [2007/06/13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 01:02:00 | 000,919,280 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007/03/09 01:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2006/07/29 19:07:57 | 000,188,416 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2005/12/13 13:09:52 | 000,077,824 | ---- | M] (Compro Technology, Inc.) -- C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
PRC - [2004/08/22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (No Company Name) ==========

MOD - [2014/07/02 18:10:30 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2014/07/02 18:10:30 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2014/07/02 18:07:15 | 002,816,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14070200\algo.dll
MOD - [2014/07/02 07:11:43 | 002,816,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14070100\algo.dll
MOD - [2014/06/11 22:01:20 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/01/10 13:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/10 13:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/12/01 14:37:00 | 000,215,552 | ---- | M] () -- C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
MOD - [2011/12/01 14:37:00 | 000,206,336 | ---- | M] () -- C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
MOD - [2011/12/01 14:37:00 | 000,080,384 | ---- | M] () -- C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
MOD - [2011/11/18 10:00:34 | 000,019,456 | ---- | M] () -- C:\WINDOWS\system32\fxhr2aLM.DLL
MOD - [2011/11/13 12:35:26 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2010/09/07 13:32:00 | 000,225,280 | ---- | M] () -- C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmusb.dll
MOD - [2008/10/20 16:01:26 | 000,700,416 | ---- | M] () -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe
MOD - [2008/05/07 13:18:48 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2007/03/09 01:04:42 | 000,194,296 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd
MOD - [2007/03/09 01:04:42 | 000,046,840 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2007/03/09 01:04:40 | 000,145,144 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2007/03/09 01:04:40 | 000,026,360 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2007/03/09 01:04:40 | 000,026,360 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2006/07/09 13:41:58 | 000,796,584 | ---- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll
MOD - [2004/08/22 17:04:56 | 000,069,120 | ---- | M] () -- C:\WINDOWS\daemon.dll
MOD - [2003/12/30 21:52:00 | 000,007,168 | ---- | M] () -- C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2014/06/11 22:01:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/14 17:08:02 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 20:43:32 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/03 16:34:46 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/03/07 07:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/12/01 14:37:00 | 000,080,384 | ---- | M] () [Auto | Running] -- C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe -- (FXNADB)
SRV - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/04/27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/10/20 16:00:12 | 000,102,400 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe -- (TwonkyMedia)
SRV - [2007/03/09 01:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\martin\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/03/07 07:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 07:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 07:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 07:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 07:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/03/07 07:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 07:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 07:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/01/18 04:15:06 | 000,042,480 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/11/24 09:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/24 09:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/03/09 01:02:10 | 000,394,192 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/29 18:26:24 | 000,984,832 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/18 06:39:20 | 000,050,416 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/07/29 19:11:23 | 000,030,601 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/05/04 16:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/03/15 14:10:04 | 001,048,960 | ---- | M] (Compro Tech.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMHybrid.sys -- (VMHybrid)
DRV - [2005/11/16 16:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2004/08/11 09:27:52 | 000,027,232 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/08/03 23:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/03 22:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2003/12/06 23:50:52 | 000,005,513 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\mp3m2pls.sys -- (mp3m2pls)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1275210071-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKU\S-1-5-21-299502267-1275210071-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-1275210071-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-299502267-1275210071-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-299502267-1275210071-682003330-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-299502267-1275210071-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1275210071-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://au.news.yahoo.com/thewest | http://www.ozbargain.com.au/ | www.afl.com.au | http://shop.target.c...lack/P51484743"
FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.7
FF - prefs.js..extensions.enabledAddons: mp4downloader%40jeff.net:1.3.3
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.15
FF - prefs.js..extensions.enabledAddons: %7B2f17f610-5e97-4fed-828f-9940b7b577a4%7D:19.0.0
FF - prefs.js..extensions.enabledAddons: %7B6e764c17-863a-450f-bdd0-6772bd5aaa18%7D:1.0.3
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: %7BF0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0%7D:0.4.2
FF - prefs.js..extensions.enabledAddons: %7Bd8c4975b-9e4b-4574-b5ab-67fe58455a95%7D:1.303
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.6
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: [email protected]:3.7
FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF882F01}:0.2.104
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51414
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/11 22:06:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/11 22:00:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/11 22:01:07 | 000,000,000 | ---D | M]

[2009/07/27 20:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Extensions
[2009/07/27 20:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Extensions\[email protected]
[2014/07/02 18:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions
[2010/04/04 14:26:25 | 000,000,000 | ---D | M] (Phoenity Classic) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{069FB356-C69F-7349-D092-AB28AF882F01}
[2013/03/31 10:59:12 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2012/03/24 08:31:29 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/04/18 23:22:14 | 000,000,000 | ---D | M] (Blue Ice 2) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2013/04/30 17:56:19 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/01/30 12:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2009/07/22 12:05:22 | 000,000,000 | ---D | M] (CrystalFox Qute) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\[email protected]
[2013/12/03 19:05:22 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\[email protected]
[2012/12/25 00:43:04 | 000,000,000 | ---D | M] (yogurttree) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\[email protected]
[2013/11/15 19:06:14 | 000,020,693 | ---- | M] () (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\[email protected]
[2013/08/30 19:49:08 | 000,066,667 | ---- | M] () (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\[email protected]
[2012/07/30 22:55:57 | 000,010,390 | ---- | M] () (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi
[2014/07/02 18:12:33 | 000,538,404 | ---- | M] () (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/06/05 22:51:06 | 000,967,387 | ---- | M] () (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/01 23:48:40 | 000,205,755 | ---- | M] () (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{d8c4975b-9e4b-4574-b5ab-67fe58455a95}.xpi
[2013/07/17 21:08:56 | 000,024,309 | ---- | M] () (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{F0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0}.xpi
[2008/04/18 23:21:48 | 000,599,207 | ---- | M] () (No name found) -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}\chrome\tmp.xpi
[2009/01/14 21:00:33 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\searchplugins\emuparadise-search.xml
[2010/03/05 11:41:02 | 000,002,088 | ---- | M] () -- C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\searchplugins\google--infoaxe.xml
[2014/06/11 22:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/11 22:01:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\martin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Documents and Settings\martin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\martin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\martin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\martin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\martin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2001/08/23 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-1275210071-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-1275210071-682003330-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-1275210071-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-1275210071-682003330-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-1275210071-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DocuPrint P205b RUN] C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe ()
O4 - HKLM..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LauncherP205b] "C:\Program Files\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint P205 b File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe File not found
O4 - HKLM..\Run: [StatusAutoRunP205b] "C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe" FX DocuPrint P205 b,hide,\S File not found
O4 - HKLM..\Run: [UIUCU] C:\DOCUME~1\martin\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S File not found
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-299502267-1275210071-682003330-1003..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-299502267-1275210071-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1275210071-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-299502267-1275210071-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-299502267-1275210071-682003330-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0403890-50E6-429F-941C-5E07C5987C44}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\martin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\martin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/30 18:20:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/18 17:20:50 | 000,000,088 | ---- | M] () - N:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1836e62e-d1bd-11de-9faa-000129d69f72}\Shell\AutoRun\command - "" = M:\setup.exe
O33 - MountPoints2\{4cb10c1a-2b87-11e1-a33b-000129d69f72}\Shell\AutoRun\command - "" = M:\RunClubSanDisk.exe
O33 - MountPoints2\{624eb7df-a9a9-11e1-a462-000129d69f72}\Shell\AutoRun\command - "" = N:\AppInst.exe -- [2010/08/30 09:27:04 | 004,268,032 | ---- | M] (Samsung Electronics)
O33 - MountPoints2\{a53b7f11-2875-11e1-a335-000129d69f72}\Shell\AutoRun\command - "" = N:\RunClubSanDisk.exe
O33 - MountPoints2\{e600b014-2eb7-11e0-a262-000129d69f72}\Shell\AutoRun\command - "" = N:\AppInst.exe -- [2010/08/30 09:27:04 | 004,268,032 | ---- | M] (Samsung Electronics)
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\AppInst.exe -- [2010/08/30 09:27:04 | 004,268,032 | ---- | M] (Samsung Electronics)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/06/18 22:52:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/06/11 22:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[16 C:\Documents and Settings\martin\My Documents\*.tmp files -> C:\Documents and Settings\martin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/02 21:51:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\martin\Desktop\MBR.dat
[2014/07/02 21:42:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/02 21:27:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/07/02 19:53:11 | 000,000,000 | ---- | M] () -- C:\mediasample.bin
[2014/07/02 18:07:42 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/07/02 18:07:39 | 000,049,616 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/07/02 18:06:36 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/07/02 18:06:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/02 18:06:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/07/01 21:13:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/29 12:44:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/06/29 12:43:59 | 000,245,248 | ---- | M] () -- C:\Documents and Settings\martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/10 19:43:30 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[16 C:\Documents and Settings\martin\My Documents\*.tmp files -> C:\Documents and Settings\martin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/07/02 21:51:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\martin\Desktop\MBR.dat
[2014/06/10 19:43:30 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2014/06/10 19:43:18 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox (2).lnk
[2014/05/17 21:28:01 | 000,003,481 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
[2013/04/11 22:06:28 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/04/11 22:06:28 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/12/23 17:26:33 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\fxhr2aLM.DLL
[2012/11/03 16:07:02 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\martin\10MB.dat
[2009/07/18 01:55:36 | 000,300,848 | ---- | C] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
[2009/07/18 01:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe
[2009/04/08 22:01:52 | 001,954,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/02/01 12:46:32 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\martin\Local Settings\Application Data\kodakpcd.ini
[2007/08/30 20:27:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/05/23 12:56:41 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/03/24 17:19:12 | 000,000,347 | ---- | C] () -- C:\Documents and Settings\martin\Application Data\AutoGK.ini
[2007/03/15 19:20:40 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\martin\.plugin141_02.trace
[2006/08/31 12:24:03 | 000,245,248 | ---- | C] () -- C:\Documents and Settings\martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/04/08 21:40:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/06/23 23:38:34 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2004/08/04 00:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/05/12 22:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/04/11 22:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/01 21:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2009/12/05 23:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deskshare
[2012/11/06 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/25 13:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/10 00:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/04/08 22:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2012/11/06 18:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2010/03/14 13:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/04/12 21:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/01/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2009/08/03 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/11/09 23:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/14 20:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/07/19 14:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/03/28 10:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4588FC3C-C040-44E3-BB19-D9D014557FE1}
[2010/03/18 19:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/11/23 13:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Audacity
[2011/11/18 13:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Azureus
[2014/07/02 21:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\BitComet
[2011/03/09 22:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Canon
[2010/11/15 13:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2007/08/30 20:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\ConvertTemp
[2007/04/02 22:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Dr. DivX 2.0 OSS
[2014/06/10 18:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Dropbox
[2014/06/10 18:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\DropboxMaster
[2011/11/23 12:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\FLV Extract
[2010/03/19 18:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\FreeAudioPack
[2011/01/30 18:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\FrostWire
[2010/03/04 01:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\HandBrake
[2012/09/17 19:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\ImgBurn
[2006/09/29 14:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\InterVideo
[2008/05/18 15:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Leadertech
[2014/01/08 23:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Machete Lite
[2014/02/16 21:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Mp3tag
[2010/04/12 22:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Nokia
[2010/04/12 22:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Nokia Ovi Suite
[2009/04/10 11:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Nseries
[2012/07/24 22:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Oracle
[2012/11/06 18:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Origin
[2012/10/29 21:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Outlook
[2010/04/12 21:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\PC Suite
[2010/03/17 09:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Red Kawa
[2010/03/04 22:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\RipIt4Me
[2010/11/16 09:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Samsung
[2007/03/28 10:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Seven Zip
[2007/08/30 20:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\Temporary
[2007/08/30 20:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\TransRender
[2012/12/24 00:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\martin\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2004/08/04 00:56:48 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2004/08/04 00:56:48 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2004/08/04 00:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2004/08/04 00:56:42 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2004/08/04 00:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2006/05/19 20:59:41 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/02/20 13:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
No service found with a name of EapHost
SRV - [2006/12/20 05:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2004/08/04 00:56:48 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/04 00:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2004/08/04 00:56:52 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/04 00:56:44 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/04 00:56:50 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/04 00:56:50 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2005/08/23 02:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/21 01:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2005/06/11 07:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/04 00:56:46 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2006/06/22 18:47:18 | 000,181,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2005/07/26 12:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2004/08/04 00:56:46 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/04 00:56:46 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2004/08/04 00:56:48 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/12/08 03:32:34 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2006/12/20 05:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2004/08/04 00:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2004/08/04 00:56:46 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2004/08/04 00:56:44 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2005/07/09 00:27:56 | 000,249,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2004/08/04 00:56:48 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2006/12/20 05:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2004/08/04 00:56:58 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2004/08/04 00:56:42 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/04 00:56:44 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2006/12/20 02:16:47 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2005/05/04 14:45:36 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2004/08/04 00:56:48 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2004/08/04 00:56:42 | 000,616,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
No service found with a name of Dot3Svc
SRV - [2004/08/04 00:56:48 | 000,359,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2006/08/17 20:28:27 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 23:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< c:\program files (x86)\Google\Desktop >
[2006/08/30 18:18:38 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/08/30 18:20:16 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011/09/25 15:15:11 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011/09/25 15:15:11 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 23:20:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013/04/11 22:06:28 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is PROGRAMS
Volume Serial Number is 301C-B97F

< MD5 for: RPCSS.DLL >
[2008/04/14 08:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[2002/08/29 11:41:10 | 000,260,608 | ---- | M] (Microsoft Corporation) MD5=493FCBED180DCACF0B5D4C8C29949CA9 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2004/08/04 00:56:46 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
[2004/08/04 00:56:46 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2005/07/26 12:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/04/29 03:31:11 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=C8061F289E000703E7672916B7FE1571 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/07/26 12:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\system32\rpcss.dll
[2005/04/29 03:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

========== Files - Unicode (All) ==========
[2012/11/08 14:25:32 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\martin\My Documents\M?y bài hát dã tìm du?c sau dây.doc) -- C:\Documents and Settings\martin\My Documents\Mấy bài hát đã tìm được sau đây.doc
[2012/11/07 22:44:37 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\martin\My Documents\LÒNG M?.doc) -- C:\Documents and Settings\martin\My Documents\LÒNG MẸ.doc
[2011/12/01 16:48:19 | 081,053,217 | ---- | M] ()(C:\Documents and Settings\martin\Desktop\Diamond Club Makeup Transformation ??????????? - YouTube.mp4) -- C:\Documents and Settings\martin\Desktop\Diamond Club Makeup Transformation 鑽石夜總會之港女大翻身 - YouTube.mp4
[2011/12/01 16:45:24 | 081,053,217 | ---- | C] ()(C:\Documents and Settings\martin\Desktop\Diamond Club Makeup Transformation ??????????? - YouTube.mp4) -- C:\Documents and Settings\martin\Desktop\Diamond Club Makeup Transformation 鑽石夜總會之港女大翻身 - YouTube.mp4
[2011/10/10 17:10:32 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\martin\My Documents\18 Ð?c Chúa là Thiên Chúa phán.doc) -- C:\Documents and Settings\martin\My Documents\18 Ðức Chúa là Thiên Chúa phán.doc
[2011/10/10 17:10:05 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\martin\My Documents\18 Ð?c Chúa là Thiên Chúa phán.doc) -- C:\Documents and Settings\martin\My Documents\18 Ðức Chúa là Thiên Chúa phán.doc
[2010/09/20 15:14:50 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\martin\My Documents\~$NG M?.doc) -- C:\Documents and Settings\martin\My Documents\~$NG MẸ.doc
[2010/09/20 15:14:50 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\martin\My Documents\~$NG M?.doc) -- C:\Documents and Settings\martin\My Documents\~$NG MẸ.doc
[2009/10/26 02:44:46 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\martin\My Documents\LÒNG M?.doc) -- C:\Documents and Settings\martin\My Documents\LÒNG MẸ.doc
[2009/09/14 15:53:37 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\martin\My Documents\M?y bài hát dã tìm du?c sau dây.doc) -- C:\Documents and Settings\martin\My Documents\Mấy bài hát đã tìm được sau đây.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, I am easy either way :)

Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application
    tdss%20start.JPG
  • Then click on Change parameters.

    tdss%20Change%20param.JPG
  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss%20threat.JPG
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    tdss%20report.JPG
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
  • 0

#7
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

I'm not sure if Avast has removed it yet, as it is still in the Scan log.

The file name in the scan log is C:\Backup_MBR_0.bin. I hav not tried to repair or delete in Avast

 

 

22:27:01.0953 0x0dc4  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
22:27:07.0187 0x0dc4  ============================================================
22:27:07.0187 0x0dc4  Current date / time: 2014/07/02 22:27:07.0187
22:27:07.0187 0x0dc4  SystemInfo:
22:27:07.0187 0x0dc4  
22:27:07.0187 0x0dc4  OS Version: 5.1.2600 ServicePack: 2.0
22:27:07.0187 0x0dc4  Product type: Workstation
22:27:07.0187 0x0dc4  ComputerName: MASTER
22:27:07.0187 0x0dc4  UserName: martin
22:27:07.0187 0x0dc4  Windows directory: C:\WINDOWS
22:27:07.0187 0x0dc4  System windows directory: C:\WINDOWS
22:27:07.0187 0x0dc4  Processor architecture: Intel x86
22:27:07.0187 0x0dc4  Number of processors: 2
22:27:07.0187 0x0dc4  Page size: 0x1000
22:27:07.0187 0x0dc4  Boot type: Normal boot
22:27:07.0187 0x0dc4  ============================================================
22:27:09.0656 0x0dc4  KLMD registered as C:\WINDOWS\system32\drivers\88091018.sys
22:27:09.0718 0x0dc4  System UUID: {E79E1E13-5D29-DA88-7AB3-2A6D82768F9A}
22:27:10.0093 0x0dc4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:27:10.0093 0x0dc4  ============================================================
22:27:10.0093 0x0dc4  \Device\Harddisk0\DR0:
22:27:10.0093 0x0dc4  MBR partitions:
22:27:10.0093 0x0dc4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
22:27:10.0109 0x0dc4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0xC34F28D
22:27:10.0125 0x0dc4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0xCD8B229
22:27:10.0125 0x0dc4  ============================================================
22:27:10.0140 0x0dc4  C: <-> \Device\Harddisk0\DR0\Partition1
22:27:10.0203 0x0dc4  D: <-> \Device\Harddisk0\DR0\Partition2
22:27:10.0218 0x0dc4  E: <-> \Device\Harddisk0\DR0\Partition3
22:27:10.0218 0x0dc4  ============================================================
22:27:10.0218 0x0dc4  Initialize success
22:27:10.0218 0x0dc4  ============================================================
22:27:36.0250 0x0f14  ============================================================
22:27:36.0250 0x0f14  Scan started
22:27:36.0250 0x0f14  Mode: Manual; SigCheck; TDLFS;
22:27:36.0250 0x0f14  ============================================================
22:27:36.0250 0x0f14  KSN ping started
22:27:51.0046 0x0f14  KSN ping finished: true
22:27:52.0078 0x0f14  ================ Scan system memory ========================
22:27:52.0078 0x0f14  System memory - ok
22:27:52.0078 0x0f14  ================ Scan services =============================
22:27:52.0156 0x0f14  [ C0393EB99A6C72C6BEF9BFC4A72B33A6, 72BF029C6A37DE131FFD61C2374C8920556236218613E37B5F348AA89FA12E42 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:27:52.0750 0x0f14  !SASCORE - detected UnsignedFile.Multi.Generic ( 1 )
22:27:57.0468 0x0f14  Detect skipped due to KSN trusted
22:27:57.0468 0x0f14  !SASCORE - ok
22:27:57.0546 0x0f14  [ 86D7B1E70661D754685B9AC6D749AAE5, 6C5B8A706984E3F36E3E0303CC23C4583AAE03B0532220F910BD4DCD72070063 ] 61883           C:\WINDOWS\system32\DRIVERS\61883.sys
22:27:58.0140 0x0f14  61883 - ok
22:27:58.0156 0x0f14  Abiosdsk - ok
22:27:58.0156 0x0f14  abp480n5 - ok
22:27:58.0187 0x0f14  [ A10C7534F7223F4A73A948967D00E69B, EBF46FBB4C7C04433E91D95A079354E51A40CC05EAA00A86DEE261AFA81162FC ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:27:58.0265 0x0f14  ACPI - ok
22:27:58.0296 0x0f14  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
22:27:58.0390 0x0f14  ACPIEC - ok
22:27:58.0453 0x0f14  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:58.0453 0x0f14  AdobeFlashPlayerUpdateSvc - ok
22:27:58.0468 0x0f14  adpu160m - ok
22:27:58.0484 0x0f14  [ 1EE7B434BA961EF845DE136224C30FEC, 0216D2277B6B4AB9B0E47E093CEEAC2030EFB4B87BA048EA730E40119AA06444 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:27:58.0718 0x0f14  aec - ok
22:27:58.0750 0x0f14  [ 944CA435BFCFC82CC1ED9E3A7D731AA9, E050A71D7308B8B0B8D93DEFC37DE59EE3E1807EBFA3A7F2FA66FB043203A9E9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:27:58.0812 0x0f14  AFD - ok
22:27:58.0812 0x0f14  Aha154x - ok
22:27:58.0812 0x0f14  aic78u2 - ok
22:27:58.0812 0x0f14  aic78xx - ok
22:27:58.0828 0x0f14  [ C7AE0FD3867DB0D42B03B73C18F3D671, 13AE5D3DD13BC4C0EAB234FC3F87DA918793CE317A07EE37F107C8C6104E0BA9 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:27:58.0906 0x0f14  Alerter - ok
22:27:58.0921 0x0f14  [ F1958FBF86D5C004CF19A5951A9514B7, E8DF2330D48E9BF97A7061A84E42CCB2AD197C90FECB56150FB573B4D0C62883 ] ALG             C:\WINDOWS\System32\alg.exe
22:27:59.0015 0x0f14  ALG - ok
22:27:59.0015 0x0f14  AliIde - ok
22:27:59.0015 0x0f14  amsint - ok
22:27:59.0031 0x0f14  [ 9C3C12975C97119412802B181FBEEFFE, A20B1557702B2178354710823659E1E89E5C641C018CF964D95D481716B920B3 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
22:27:59.0125 0x0f14  AppMgmt - ok
22:27:59.0140 0x0f14  [ F0D692B0BFFB46E30EB3CEA168BBC49F, 745BE951F18C90FCD30C9A59BB861375C29FA49AF38D27EBFE4158FB7CAC86ED ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:27:59.0234 0x0f14  Arp1394 - ok
22:27:59.0234 0x0f14  asc - ok
22:27:59.0234 0x0f14  asc3350p - ok
22:27:59.0234 0x0f14  asc3550 - ok
22:27:59.0281 0x0f14  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:27:59.0296 0x0f14  aspnet_state - ok
22:27:59.0328 0x0f14  [ CCDA8D84FD02AEC52E62F296433AE9DC, 16D0A6F8009798EC4814C78E9D6CDBAC21ED782B8F2E290F0F80356F32143976 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:27:59.0343 0x0f14  aswFsBlk - ok
22:27:59.0375 0x0f14  [ A6E20E62871A28A0F1C05B1681848FA7, AB4086AF5DABBED1F58C7671406C98661120B53284E154E7E123CF83F3286B2B ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
22:27:59.0390 0x0f14  aswMonFlt - ok
22:27:59.0406 0x0f14  [ C1A411B7CCD604554D96EFDAC2F83617, 7533A77A3F0670621640F00FAF0E9EFDE9630556F1FD35381293D1D3E49DD781 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
22:27:59.0421 0x0f14  AswRdr - ok
22:27:59.0421 0x0f14  [ 657A61979F40D67CA29716149766FFA7, 45A99204D30456610F3DE7F83BB2467DE7C33EAE9416788C00249B5FC9405DF1 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
22:27:59.0437 0x0f14  aswRvrt - ok
22:27:59.0484 0x0f14  [ 0E604867FC28F00D91CB0B00D2EC830D, 6CB4D2B2808803EE955CEF920E6B74FF966A113A80E27ECC9559DEDC0D538379 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
22:27:59.0531 0x0f14  aswSnx - ok
22:27:59.0578 0x0f14  [ 6FC4AA106AA505394C908D37CCCB9148, 027AD3D4ADFF93990322BA331AE8D27ABDDB27FB09411A111071002B123EEFCC ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
22:27:59.0609 0x0f14  aswSP - ok
22:27:59.0734 0x0f14  [ 33E21FFB063CA6C7E00D568467DC72E4, C408DC0051DA710AC350F104E119299DA6C6C1FBF41BD018F49E9FA0E1D1523C ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
22:27:59.0750 0x0f14  aswTdi - ok
22:27:59.0765 0x0f14  [ EDB0C9BA44B748E420CCA989FD8B826E, A8BA117A72415FD9BF4F319FE9875D234D4438C58C7C3847CF9B4E9F490E3EB6 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
22:27:59.0781 0x0f14  aswVmm - ok
22:27:59.0796 0x0f14  [ 02000ABF34AF4C218C35D257024807D6, FDE21F7FCB198A44A6F2BCAF5EB11C9D90A094B4A2F8C307244A7655848954DA ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:27:59.0875 0x0f14  AsyncMac - ok
22:27:59.0890 0x0f14  [ CDFE4411A69C224BD1D11B2DA92DAC51, 0E6B23A80F171550575BEBC56F7500CD87A5CF03B2B9FDC49BC3DE96282CD69D ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:27:59.0984 0x0f14  atapi - ok
22:27:59.0984 0x0f14  Atdisk - ok
22:28:00.0000 0x0f14  [ EC88DA854AB7D7752EC8BE11A741BB7F, 91FAF224CB4B44608C85CC25C3A82A3EC83F379D14A119A60A75505A30043255 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:28:00.0093 0x0f14  Atmarpc - ok
22:28:00.0125 0x0f14  [ DB66DB626E4882EBEF55F136F12C1829, E4FA63031E8FCF456D45160C29ADD0989355D5C5C8E17C949C278421D41DAB62 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:28:00.0203 0x0f14  AudioSrv - ok
22:28:00.0218 0x0f14  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:28:00.0296 0x0f14  audstub - ok
22:28:00.0328 0x0f14  [ 41735B82DB57E4EBE9504EC400FD120E, 5EEDFA63E889A2094D1747934418F6268068B813E3C60C88759B17B26223D6BE ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:28:00.0343 0x0f14  avast! Antivirus - ok
22:28:00.0359 0x0f14  [ 87C223ADB8F7596B31CAAE3C67B16DDD, 8890EC45F3A604DD5F0158584D53F2B81ED687C35880CCAB3CC4B13EEF489C9D ] Avc             C:\WINDOWS\system32\DRIVERS\avc.sys
22:28:00.0437 0x0f14  Avc - ok
22:28:00.0453 0x0f14  [ 5D7BE7B19E827125E016325334E58FF1, 76AE80C91BF53DF4EE18C92D47EDC6541C2013E3669278166079D1A4A24F9FB6 ] BANTExt         C:\WINDOWS\System32\Drivers\BANTExt.sys
22:28:00.0468 0x0f14  BANTExt - detected UnsignedFile.Multi.Generic ( 1 )
22:28:01.0781 0x0f14  Detect skipped due to KSN trusted
22:28:01.0781 0x0f14  BANTExt - ok
22:28:01.0781 0x0f14  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:28:01.0859 0x0f14  Beep - ok
22:28:01.0890 0x0f14  [ 2C69EC7E5A311334D10DD95F338FCCEA, 3A4335B8D723311F66FA2A30972C65EEED63161D6A2B4ABD6FCF1C374083BC0F ] BITS            C:\WINDOWS\System32\qmgr.dll
22:28:02.0000 0x0f14  BITS - ok
22:28:02.0046 0x0f14  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:28:02.0078 0x0f14  Bonjour Service - ok
22:28:02.0109 0x0f14  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8, DDFCCB3BC9A840ED0D6FC4B46086AD15AAF9D0D9AB8ED3A7B8860A1DA4D33970 ] Browser         C:\WINDOWS\System32\browser.dll
22:28:02.0203 0x0f14  Browser - ok
22:28:02.0234 0x0f14  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:28:02.0328 0x0f14  cbidf2k - ok
22:28:02.0375 0x0f14  [ 5753532C476B83119D85AA43B1B10AB3, 1CF4CA789312B9AB20E00BBFCC20084E6DAA797CE64FAA78B5DEE482D621A289 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
22:28:02.0390 0x0f14  CCALib8 - detected UnsignedFile.Multi.Generic ( 1 )
22:28:07.0296 0x0f14  Detect skipped due to KSN trusted
22:28:07.0296 0x0f14  CCALib8 - ok
22:28:07.0328 0x0f14  [ 6163ED60B684BAB19D3352AB22FC48B2, 5A7ED636D8B2178EA21FA986CC9168DEF258AA4FFB9DCD792A81A1D615AC5D5E ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:28:07.0406 0x0f14  CCDECODE - ok
22:28:07.0406 0x0f14  cd20xrnt - ok
22:28:07.0421 0x0f14  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:28:07.0515 0x0f14  Cdaudio - ok
22:28:07.0515 0x0f14  [ CD7D5152DF32B47F4E36F710B35AAE02, 7382890CC1B27FC66C3E94E064562BBD87B3C75577CB0FD10860B8E2CE07D12E ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:28:07.0593 0x0f14  Cdfs - ok
22:28:07.0625 0x0f14  [ AF9C19B3100FE010496B1A27181FBF72, 64E9E4461F631EED2B2A1FC80DCC9C31DCECB5738289D322E6A6428C840DC621 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:28:07.0703 0x0f14  Cdrom - ok
22:28:07.0718 0x0f14  Changer - ok
22:28:07.0734 0x0f14  [ 3192BD04D032A9C4A85A3278C268A13A, 7844F229916A9BC8670D3CCF80AD674C626EC6DD9D741FF10986E67F6AFD8757 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:28:07.0812 0x0f14  CiSvc - ok
22:28:07.0828 0x0f14  [ C8DEC22C4137D7A90F8BDF41CA4B82AE, 92CE7B388236DBC196C92AE9929433C0F1E045EA5DB86802EF8C6041B56FE81F ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:28:07.0906 0x0f14  ClipSrv - ok
22:28:07.0937 0x0f14  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:28:07.0953 0x0f14  clr_optimization_v2.0.50727_32 - ok
22:28:07.0953 0x0f14  CmdIde - ok
22:28:07.0953 0x0f14  COMSysApp - ok
22:28:07.0953 0x0f14  Cpqarray - ok
22:28:07.0968 0x0f14  [ 10654F9DDCEA9C46CFB77554231BE73B, 4EEAF6523941228FC440E9EA758545E2F2A2DD98565F90B5351EF2C9B82139ED ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:28:08.0062 0x0f14  CryptSvc - ok
22:28:08.0078 0x0f14  [ 5776322F93CDB91086111F5FFBFDA2A0, 3F965C1415E27A5D4F70AB71A42CCA39E74DF6AF258C503E0392A9DAA4CEF044 ] d347bus         C:\WINDOWS\system32\DRIVERS\d347bus.sys
22:28:08.0109 0x0f14  d347bus - detected UnsignedFile.Multi.Generic ( 1 )
22:28:15.0265 0x0f14  d347bus ( UnsignedFile.Multi.Generic ) - warning
22:28:15.0265 0x0f14  [ B49F79ACE459763F4E0380071BE9CB45, 4AC5C4C3C7D7739E6309D1C9A89D307AD77376A9E37F7EBC0AA59251548DE2A8 ] d347prt         C:\WINDOWS\system32\Drivers\d347prt.sys
22:28:15.0265 0x0f14  d347prt - detected UnsignedFile.Multi.Generic ( 1 )
22:28:15.0265 0x0f14  d347prt ( UnsignedFile.Multi.Generic ) - warning
22:28:15.0265 0x0f14  dac2w2k - ok
22:28:15.0265 0x0f14  dac960nt - ok
22:28:15.0312 0x0f14  [ CE94A2BD25E3E9F4D46A7373FF455C6D, B6015EF5E9E89A05064BB807CC3DF922185EF79CD11243ED59C882182391955A ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:28:15.0578 0x0f14  DcomLaunch - ok
22:28:15.0625 0x0f14  [ EF545E1A4B043DA4C84E230DD471C55F, AD96922E58E8146F03E719D3A5CAAD677CAF3B7B525599F1B32F01BF72CCAFA4 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:28:15.0875 0x0f14  Dhcp - ok
22:28:15.0890 0x0f14  [ 00CA44E4534865F8A3B64F7C0984BFF0, 3FD73CCD9892F6CFEE776CB384C2E35FA15F4101D308A67E1358F85299501E3D ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:28:15.0984 0x0f14  Disk - ok
22:28:15.0984 0x0f14  dmadmin - ok
22:28:16.0031 0x0f14  [ C0FBB516E06E243F0CF31F597E7EBF7D, 1FC205AC5D8D6BDA176438CEBFAC92CD4DEF50A6C1EBDCBCE2B149FF08D40032 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:28:16.0187 0x0f14  dmboot - ok
22:28:16.0203 0x0f14  [ F5E7B358A732D09F4BCF2824B88B9E28, 97B8317354659EFBA076E20AF20741C9FBC0961723483514E43D7EC6D66186C3 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:28:16.0296 0x0f14  dmio - ok
22:28:16.0328 0x0f14  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:28:16.0921 0x0f14  dmload - ok
22:28:16.0953 0x0f14  [ 1639D9964C9E1B2ECCA95C8217D3E70D, A42E985697E673B89F5BD314BA9FE93A1CD8DDEBC6312AD52E196BFDFFA9E513 ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:28:17.0046 0x0f14  dmserver - ok
22:28:17.0062 0x0f14  [ A6F881284AC1150E37D9AE47FF601267, 6C07654CF21637E527FC727EB50F4138BF0EFF0680000AC94001063B436389DB ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:28:17.0140 0x0f14  DMusic - ok
22:28:17.0171 0x0f14  [ AAC8FFBFD61E784FA3BAC851D4A0BD5F, F811288AC18DB28D9577EA9B40810DE000FC28EF234D1A790DD0578E0D565EBC ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:28:17.0421 0x0f14  Dnscache - ok
22:28:17.0421 0x0f14  dpti2o - ok
22:28:17.0453 0x0f14  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E, B941AB5D9D504486083E0D1539B1A96E27721C9EFD7A67CA1DB7258B0D33AB78 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:28:17.0531 0x0f14  drmkaud - ok
22:28:17.0562 0x0f14  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A, 305F39E4D18DC079E48578C31AE87BA1D0D781A2613BD5DA4689AC6F2794D326 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:28:17.0640 0x0f14  ERSvc - ok
22:28:17.0656 0x0f14  [ C6CE6EEC82F187615D1002BB3BB50ED4, CEA9C880328205AE3376EB8B005412CB0F8FCE52A71C6F0651EF5F9C193F6E3F ] Eventlog        C:\WINDOWS\system32\services.exe
22:28:17.0734 0x0f14  Eventlog - ok
22:28:17.0765 0x0f14  [ 60D1A6342238378BFB7545C81EE3606C, 40186F096F2AC3E5E12D0B8713A08E449D5F23DCD1C0EEFC3FA82002CA1B030F ] EventSystem     C:\WINDOWS\System32\es.dll
22:28:17.0796 0x0f14  EventSystem - ok
22:28:17.0812 0x0f14  [ 3117F595E9615E04F05A54FC15A03B20, 4708E8F1CDE6E9663B5DBEBAB8C684B16E45D41AEF20E4071D0A2931B305BD76 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:28:17.0890 0x0f14  Fastfat - ok
22:28:17.0906 0x0f14  [ 6815DEF9B810AEFAC107EEAF72DA6F82, 0132004894326B54D1B8AD2C31FB8BDE45EA66DB9962C0CE1207941A13630896 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:28:18.0156 0x0f14  FastUserSwitchingCompatibility - ok
22:28:18.0171 0x0f14  [ CED2E8396A8838E59D8FD529C680E02C, 8542AE6A2D65D3F843EA70F5FFBC150B773C5CFA3FE6388FA68A95416FAD0F6E ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
22:28:18.0250 0x0f14  Fdc - ok
22:28:18.0281 0x0f14  [ E153AB8A11DE5452BCF5AC7652DBF3ED, AEB48687C604B0CDE5F1A13C2EC854CFFBE1CE0837C3898D6D4C6B71265D0ED0 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:28:18.0343 0x0f14  Fips - ok
22:28:18.0359 0x0f14  [ 0DD1DE43115B93F4D85E889D7A86F548, D50F7AAE5416C6D41845960BDDA24E97226F609AA726E4F88601ADC9ED50E872 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:28:18.0437 0x0f14  Flpydisk - ok
22:28:18.0468 0x0f14  [ 3D234FB6D6EE875EB009864A299BEA29, 9FEB003BDE7900AECDE9F9FFE0ECD7079B460714B582B7EB8EDB89E7F4D1FE59 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:28:18.0718 0x0f14  FltMgr - ok
22:28:18.0765 0x0f14  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:28:18.0781 0x0f14  FontCache3.0.0.0 - ok
22:28:18.0812 0x0f14  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:28:18.0890 0x0f14  Fs_Rec - ok
22:28:18.0906 0x0f14  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:28:19.0000 0x0f14  Ftdisk - ok
22:28:19.0031 0x0f14  [ 25F4F7375DE72BEE00B5A19152B03162, 26B194709889E8BBC17B380A7D87FBFC568FCAB759D0A727DA4AD933E8996876 ] FXNADB          C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
22:28:19.0046 0x0f14  FXNADB - detected UnsignedFile.Multi.Generic ( 1 )
22:28:19.0046 0x0f14  FXNADB ( UnsignedFile.Multi.Generic ) - warning
22:28:19.0046 0x0f14  Force sending object to P2P due to detect: FXNADB
22:28:19.0046 0x0f14  Object send P2P result: false
22:28:19.0062 0x0f14  [ C0F1D4A21DE5A415DF8170616703DEBF, 3E21AAD06CF6EB95662B568671B1DBD129CED481761BCDB67088E965E5C0BC5B ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:28:19.0140 0x0f14  Gpc - ok
22:28:19.0203 0x0f14  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:28:19.0218 0x0f14  gupdate - ok
22:28:19.0218 0x0f14  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:28:19.0250 0x0f14  gupdatem - ok
22:28:19.0265 0x0f14  [ 3FCC124B6E08EE0E9351F717DD136939, EBFE0FB51E14570A1A1D64C8E5383F3FF28509361D13945B79A9C551EB522012 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:28:19.0312 0x0f14  HDAudBus - ok
22:28:19.0359 0x0f14  [ 8827911A8C37E40C027CBFC88E69D967, ED381F089E6143896B890BD5450FFFB271FC68983412376F54869A93F9D7DA9D ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:28:19.0437 0x0f14  helpsvc - ok
22:28:19.0453 0x0f14  [ 9376E6893E52B368ABC6255BF54F0B28, D3E6B03145988BC80A1F62E5E312BB060E062118B12D30F27C8A432D30962E58 ] HidServ         C:\WINDOWS\System32\hidserv.dll
22:28:19.0531 0x0f14  HidServ - ok
22:28:19.0562 0x0f14  [ 1DE6783B918F540149AA69943BDFEBA8, 6ED28109CA0A7738857D840E369EAB91C1605F2643950762D327CCE241C135A1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:28:19.0656 0x0f14  hidusb - ok
22:28:19.0656 0x0f14  hpn - ok
22:28:19.0656 0x0f14  HTCAND32 - ok
22:28:19.0703 0x0f14  [ CB77BB47E67E84DEB17BA29632501730, C31841DF59E56C7B5DE7C98C7E98836CB81089165F55D3E44D5CE8072CA09CB1 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:28:19.0937 0x0f14  HTTP - ok
22:28:19.0968 0x0f14  [ 064D8581ADF77C25133E7D751D917D83, E8623C32E48D3E7A0179C8333C14D8A051C9F7300D0F465E94184F1C75E13A0F ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:28:20.0062 0x0f14  HTTPFilter - ok
22:28:20.0062 0x0f14  i2omgmt - ok
22:28:20.0062 0x0f14  i2omp - ok
22:28:20.0093 0x0f14  [ 5502B58EEF7486EE6F93F3F164DCB808, 7E56E49D6444F2F48037B859B491DF95E1C90EC7ED4EF9C477CD2C49783E62E0 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:28:20.0156 0x0f14  i8042prt - ok
22:28:20.0218 0x0f14  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:28:20.0296 0x0f14  idsvc - ok
22:28:20.0312 0x0f14  [ F8AA320C6A0409C0380E5D8A99D76EC6, A848B9C489DDFBD48BDA140CB9DD43097686115042745F6444F803739168D391 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:28:20.0390 0x0f14  Imapi - ok
22:28:20.0437 0x0f14  [ FA788520BCAC0F5D9D5CDE5615C0D931, 7C70D1875B302CABC809627212E33CDD56F12B169EA548F1C94ECF2D14236514 ] ImapiService    C:\WINDOWS\System32\imapi.exe
22:28:20.0515 0x0f14  ImapiService - ok
22:28:20.0515 0x0f14  ini910u - ok
22:28:20.0687 0x0f14  [ 7C09D605FCAE64E3CB11EBF90FB1E3A1, 890F0B859957C718DA368F97516F9655E36C161C148CC18F22F4CC2872EF6822 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:28:20.0953 0x0f14  IntcAzAudAddService - ok
22:28:20.0968 0x0f14  IntelIde - ok
22:28:21.0000 0x0f14  [ 279FB78702454DFF2BB445F238C048D2, 51A559AD7C9CAA8BD60D4E167E850B978083FAE9C5632E47D13B1092B56FD0BA ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:28:21.0078 0x0f14  intelppm - ok
22:28:21.0093 0x0f14  [ 4448006B6BC60E6C027932CFC38D6855, C377235EBE475C281ACB6A3267F12D8FE623433F05134A6CE50562414F94D7B1 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
22:28:21.0187 0x0f14  ip6fw - ok
22:28:21.0203 0x0f14  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:28:21.0281 0x0f14  IpFilterDriver - ok
22:28:21.0296 0x0f14  [ E1EC7F5DA720B640CD8FB8424F1B14BB, E5CF9F43D8C8028E8F29CAF8AD1E2179E5B02DCAA430900672FCB4C4EE288EF0 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:28:21.0375 0x0f14  IpInIp - ok
22:28:21.0406 0x0f14  [ E2168CBC7098FFE963C6F23F472A3593, 93B60D02ACBDDCE78BD4020B9CE0C132A8DD28FC2266B2748A22717B93AFF7C9 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:28:21.0671 0x0f14  IpNat - ok
22:28:21.0703 0x0f14  [ 64537AA5C003A6AFEEE1DF819062D0D1, 5A6C11317DEF14B8C34A8C669EB75F7A8D46F05090C43D3DFF602CFA13CC504E ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:28:21.0781 0x0f14  IPSec - ok
22:28:21.0796 0x0f14  [ 50708DAA1B1CBB7D6AC1CF8F56A24410, A5657038A66B83472B456246E58884D5DF2E5B63BD176AE3DFFB6D5B6998E8B7 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:28:21.0859 0x0f14  IRENUM - ok
22:28:21.0890 0x0f14  [ E504F706CCB699C2596E9A3DA1596E87, 80675B90DEFA75A58CB83FB88ED9CB849FE5CE2522A90F4AF08D54DC5B412541 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:28:21.0968 0x0f14  isapnp - ok
22:28:22.0062 0x0f14  [ 9ECF00E19736054E019C532AED8228FC, F5A64A8269EA3655BBD4850298F335C0BD30535258928ED7CE62A32A3363E60B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:28:22.0062 0x0f14  JavaQuickStarterService - ok
22:28:22.0078 0x0f14  [ EBDEE8A2EE5393890A1ACEE971C4C246, ACC57A7BACAB100FB2903451D2A48BFE936E3B8F9B13882C1D2DFF9D19BD1D34 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:28:22.0156 0x0f14  Kbdclass - ok
22:28:22.0171 0x0f14  [ E182FA8E49E8EE41B4ADC53093F3C7E6, 2E713992C9B40F6010373A2FFF6DBCC8723BB328DE6875793C46072D8323E9BB ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:28:22.0250 0x0f14  kbdhid - ok
22:28:22.0296 0x0f14  [ BA5DEDA4D934E6288C2F66CAF58D2562, 2250B75EEAD92CA56A1F8BB3F6523F9A5625676E38845A4DE0BFECE5EA17DBFA ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:28:22.0546 0x0f14  kmixer - ok
22:28:22.0578 0x0f14  [ EB7FFE87FD367EA8FCA0506F74A87FBB, 5D318CD7DB88473A6FFB74939FF62EB8DD0E6C79847844212D7168095F635531 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:28:22.0656 0x0f14  KSecDD - ok
22:28:22.0671 0x0f14  [ 0CB3AF149A0BAC0836022CA307C7A0F8, FCA50F229A9A2D120A260620AF454E1808246E45EC249582298D669BCED50B3E ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:28:22.0937 0x0f14  lanmanserver - ok
22:28:22.0968 0x0f14  [ 3CD291A2C4909088B3D1E98DED73D4B2, 6F794EE00AF694BE391417A768714D60868D52212046CE18FEF3CD78516E5AF0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:28:23.0250 0x0f14  lanmanworkstation - ok
22:28:23.0250 0x0f14  lbrtfdc - ok
22:28:23.0281 0x0f14  [ 170E7093A77AD586F3A012A3DB651D94, 43A7C3BFBEC8FB255AB2B77C2A9705777EF6607F6BF0E8F2664766116EAAD536 ] LGBusEnum       C:\WINDOWS\system32\drivers\LGBusEnum.sys
22:28:23.0281 0x0f14  LGBusEnum - ok
22:28:23.0312 0x0f14  [ 88EAE5A54D33614E32FA006B774E848C, 5FCC74692A7CE38B3689887F7778D82FC419B12D387F9AC1C7865A56DC4C3683 ] LGSHidFilt      C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys
22:28:23.0328 0x0f14  LGSHidFilt - ok
22:28:23.0359 0x0f14  [ D2DD04D1C8DF65EECD1F2C7FB947D43E, 980FCE188FCB57C8F210A4905D345D2D6D32545EFE673BE51B3D3AE18084243B ] LGVirHid        C:\WINDOWS\system32\drivers\LGVirHid.sys
22:28:23.0359 0x0f14  LGVirHid - ok
22:28:23.0406 0x0f14  [ 575ED0F5DCB34E5C243D2A7EBC860484, 949F889F5AD822FAB7E3B306BCC64F6218BF68053284FA5E35FBEB7F4E8363D0 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:28:23.0421 0x0f14  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
22:28:23.0421 0x0f14  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:28:23.0421 0x0f14  Force sending object to P2P due to detect: LightScribeService
22:28:23.0421 0x0f14  Object send P2P result: false
22:28:23.0453 0x0f14  [ B3EFF6D938C572E90A07B3D87A3C7657, 8C02DEFD2F1A15740CD5421D20B3808BD27583019AF1B79D087880A71807EEE1 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:28:23.0531 0x0f14  LmHosts - ok
22:28:23.0562 0x0f14  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:28:23.0593 0x0f14  MDM - ok
22:28:23.0625 0x0f14  [ 95FD808E4AC22ABA025A7B3EAC0375D2, 4A067A8B7C539A0C2BFAC55A1869EF56FED835C28F5F7DD7D7BA65A5B273CF5F ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:28:23.0703 0x0f14  Messenger - ok
22:28:23.0734 0x0f14  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:28:23.0796 0x0f14  mnmdd - ok
22:28:23.0828 0x0f14  [ F6415361201915B9FE3896B0E4E724FF, C99C1EE0EABF8847BD4F737D72DB3EE5A57D773F008EC6596E83DAE48474F3F2 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
22:28:23.0906 0x0f14  mnmsrvc - ok
22:28:23.0921 0x0f14  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05, BF2C49E4D4C2D2E865B1C59FFE76BF29146ADD971D845FBD659A96AA26D72A11 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:28:24.0000 0x0f14  Modem - ok
22:28:24.0031 0x0f14  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:28:24.0109 0x0f14  MODEMCSA - ok
22:28:24.0109 0x0f14  [ 34E1F0031153E491910E12551400192C, D608F77DB7035FD676773A3DF8DBC5DD52CC5198D0681A73D7EAA6C161047A90 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:28:24.0187 0x0f14  Mouclass - ok
22:28:24.0187 0x0f14  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:28:24.0265 0x0f14  mouhid - ok
22:28:24.0296 0x0f14  [ 65653F3B4477F3C63E68A9659F85EE2E, 32A34B22A4C1F50A966F321FD228C6B85F0F0315ABF3D40FC416618E786A4024 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:28:24.0359 0x0f14  MountMgr - ok
22:28:24.0406 0x0f14  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:28:24.0406 0x0f14  MozillaMaintenance - ok
22:28:24.0437 0x0f14  [ F0ABB647D426CF078EC57855E209E23A, 440199EE75C573E7E7E007F860B3FEA6077AC27739E8DD9C9A9620A2B177A09D ] mp3m2pls        C:\WINDOWS\system32\drivers\mp3m2pls.sys
22:28:24.0453 0x0f14  mp3m2pls - detected UnsignedFile.Multi.Generic ( 1 )
22:28:24.0453 0x0f14  mp3m2pls ( UnsignedFile.Multi.Generic ) - warning
22:28:24.0468 0x0f14  [ 55A9A7E6BB297BF0F5B144029DCB79CC, FF8858287EB6154529AA852415BB0397E8497199193AB72FFFAE1A0A907261DC ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
22:28:24.0546 0x0f14  MPE - ok
22:28:24.0546 0x0f14  mraid35x - ok
22:28:24.0578 0x0f14  [ 29414447EB5BDE2F8397DC965DBB3156, 351D359CC6C1C35522BB55B7CAC6C881B25FD6A0E057A8D7F84EE5A193029A23 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:28:24.0843 0x0f14  MRxDAV - ok
22:28:24.0875 0x0f14  [ 025AF03CE51645C62F3B6907A7E2BE5E, ADF050F9CBF26449BC8F214B8956AA3B42119BCC0D4182A743F82220C47628BF ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:28:25.0156 0x0f14  MRxSmb - ok
22:28:25.0187 0x0f14  [ C7C3D89EB0A6F3DBA622EA737FA335B1, 4392887A5F312DBD0971E1D72B85B3CA5636D7FB3A409E5A99CA925BD05493E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:28:25.0250 0x0f14  MSDTC - ok
22:28:25.0281 0x0f14  [ 6DD721DFD2648F3F6D5808B5BA6CB095, 477F2B9A83457BA7C891D74A7E6FEE8971B0EBFC5E6B4C20EFB5D0E21E6CBCA1 ] MSDV            C:\WINDOWS\system32\DRIVERS\msdv.sys
22:28:25.0359 0x0f14  MSDV - ok
22:28:25.0359 0x0f14  [ 561B3A4333CA2DBDBA28B5B956822519, 5B53906A29B9AA55A399F880CA989F9878BD943D3E97FB10A25BFD723654AF49 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:28:25.0437 0x0f14  Msfs - ok
22:28:25.0437 0x0f14  MSIServer - ok
22:28:25.0453 0x0f14  [ AE431A8DD3C1D0D0610CDBAC16057AD0, 8B3BCAC3DA71778DC8B863E6DEF10F02F65D1BDD3381802DDC0B2980F4F1FBB9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:28:25.0531 0x0f14  MSKSSRV - ok
22:28:25.0546 0x0f14  [ 13E75FEF9DFEB08EEDED9D0246E1F448, 69D4CF483753FF253431656E1CB680F6702375696F94E259729BD11C25004031 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:28:25.0609 0x0f14  MSPCLOCK - ok
22:28:25.0625 0x0f14  [ 1988A33FF19242576C3D0EF9CE785DA7, 9E1C07F364DA7EF0D859BB7A3A06F849A153722E27E872640120CC6855D9FC51 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:28:25.0703 0x0f14  MSPQM - ok
22:28:25.0703 0x0f14  [ 469541F8BFD2B32659D5D463A6714BCE, 46AA7D2442DCC4C51C08BA0C00136F058F9160E6D6EDE78B2FD82545AE4FD10B ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:28:25.0781 0x0f14  mssmbios - ok
22:28:25.0796 0x0f14  [ BF13612142995096AB084F2DB7F40F77, E23FA89B54772A33A0A92A0701F02CB9683823FCA5CC192235378E1433FB21CF ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:28:25.0890 0x0f14  MSTEE - ok
22:28:25.0906 0x0f14  [ 82035E0F41C2DD05AE41D27FE6CF7DE1, 6111D330E7ACB77E23EA6A9E001FC651DE1DC49D772DC6FDD3C4B8EDA57E1C7A ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:28:25.0984 0x0f14  Mup - ok
22:28:26.0000 0x0f14  [ 5C8DC6429C43DC6177C1FA5B76290D1A, BBD145E87D4CF25A873CAE89DF29DF297187B604D42CD36AD8D3F62A033D906E ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:28:26.0093 0x0f14  NABTSFEC - ok
22:28:26.0109 0x0f14  [ 558635D3AF1C7546D26067D5D9B6959E, 8C1802908DF35E442575969D29F4B22019A2B3E4C309B8E193F98F75AE81F013 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:28:26.0187 0x0f14  NDIS - ok
22:28:26.0218 0x0f14  [ 520CE427A8B298F54112857BCF6BDE15, 521BFFC460D64CD69D12F8C9D61CEBE409A63F1F1FB928450E4564DA29C0FFEA ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:28:26.0281 0x0f14  NdisIP - ok
22:28:26.0312 0x0f14  [ 08D43BBDACDF23F34D79E44ED35C1B4C, F72CB8FA67C361C40B4C83F08302D7B2FD9178C1C60A7C236AF08B9CB5162591 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:28:26.0406 0x0f14  NdisTapi - ok
22:28:26.0421 0x0f14  [ 34D6CD56409DA9A7ED573E1C90A308BF, DE2060F57C913272524AFB0D472714ABF6F7E49A01534F23D95EE67F207CC6CF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:28:26.0500 0x0f14  Ndisuio - ok
22:28:26.0531 0x0f14  [ 0B90E255A9490166AB368CD55A529893, 90EB17422BF52FE6D0CC6ADA4262D605806C5B583DE04EDEC95FD47EE9697865 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:28:26.0593 0x0f14  NdisWan - ok
22:28:26.0609 0x0f14  [ 59FC3FB44D2669BC144FD87826BB571F, B3C8CEFB09D5C85CBF12AED8CDB1FE455679D3436337263EFDABDC5116D92453 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:28:26.0687 0x0f14  NDProxy - ok
22:28:26.0687 0x0f14  [ 3A2ACA8FC1D7786902CA434998D7CEB4, ECE218DCDCB4D0A5CA8CBD14E931BAA3B5F381B70BBACB65B0EBBB46D2D31683 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:28:26.0765 0x0f14  NetBIOS - ok
22:28:26.0781 0x0f14  [ 0C80E410CD2F47134407EE7DD19CC86B, 2A1D0CE9797F4AB7A24873947A26DD6413B8DBB5A82C24CF28D1FC243AEFC5C8 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:28:26.0859 0x0f14  NetBT - ok
22:28:26.0890 0x0f14  [ 05AFB5AD06462257BEA7495283C86D50, 2D6584D0BFB168E48433EA702E6CABC7CB9B98675D2E99F78D9B84A63D4BD977 ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:28:26.0953 0x0f14  NetDDE - ok
22:28:26.0968 0x0f14  [ 05AFB5AD06462257BEA7495283C86D50, 2D6584D0BFB168E48433EA702E6CABC7CB9B98675D2E99F78D9B84A63D4BD977 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:28:27.0031 0x0f14  NetDDEdsdm - ok
22:28:27.0046 0x0f14  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] Netlogon        C:\WINDOWS\System32\lsass.exe
22:28:27.0125 0x0f14  Netlogon - ok
22:28:27.0171 0x0f14  [ 36739B39267914BA69AD0610A0299732, 04CC0D2F45D4F3A86B2E4F23E1226F182349C98C53508C1F49C8CAC2D223D5A7 ] Netman          C:\WINDOWS\System32\netman.dll
22:28:27.0421 0x0f14  Netman - ok
22:28:27.0484 0x0f14  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:28:27.0500 0x0f14  NetTcpPortSharing - ok
22:28:27.0515 0x0f14  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC, AD1FD07DD9E745C29986C2A25E9EF80B93CBF0F47FCF76741DD6E9CC81C7D241 ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:28:27.0593 0x0f14  NIC1394 - ok
22:28:27.0671 0x0f14  [ 097722F235A1FB698BF9234E01B52637, 994F81F506B081FFB760BA7B95469DE9311DDB00D14F77DA9752C19A9B932289 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:28:27.0703 0x0f14  Nla - ok
22:28:27.0734 0x0f14  [ C3963D85B721A7F80D8A55F4E2867A3A, 7CD46740B9CBDE10114EEA1560486E7A3ECC7A800DB8DDB58F040C300E3F79A2 ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
22:28:27.0875 0x0f14  nmwcd - ok
22:28:27.0906 0x0f14  [ 3859C69A77793180548802DAC9F34A38, E5DC21430E2D2E16BB9059D8088E1E6A0966B3F71DFB82FEA39F70B43467D587 ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:28:27.0953 0x0f14  nmwcdc - ok
22:28:27.0984 0x0f14  [ 338F83EE9CB9E15EEACF0CBB90218CBF, 76A80B3C48DA7B6C4F42480877FB2A9452F82FF1DC9F66DECB5AB380E5B2F987 ] nmwcdnsu        C:\WINDOWS\system32\drivers\nmwcdnsu.sys
22:28:28.0031 0x0f14  nmwcdnsu - ok
22:28:28.0062 0x0f14  [ D15BAC979144FB69ED28F97B2DD84D48, BB8794A1433557C4EDBB8744D7FAE16DD809D2D9839708600940F0D54BC8FFF9 ] nmwcdnsuc       C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
22:28:28.0109 0x0f14  nmwcdnsuc - ok
22:28:28.0140 0x0f14  [ 4F601BCB8F64EA3AC0994F98FED03F8E, D9D6783B970CB871DE0C6EDD8BE42F30CD1DCD55D4DF006922D9CFC0CF020D27 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:28:28.0218 0x0f14  Npfs - ok
22:28:28.0265 0x0f14  [ 19A811EF5F1ED5C926A028CE107FF1AF, 97606850041DE4E568188FB28AA3D5B10A4E96DB9551A77BC3A17ED67D5D4474 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:28:28.0593 0x0f14  Ntfs - ok
22:28:28.0593 0x0f14  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
22:28:28.0671 0x0f14  NtLmSsp - ok
22:28:28.0703 0x0f14  [ B62F29C00AC55A761B2E45877D85EA0F, 8B4B96BDBE26D73F89CC51876929515C1AEA18A8E9CA4E76FAEF538D9E5BDA90 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:28:28.0812 0x0f14  NtmsSvc - ok
22:28:28.0828 0x0f14  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:28:28.0906 0x0f14  Null - ok
22:28:29.0062 0x0f14  [ 29B9163A6D9C486DCAEFED190130ACB0, ABF7EB0A73AD28AFE37D6F0C5B865FC802440EE9D0E2AD42547177682B35B0AE ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:28:29.0265 0x0f14  nv - ok
22:28:29.0296 0x0f14  [ AA78C4677E06CFD4FE048718EE7F6332, FF93BA1341FFD9CEC7C4CD2DC5D165256FF00681A6FF09969F65390083AA5D1A ] NVSvc           C:\WINDOWS\System32\nvsvc32.exe
22:28:29.0296 0x0f14  NVSvc - ok
22:28:29.0343 0x0f14  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:28:29.0421 0x0f14  NwlnkFlt - ok
22:28:29.0421 0x0f14  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:28:29.0531 0x0f14  NwlnkFwd - ok
22:28:29.0562 0x0f14  [ 0951DB8E5823EA366B0E408D71E1BA2A, EAF0E680BC476D8CEBAD0C21F2EDB958F333B731E8B131DA450D716FEC2C87B0 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:28:29.0656 0x0f14  ohci1394 - ok
22:28:29.0687 0x0f14  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:28:29.0687 0x0f14  ose - ok
22:28:29.0718 0x0f14  [ 29744EB4CE659DFE3B4122DEB45BC478, 5F7B63152CDAA031ACB77E793BB7E8210472D6D1EED911F3A0BD70455FC282FC ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
22:28:29.0796 0x0f14  Parport - ok
22:28:29.0828 0x0f14  [ 3334430C29DC338092F79C38EF7B4CD0, B54989B46D77F124D66741A939FF2033F73854FC39AF13C8165D01203A94A94E ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:28:29.0906 0x0f14  PartMgr - ok
22:28:29.0921 0x0f14  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:28:30.0015 0x0f14  ParVdm - ok
22:28:30.0031 0x0f14  [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:28:30.0046 0x0f14  pccsmcfd - ok
22:28:30.0062 0x0f14  [ 8086D9979234B603AD5BC2F5D890B234, 4FCB98D3B6F95B6979B255287480943C1F87A12ECB30D446294C1E84B6DFE620 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:28:30.0140 0x0f14  PCI - ok
22:28:30.0140 0x0f14  PCIDump - ok
22:28:30.0171 0x0f14  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:28:30.0265 0x0f14  PCIIde - ok
22:28:30.0281 0x0f14  [ 82A087207DECEC8456FBE8537947D579, 92305DC8BC1CA3BD93A8D996AAA7433E816931B17D5BDFAC06C7251F2759D023 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
22:28:30.0375 0x0f14  Pcmcia - ok
22:28:30.0375 0x0f14  PDCOMP - ok
22:28:30.0375 0x0f14  PDFRAME - ok
22:28:30.0375 0x0f14  PDRELI - ok
22:28:30.0375 0x0f14  PDRFRAME - ok
22:28:30.0390 0x0f14  perc2 - ok
22:28:30.0390 0x0f14  perc2hib - ok
22:28:30.0406 0x0f14  [ C6CE6EEC82F187615D1002BB3BB50ED4, CEA9C880328205AE3376EB8B005412CB0F8FCE52A71C6F0651EF5F9C193F6E3F ] PlugPlay        C:\WINDOWS\system32\services.exe
22:28:30.0484 0x0f14  PlugPlay - ok
22:28:30.0500 0x0f14  [ 3B6973D60BDE757C53BB76842D31318E, F4D0F0075DA119F4B2719F7F4F5D9863DB64440A559DC5279992C3D6E507185F ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
22:28:30.0515 0x0f14  Point32 - ok
22:28:30.0531 0x0f14  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
22:28:30.0593 0x0f14  PolicyAgent - ok
22:28:30.0593 0x0f14  [ 1C5CC65AAC0783C344F16353E60B72AC, 7786CFE970A79B327DB57AEBADA8B0B94B4DE07CE8AF285E9835B2AADD597296 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:28:30.0687 0x0f14  PptpMiniport - ok
22:28:30.0687 0x0f14  [ 0D97D88720A4087EC93AF7DBB303B30A, AC850DBE425257E2881E9E5B2C60801C7DE0059C093F0FF07EC4D64F933B6B8B ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
22:28:30.0765 0x0f14  Processor - ok
22:28:30.0765 0x0f14  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:28:30.0828 0x0f14  ProtectedStorage - ok
22:28:30.0843 0x0f14  [ 48671F327553DCF1D27F6197F622A668, CB34A17BC36E8F8BB5F87F9EE21311C50DE9AE156513D682581DE47C93EC155D ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:28:30.0937 0x0f14  PSched - ok
22:28:30.0953 0x0f14  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:28:31.0031 0x0f14  Ptilink - ok
22:28:31.0046 0x0f14  [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:28:31.0062 0x0f14  PxHelp20 - ok
22:28:31.0062 0x0f14  ql1080 - ok
22:28:31.0062 0x0f14  Ql10wnt - ok
22:28:31.0078 0x0f14  ql12160 - ok
22:28:31.0078 0x0f14  ql1240 - ok
22:28:31.0078 0x0f14  ql1280 - ok
22:28:31.0093 0x0f14  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:28:31.0171 0x0f14  RasAcd - ok
22:28:31.0187 0x0f14  [ 44DB7A9BDD2FB58747D123FBF1D35ADB, 1546B32AE19015213236031E82BF5C44ACF4C1B5F9E379908A1B413C6CA65755 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:28:31.0265 0x0f14  RasAuto - ok
22:28:31.0281 0x0f14  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C, F59974A2A3C21071BC72CA4DAF5D2DDF93471EC16FD1A34DE9DC1A50027F6835 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:28:31.0359 0x0f14  Rasl2tp - ok
22:28:31.0390 0x0f14  [ 49B5EED5FB89D39456A2F616CCD8BA5D, F09D6EE04BC0AB3B5BA76CAE64CE6B5E845006F912E0CBF1359900700F5C1146 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:28:31.0671 0x0f14  RasMan - ok
22:28:31.0687 0x0f14  [ 7306EEED8895454CBED4669BE9F79FAA, DC6874ECAD9105BC9EAB007291958911D7D4D3649124472070B3496B36C45200 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:28:31.0765 0x0f14  RasPppoe - ok
22:28:31.0781 0x0f14  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:28:31.0875 0x0f14  Raspti - ok
22:28:31.0906 0x0f14  [ 03B965B1CA47F6EF60EB5E51CB50E0AF, 56B0F5FC470385F2FF4E4573099C96772EDB985398859B9F7ACE0AA704BB47B7 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:28:32.0218 0x0f14  Rdbss - ok
22:28:32.0218 0x0f14  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:28:32.0312 0x0f14  RDPCDD - ok
22:28:32.0343 0x0f14  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD, 586900D30F44E132AC75520EFF4FF615AA46283F1F050AC93FF9C235AC0F1D75 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:28:32.0421 0x0f14  rdpdr - ok
22:28:32.0453 0x0f14  [ B54CD38A9EBFBF2B3561426E3FE26F62, 2BE75A68C598A2E162F09BCBA140909B9480A7E06A733B5D58673A172CAD8084 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:28:32.0750 0x0f14  RDPWD - ok
22:28:32.0765 0x0f14  [ 729798E0933076B8FCFCD9934698F164, 87CCF85E6C7F9AB9A5EB97BD9D2BE97429CB178B35FCA17CB1C9B58A0475D726 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:28:32.0859 0x0f14  RDSessMgr - ok
22:28:32.0859 0x0f14  [ B31B4588E4086D8D84ADBF9845C2402B, 0B45979623B0AC774A9426C428954E7FB604FAE0DB187C402AF6052906F4099A ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:28:32.0937 0x0f14  redbook - ok
22:28:32.0968 0x0f14  [ 3046DB917E3CFA040632799DD9B14865, 90FE0C8C887A718BAEA77B1CFE1F6EEB2595F520A0B3DE0A50B4DE2E1D99CCF4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:28:33.0062 0x0f14  RemoteAccess - ok
22:28:33.0093 0x0f14  [ 3151427DB7D87107D1C5BE58FAC53960, 11988626648B2E416A07A8FF7D96BD8F20B150CC24CE9AB139F45A1DDE1D2225 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:28:33.0171 0x0f14  RemoteRegistry - ok
22:28:33.0218 0x0f14  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
22:28:33.0312 0x0f14  ROOTMODEM - ok
22:28:33.0328 0x0f14  [ 793F04A09B15E7C6C11DBDFFAF06C0AB, D108DF4DC61300926F360E4D3B2F75DBEF3D3CB9D4C15260232047ED6FB1BFC7 ] RpcLocator      C:\WINDOWS\System32\locator.exe
22:28:33.0390 0x0f14  RpcLocator - ok
22:28:33.0421 0x0f14  [ CE94A2BD25E3E9F4D46A7373FF455C6D, B6015EF5E9E89A05064BB807CC3DF922185EF79CD11243ED59C882182391955A ] RpcSs           C:\WINDOWS\system32\rpcss.dll
22:28:33.0703 0x0f14  RpcSs - ok
22:28:33.0734 0x0f14  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
22:28:33.0812 0x0f14  RSVP - ok
22:28:33.0843 0x0f14  [ D6E1B1BD04FAD422AF17FC4B810CB9AF, 01BAC90D1EF43E945EAEDB2EBF752E7F4B20BDA2EE511B612D23F598FE98370B ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:28:33.0859 0x0f14  RTL8023xp - ok
22:28:33.0859 0x0f14  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] SamSs           C:\WINDOWS\system32\lsass.exe
22:28:33.0921 0x0f14  SamSs - ok
22:28:33.0953 0x0f14  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:28:33.0953 0x0f14  SASDIFSV - ok
22:28:33.0968 0x0f14  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:28:33.0984 0x0f14  SASKUTIL - ok
22:28:34.0000 0x0f14  [ 25D8DE134DF108E3DBC8D7D23B1AA58E, BF4C48E75D696546AB69E205F5492553001C9A92127D824F7F9BFCFE0F1C1093 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:28:34.0078 0x0f14  SCardSvr - ok
22:28:34.0109 0x0f14  [ E7DAF42E58F66C1539A68EF462F64027, 3C9D2CA2A8350D039EF18E27B02BE6A3C58B3EBCF71526B504CCE9D28AB9DEE3 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
22:28:34.0140 0x0f14  SCDEmu - detected UnsignedFile.Multi.Generic ( 1 )
22:28:34.0140 0x0f14  SCDEmu ( UnsignedFile.Multi.Generic ) - warning
22:28:34.0140 0x0f14  Force sending object to P2P due to detect: SCDEmu
22:28:34.0140 0x0f14  Object send P2P result: false
22:28:34.0156 0x0f14  [ 92360854316611F6CC471612213C3D92, A45DC437FA0DEC1DB540DC889A2469E8C3C4360F2F41FE60BFA3F78462507959 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:28:34.0250 0x0f14  Schedule - ok
22:28:34.0265 0x0f14  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:28:34.0562 0x0f14  Secdrv - ok
22:28:34.0578 0x0f14  [ B1E0CE09895376871746F36DC5773B4F, 686458ED5D4C72AAF2F45B4FCBB44BFA0D84DFE93B5E01ECCBEAD33CBAC52BD5 ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:28:34.0656 0x0f14  seclogon - ok
22:28:34.0671 0x0f14  [ DFD9870CF39C791D86C4C209DA9FA919, 336A0525630149EF160AE8346AF6BEE2FAA0289629FA052ADAF887B5B84A918D ] SENS            C:\WINDOWS\system32\sens.dll
22:28:34.0750 0x0f14  SENS - ok
22:28:34.0765 0x0f14  [ A2D868AEEFF612E70E213C451A70CAFB, 25CBB9E26CDCBD8E221ACF4364E82E8F811C3144E0EEF9DF9DAEC8534243BD3B ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
22:28:34.0828 0x0f14  serenum - ok
22:28:34.0843 0x0f14  [ CD9404D115A00D249F70A371B46D5A26, D9FC869FA9A6B9574A1FCE70E7B919D8F79E02B28967E49F6DEF83A84520ECDF ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
22:28:34.0906 0x0f14  Serial - ok
22:28:34.0968 0x0f14  [ 60E90CA3BD676CBAA435FE2BFE93D90A, 29160AE6580EE6601ED5B1BD2DA0D000C5C32BB979D59FB0224BF002C4962F5B ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:28:35.0000 0x0f14  ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
22:28:35.0000 0x0f14  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:28:35.0046 0x0f14  [ 0D13B6DF6E9E101013A7AFB0CE629FE0, 2214EA0F16BB33970E299CE457EB50AEE0BEF7959BC1EBD3C06C78A46B42B808 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:28:35.0125 0x0f14  Sfloppy - ok
22:28:35.0156 0x0f14  [ 36CC8C01B5E50163037BEF56CB96DEFF, F8D3CC92E97E8C97A0F88850D6D96CFA02A69940208834F413A8FCB71241F552 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:28:35.0265 0x0f14  SharedAccess - ok
22:28:35.0281 0x0f14  [ 6815DEF9B810AEFAC107EEAF72DA6F82, 0132004894326B54D1B8AD2C31FB8BDE45EA66DB9962C0CE1207941A13630896 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:28:35.0562 0x0f14  ShellHWDetection - ok
22:28:35.0562 0x0f14  Simbad - ok
22:28:35.0593 0x0f14  [ E0211E7E0D9CF5672174014BC6524E79, AAA1C138956D53AA6C21CBCC0C8D19C5654BCC9A06C7D35A2E13AA4E95F415DB ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:28:35.0609 0x0f14  SkypeUpdate - ok
22:28:35.0625 0x0f14  [ 5CAEED86821FA2C6139E32E9E05CCDC9, 63F91C95FD2914DAEC648A6EAF75EE5E18EAA7754F5A03A57D693AC49C66479E ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:28:35.0703 0x0f14  SLIP - ok
22:28:35.0750 0x0f14  [ 2D97B7CC3F118620A704C5DA138CA120, 8489B130851CB59F2C177245FD2336D1E86C17E58AFC8EC74160A856E00AB517 ] smserial        C:\WINDOWS\system32\DRIVERS\smserial.sys
22:28:35.0843 0x0f14  smserial - ok
22:28:35.0843 0x0f14  Sparrow - ok
22:28:35.0859 0x0f14  [ 0CE218578FFF5F4F7E4201539C45C78F, 2C87C8993C3B9CE3589262E178B2B12FF9F2D83E5E8C2B97648D7FA24E3BD985 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:28:36.0234 0x0f14  splitter - ok
22:28:36.0265 0x0f14  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F, 521257429493F31516EDE549869EFA4B7A262F6A69EA1E82A9C875456C10E702 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
22:28:36.0562 0x0f14  Spooler - ok
22:28:36.0578 0x0f14  [ E41B6D037D6CD08461470AF04500DC24, 9556C669E69B1B290865FCAABD5D793B310C071B64FD3DF9FCFADC3716BDC926 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:28:36.0656 0x0f14  sr - ok
22:28:36.0718 0x0f14  [ B567EC75557C32AEF47888C0D5FA78E5, 34E8563EF69DEF418340E86F3C06E3908D1CF3AF899AD5130D1CFE1DFDBA1B5F ] srescan         C:\WINDOWS\system32\ZoneLabs\srescan.sys
22:28:36.0718 0x0f14  srescan - ok
22:28:36.0750 0x0f14  [ 92BDF74F12D6CBEC43C94D4B7F804838, C1BFE7F498F4A9992FEA459CE7EEF7525AE51A7E04C76D676819A61615A4A92E ] srservice       C:\WINDOWS\System32\srsvc.dll
22:28:36.0843 0x0f14  srservice - ok
22:28:36.0906 0x0f14  [ EA554A3FFC3F536FE8320EB38F5E4843, 5D77D05910FD498A3D75FC0247C1F3FB15AFE1470FC59371180B3D55838D49EC ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:28:37.0203 0x0f14  Srv - ok
22:28:37.0234 0x0f14  [ 4B8D61792F7175BED48859CC18CE4E38, 13C50FACC85828F56FF5B29D13B004933352CB581B62B218038B503561531981 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:28:37.0312 0x0f14  SSDPSRV - ok
22:28:37.0343 0x0f14  [ B6763F8534AC547CF1AF98AFDFF2EDC8, 5E199091F10373451623855DD2A4ED625E062545DBAC20DDE80C0E3E3CE271DA ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:28:37.0640 0x0f14  stisvc - ok
22:28:37.0656 0x0f14  [ 284C57DF5DC7ABCA656BC2B96A667AFB, 7E3CAE1911E710B1CC37571AE1B92DC981FCD46E67A3AD3C258672D17781C709 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:28:37.0734 0x0f14  streamip - ok
22:28:37.0750 0x0f14  [ 03C1BAE4766E2450219D20B993D6E046, 0D8E5B141EAA9E2C8D1F8BFD522F57EE8074216A336CBE37FE77B8ADDB791DBE ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:28:37.0828 0x0f14  swenum - ok
22:28:37.0859 0x0f14  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D, EEF6DB9EDD8C273A6595675A7A12B9D440FA4E178BA7C69FB1942D97E291F989 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:28:37.0937 0x0f14  swmidi - ok
22:28:37.0937 0x0f14  SwPrv - ok
22:28:37.0953 0x0f14  symc810 - ok
22:28:37.0953 0x0f14  symc8xx - ok
22:28:37.0953 0x0f14  sym_hi - ok
22:28:37.0953 0x0f14  sym_u3 - ok
22:28:37.0968 0x0f14  [ 650AD082D46BAC0E64C9C0E0928492FD, 6A587A55418A3A7867602D92B99FE393152DED191F27992C4BA909BD268AC43C ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:28:38.0046 0x0f14  sysaudio - ok
22:28:38.0078 0x0f14  [ 8B54AA346D1B1B113FFAA75501B8B1B2, 0DBCAA0FEA212F2274973B1CAD8DB0AD7FC117D8483C9BB78166372907A5B398 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:28:38.0156 0x0f14  SysmonLog - ok
22:28:38.0187 0x0f14  [ FB78839B36025AA286A51289ED28B73E, DA7046522118BFFD596242CA4ADE6B88D6B6A87D30D7F1175C9E9D912162F1B5 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:28:38.0515 0x0f14  TapiSrv - ok
22:28:38.0546 0x0f14  [ 2A5554FC5B1E04E131230E3CE035C3F9, 97CD31598A95BAF227BD4763AE721DCBF2E7BBB951E95F33B56C94C3B1D7CF4A ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:28:38.0640 0x0f14  Tcpip - ok
22:28:38.0656 0x0f14  [ 38D437CF2D98965F239B0ABCD66DCB0F, CC497A25C7AC1FF1E07CEE25FB0C5A5E6C4005C1CB244601FE620884A5C26506 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:28:38.0734 0x0f14  TDPIPE - ok
22:28:38.0750 0x0f14  [ ED0580AF02502D00AD8C4C066B156BE9, 41AA6C88CF48CAF0DA8E374F37E74206E4F558332075304A28983D04E08B3154 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:28:38.0828 0x0f14  TDTCP - ok
22:28:38.0843 0x0f14  [ A540A99C281D933F3D69D55E48727F47, CC430FA0E0F1745E167877003FDCC35FE940AF8CAD05387ECBA880CC3A3F6709 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:28:38.0937 0x0f14  TermDD - ok
22:28:38.0984 0x0f14  [ B60C877D16D9C880B952FDA04ADF16E6, 244D59A555349259D81D4643500E714A053D4A06DF892A8EDCAA0DC5EADFF050 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:28:39.0140 0x0f14  TermService - ok
22:28:39.0156 0x0f14  [ 6815DEF9B810AEFAC107EEAF72DA6F82, 0132004894326B54D1B8AD2C31FB8BDE45EA66DB9962C0CE1207941A13630896 ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:28:39.0421 0x0f14  Themes - ok
22:28:39.0437 0x0f14  [ 37DB0A7D097310E8B4DE803FC3119C78, 2335C1D47ED3EFBC41AA4DC6BF35588605CAAA67BD047B431E07BAD7201BABC3 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
22:28:39.0531 0x0f14  TlntSvr - ok
22:28:39.0531 0x0f14  TosIde - ok
22:28:39.0562 0x0f14  [ 6D9AC544B30F96C57F8206566C1FB6A1, C39D35D169A3BCA5E458815A1B60CE92D19BC04579D62DAB9396B42760C5E47B ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:28:39.0656 0x0f14  TrkWks - ok
22:28:39.0703 0x0f14  TwonkyMedia - ok
22:28:39.0718 0x0f14  [ 12F70256F140CD7D52C58C7048FDE657, F2E3E645AA713A520452F5E17513D258D3900E93F65013551FC2B542BFA15BB3 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:28:39.0796 0x0f14  Udfs - ok
22:28:39.0812 0x0f14  [ 8E6D8AF8B2E589338292D8373195F206, 68A4FFD6A2075452CC411045B0E957140D0DC73DECDF5A2EDD93276FFEC98DA5 ] ULCDRHlp        C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
22:28:39.0828 0x0f14  ULCDRHlp - detected UnsignedFile.Multi.Generic ( 1 )
22:28:39.0828 0x0f14  ULCDRHlp ( UnsignedFile.Multi.Generic ) - warning
22:28:39.0859 0x0f14  UleadBurningHelper - ok
22:28:39.0859 0x0f14  ultra - ok
22:28:39.0890 0x0f14  [ CED744117E91BDC0BEB810F7D8608183, 8D429F6B4A206D82C3BB18C7675B6C3910D5A1CB892F5D07EA8E8080D729AD07 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:28:40.0187 0x0f14  Update - ok
22:28:40.0218 0x0f14  [ ACA5D98663D879C6BAAFCEA7E2F1B710, C8DA38619880E3B34A0C880BF1E9217A39B287493C7DD6E94C9565F4042913D7 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:28:40.0531 0x0f14  upnphost - ok
22:28:40.0546 0x0f14  [ 0CCADC7391021376EDBB8AA649D04E68, B389E85386A4F30A85E528AD2FA7DE36276ED218EE743082199C0284DB03D940 ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:28:40.0593 0x0f14  upperdev - ok
22:28:40.0625 0x0f14  [ 3F5DF65B0758675F95A2D43918A740A3, BC639259E0365C66F4C6CF2F341395942706810E4B393598429FA3B929D16D8C ] UPS             C:\WINDOWS\System32\ups.exe
22:28:40.0703 0x0f14  UPS - ok
22:28:40.0703 0x0f14  USBAAPL - ok
22:28:40.0734 0x0f14  [ BFFD9F120CC63BCBAA3D840F3EEF9F79, 0183D82E341473200FB1A05F6ABBBA3F2BD635654F49599E4CEB3E6394A33D36 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:28:40.0812 0x0f14  usbccgp - ok
22:28:40.0843 0x0f14  [ 15E993BA2F6946B2BFBBFCD30398621E, 10AD5B133C9C68B8E11DF702C50BDE5162693C5A9F132DFE1823D03D70D4EB89 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:28:40.0921 0x0f14  usbehci - ok
22:28:40.0953 0x0f14  [ C72F40947F92CEA56A8FB532EDF025F1, EBB9E235C973574B835B1FD22D813E9215029B3FC5030591D6F7971C9A23AEF7 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:28:41.0015 0x0f14  usbhub - ok
22:28:41.0031 0x0f14  [ A42369B7CD8886CD7C70F33DA6FCBCF5, EEDAA16F906A2F8FF40009ED10243F66A5CCE878111F1001DA6060A42DD79047 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:28:41.0109 0x0f14  usbprint - ok
22:28:41.0140 0x0f14  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85, E40B73D4E2417F4874D155885C86E4FB44557324616AABD84EFE6C4751DCC46B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:28:41.0203 0x0f14  usbscan - ok
22:28:41.0234 0x0f14  [ 49106EE29074E6A3D3AC9E24C6D791D8, B96B19A92E720F284741F8A2DCB30A9423AD58BA8F795D4F2E30403CEEF20099 ] usbser          C:\WINDOWS\system32\drivers\usbser.sys
22:28:41.0312 0x0f14  usbser - ok
22:28:41.0343 0x0f14  [ 68B4F83CCCF70A2FF32EE142C234332A, E82423C4EC85292534552D152A5F383DCEE854BB78E194741D99633860561623 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:28:41.0375 0x0f14  UsbserFilt - ok
22:28:41.0406 0x0f14  [ 6CD7B22193718F1D17A47A1CD6D37E75, CFD74FE06819DA488654F88BFCCBF29994FE7F04EC6CD5CD41552B0C95A8130F ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:28:41.0484 0x0f14  USBSTOR - ok
22:28:41.0500 0x0f14  [ F8FD1400092E23C8F2F31406EF06167B, AE93C83BA1966535AFA3E72D6F69156B7E56F021A6808EC8DA44C7E7D506D7E5 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:28:41.0578 0x0f14  usbuhci - ok
22:28:41.0578 0x0f14  [ AF090265EC388BAB320F1FF7E7A7D5EA, A443D3FC64419B42CA0B73343277504957FCE29132338D7D02167E6FBB22ECE0 ] USB_RNDIS       C:\WINDOWS\system32\DRIVERS\usb8023.sys
22:28:41.0656 0x0f14  USB_RNDIS - ok
22:28:41.0671 0x0f14  [ 8A60EDD72B4EA5AEA8202DAF0E427925, ED0624B285E4F64E07E30C12490873A2090F9DFD6A91A2EDA7A1082B88A8199E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:28:41.0765 0x0f14  VgaSave - ok
22:28:41.0765 0x0f14  ViaIde - ok
22:28:41.0828 0x0f14  [ 0D18FDC5B72C821CBAEC262711E7B8F0, 76E7CF61ECD54F0B956FB84D0D1A8E08E44FA338734A24F1C11BE86FFE534DA6 ] VMHybrid        C:\WINDOWS\system32\DRIVERS\VMHybrid.sys
22:28:41.0890 0x0f14  VMHybrid - detected UnsignedFile.Multi.Generic ( 1 )
22:28:41.0890 0x0f14  VMHybrid ( UnsignedFile.Multi.Generic ) - warning
22:28:41.0921 0x0f14  [ EE4660083DEBA849FF6C485D944B379B, 4DA3CA0DEA0698D387EA370D9BBFF06FEF1C0A5B3D7F772164441B63B8A3927A ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:28:42.0000 0x0f14  VolSnap - ok
22:28:42.0031 0x0f14  [ 270986575CEB1F8EA48E7545D55FF810, 741FCFC8DB021FCEDA2C84A051094982C8813AAE7CDCA9F79A93E26A4C55D6FA ] vsdatant        C:\WINDOWS\system32\vsdatant.sys
22:28:42.0062 0x0f14  vsdatant - ok
22:28:42.0062 0x0f14  vsmon - ok
22:28:42.0093 0x0f14  [ 3EE00364AE0FD8D604F46CBAF512838A, 962168941F4E291F2B5236DA7DB84E50DC335F42595B4BC31FCB7960BD8743FC ] VSS             C:\WINDOWS\System32\vssvc.exe
22:28:42.0187 0x0f14  VSS - ok
22:28:42.0203 0x0f14  [ 2B281958F5D0CF99ED626E3EF39D5C8D, FB46398AE01CDD9CB6E1E647E4DDA86B670F93F787D69B885C7E930D4FF8F3FC ] W32Time         C:\WINDOWS\System32\w32time.dll
22:28:42.0296 0x0f14  W32Time - ok
22:28:42.0328 0x0f14  [ 984EF0B9788ABF89974CFED4BFBAACBC, 8178888E3A1AA3BD3BE34456118BB76AF2DD04EC575E4880F97A8EFB182C9E92 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:28:42.0406 0x0f14  Wanarp - ok
22:28:42.0437 0x0f14  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
22:28:42.0468 0x0f14  Wdf01000 - ok
22:28:42.0468 0x0f14  WDICA - ok
22:28:42.0484 0x0f14  [ EFD235CA22B57C81118C1AEB4798F1C1, 16EE95A1D51F318224152492FB1663D96E61EC1706E85AE820CD023CBA1CF1F3 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:28:42.0734 0x0f14  wdmaud - ok
22:28:42.0765 0x0f14  [ 265F534EF76832435AFBF771EC97176D, 67C1C932A20A92D2D180D6763AC9297FA0B6D4C225501C7739B0B45F52FEC6E1 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:28:43.0062 0x0f14  WebClient - ok
22:28:43.0109 0x0f14  [ F399242A80C4066FD155EFA4CF96658E, DC40735D288193170DAF5571A829702EDC07DDAEA87ECF59490DFB516A690F9B ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:28:43.0187 0x0f14  winmgmt - ok
22:28:43.0234 0x0f14  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:28:43.0265 0x0f14  WmdmPmSN - ok
22:28:43.0328 0x0f14  [ 1AFF244CA134956C54474F4E2433E4CE, 726B06C58006FF10F718C1D4E9BD1E3C2EFAF931F684C4BA325CF0AC6B1A25E6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
22:28:43.0421 0x0f14  Wmi - ok
22:28:43.0453 0x0f14  [ BA8CECC3E813E1F7C441B20393D4F86C, E60AC60B67926F61AD872412DC2E096825F97D725B66834328EC3B97F62DBFEA ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:28:43.0531 0x0f14  WmiApSrv - ok
22:28:43.0562 0x0f14  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:28:43.0562 0x0f14  WpdUsb - ok
22:28:43.0593 0x0f14  [ 4D59DAA66C60858CDF4F67A900F42D4A, 312DC7D712F0807EBE5B3984E1BC19E7327D6357818D51AEB33058B052AEAA83 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:28:43.0671 0x0f14  wscsvc - ok
22:28:43.0703 0x0f14  [ D5842484F05E12121C511AA93F6439EC, 531888E914578172534BBC3220A86C99D1FCE423E89834B533E0A79F583436F3 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:28:43.0781 0x0f14  WSTCODEC - ok
22:28:43.0812 0x0f14  [ 13D72740963CBA12D9FF76A7F218BCD8, 3E4D0369F85E64FB6E4088753D7654D58900B480BEBF42F3CB6969355CEAC5A8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:28:43.0906 0x0f14  wuauserv - ok
22:28:43.0921 0x0f14  [ 50EB9E21963B4F06FD010D007D54351B, 0918EABC0EBFE39EFFAE15A0286A8193D18474665B572CCD5E857A127EA1055B ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:28:43.0953 0x0f14  WudfPf - ok
22:28:43.0968 0x0f14  [ 6E209664BDEA8A15B5E8E480D6C607C2, 3A3C4C34DB39DE9660E68D40A0D4D351F7684A08B5B40C3B281436CEBD0DED62 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:28:43.0984 0x0f14  WudfRd - ok
22:28:44.0000 0x0f14  [ AE93084D2D236887BA56467AE42B4955, EC0B076A2B3EDA17A613219C2888EBB86A337E9C47862F0F35919C3A02942909 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
22:28:44.0031 0x0f14  WudfSvc - ok
22:28:44.0062 0x0f14  [ 5A91E6FEAB9F901302FA7FF768C0120F, 83A1A719508CB4E504D9A75BBB6FCEA1E15C1EC574B8BD18BA40B2A18EF9918E ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:28:44.0156 0x0f14  WZCSVC - ok
22:28:44.0187 0x0f14  [ EEF46DAB68229A14DA3D8E73C99E2959, C9D7083BC69E1A4672D06CBD9E4E6FD93C3CA67E28EC040D1CC6AAFBFC825813 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:28:44.0281 0x0f14  xmlprov - ok
22:28:44.0281 0x0f14  ================ Scan global ===============================
22:28:44.0312 0x0f14  [ 00EF9C3AF83EDBAF18CA7A2837750117, 87DB68DC66EADA719411C2B3DB02768C52D61BAA94216FCE9C4EE5C710EE7171 ] C:\WINDOWS\system32\basesrv.dll
22:28:44.0390 0x0f14  [ 3D21B3BE0C5768E76FD9780E9CF9E07C, A7EECA58ADAF0EDE772C2B404BDB9F4EE9D19CAA5384E41EBF0CCE885A1F8594 ] C:\WINDOWS\system32\winsrv.dll
22:28:44.0406 0x0f14  [ 3D21B3BE0C5768E76FD9780E9CF9E07C, A7EECA58ADAF0EDE772C2B404BDB9F4EE9D19CAA5384E41EBF0CCE885A1F8594 ] C:\WINDOWS\system32\winsrv.dll
22:28:44.0437 0x0f14  [ C6CE6EEC82F187615D1002BB3BB50ED4, CEA9C880328205AE3376EB8B005412CB0F8FCE52A71C6F0651EF5F9C193F6E3F ] C:\WINDOWS\system32\services.exe
22:28:44.0437 0x0f14  [ Global ] - ok
22:28:44.0437 0x0f14  ================ Scan MBR ==================================
22:28:44.0453 0x0f14  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:28:44.0843 0x0f14  \Device\Harddisk0\DR0 - ok
22:28:44.0843 0x0f14  ================ Scan VBR ==================================
22:28:44.0843 0x0f14  [ 26FA86EE71CCF75F8B37DD470BFF6555 ] \Device\Harddisk0\DR0\Partition1
22:28:44.0875 0x0f14  \Device\Harddisk0\DR0\Partition1 - ok
22:28:44.0875 0x0f14  [ 4D6528198A4C41C53813DF26D03DB418 ] \Device\Harddisk0\DR0\Partition2
22:28:44.0906 0x0f14  \Device\Harddisk0\DR0\Partition2 - ok
22:28:44.0921 0x0f14  [ D8ACD6E47CE288D020B86F93F285F49A ] \Device\Harddisk0\DR0\Partition3
22:28:44.0937 0x0f14  \Device\Harddisk0\DR0\Partition3 - ok
22:28:44.0937 0x0f14  ================ Scan generic autorun ======================
22:28:45.0015 0x0f14  [ 4CECADCA220598F2C29AF4CF981A70C4, FD29CED8E9C9EC98032C7C85BE2D2CA9B39C00396E0506A3C7F4C7C81EEDC9E6 ] C:\WINDOWS\SkyTel.EXE
22:28:45.0109 0x0f14  SkyTel - ok
22:28:45.0109 0x0f14  NvCplDaemon - ok
22:28:45.0109 0x0f14  nwiz - ok
22:28:45.0109 0x0f14  NvMediaCenter - ok
22:28:45.0687 0x0f14  [ 937CDFBAD945A72C0C36C40F8EA83183, 10BF9508650420F9213C143AF0C25D8B04D10CA846C908887114EA7270572CFC ] C:\WINDOWS\RTHDCPL.EXE
22:28:47.0015 0x0f14  RTHDCPL - ok
22:28:47.0093 0x0f14  [ 8B4CBBA1EA526830C7F97E7822E2493A, 1DFD05B1C0050DB44F5B4293E5574BFC292AF804A63FC0A70131BB498C326977 ] C:\WINDOWS\ALCMTR.EXE
22:28:47.0125 0x0f14  Alcmtr - ok
22:28:47.0156 0x0f14  [ 8FB740D758B14B1BC950CC347C21E461, 6EAB429DE35D87C94E9B912E189C248428653674939352E0210FC026F5A4B564 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
22:28:47.0156 0x0f14  RemoteControl - detected UnsignedFile.Multi.Generic ( 1 )
22:28:47.0156 0x0f14  RemoteControl ( UnsignedFile.Multi.Generic ) - warning
22:28:47.0203 0x0f14  [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\NeroCheck.exe
22:28:47.0234 0x0f14  NeroFilterCheck - detected UnsignedFile.Multi.Generic ( 1 )
22:28:47.0234 0x0f14  NeroFilterCheck ( UnsignedFile.Multi.Generic ) - warning
22:28:47.0312 0x0f14  [ 3E1731C55F77D150791D4C7E87AD4E5C, AF81EDAF6B75D17B438A02336C1D3C435DFE41282CA51006684D2E5B4F564787 ] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
22:28:47.0375 0x0f14  Zone Labs Client - ok
22:28:47.0421 0x0f14  [ 804FBB66EC6CA862B840D173EFC638A7, D4B1F73E5CA4CBAF68500349A75B6AAB0A43EE61D6BD07D0E2214FA82537D7B0 ] C:\Program Files\D-Tools\daemon.exe
22:28:47.0437 0x0f14  DAEMON Tools-1033 - detected UnsignedFile.Multi.Generic ( 1 )
22:28:47.0437 0x0f14  DAEMON Tools-1033 ( UnsignedFile.Multi.Generic ) - warning
22:28:47.0484 0x0f14  [ 51CC27CF61777E3A11BAAE0C65AE5774, 7789291D4669E84247B7DB85D67E10CEC7DE7A6D16927EDB3D4A5156C5933A82 ] C:\Program Files\PowerISO\PWRISOVM.EXE
22:28:47.0515 0x0f14  PWRISOVM.EXE - detected UnsignedFile.Multi.Generic ( 1 )
22:28:47.0515 0x0f14  PWRISOVM.EXE ( UnsignedFile.Multi.Generic ) - warning
22:28:47.0546 0x0f14  SMSERIAL - ok
22:28:47.0593 0x0f14  [ D6C9858536249E31A5E9A1A4F3A08113, 5C25C1749E4E1343C4AE25678AB485E3BD54BCFF0C260DA6DC889F9D15D3416D ] C:\Program Files\Microsoft IntelliPoint\point32.exe
22:28:47.0625 0x0f14  IntelliPoint - detected UnsignedFile.Multi.Generic ( 1 )
22:28:47.0625 0x0f14  IntelliPoint ( UnsignedFile.Multi.Generic ) - warning
22:28:47.0734 0x0f14  [ 3E1731C55F77D150791D4C7E87AD4E5C, AF81EDAF6B75D17B438A02336C1D3C435DFE41282CA51006684D2E5B4F564787 ] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
22:28:47.0781 0x0f14  ZoneAlarm Client - ok
22:28:47.0828 0x0f14  Adobe Photo Downloader - ok
22:28:47.0921 0x0f14  UIUCU - ok
22:28:47.0953 0x0f14  UnlockerAssistant - ok
22:28:48.0015 0x0f14  [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files\QuickTime\QTTask.exe
22:28:48.0046 0x0f14  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
22:28:48.0046 0x0f14  QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
22:28:48.0125 0x0f14  [ 714C602C1B8CEF17E25C753F1BACF78D, E0B0DC548CA9DA7F3D0EEE9EDACC9058D5C845E8B03B841434EB1E03683A9B73 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
22:28:48.0140 0x0f14  AppleSyncNotifier - ok
22:28:48.0312 0x0f14  [ 6D255147C36E63EB6E2B2D280BEFC2ED, 6D8E6B4FFB8DC952687D69B8CCC1B95ED5C6266B4C6D0A64287BED5FF3FEE38A ] C:\Program Files\DVD or CD Sharing\ODSAgent.exe
22:28:48.0343 0x0f14  DVD or CD Sharing - ok
22:28:48.0437 0x0f14  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:28:48.0562 0x0f14  Adobe ARM - ok
22:28:48.0687 0x0f14  [ 82CC8F77E9EC61C6B4D48DD4D5CA78E7, 51F3072F9AB9C6B8FF62731834530870A517F3099D1E94E8E2F953484B7A04FE ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:28:48.0687 0x0f14  APSDaemon - ok
22:28:48.0796 0x0f14  [ 326AFCBC02CE7C84149F46A41F9ED99C, F72F772862B4B01FF200ED859B0230DD998A41B9C3E54EE1E2AA8145B493EABD ] C:\Program Files\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe
22:28:49.0015 0x0f14  LauncherP205b - detected UnsignedFile.Multi.Generic ( 1 )
22:28:49.0015 0x0f14  LauncherP205b ( UnsignedFile.Multi.Generic ) - warning
22:28:49.0093 0x0f14  [ FF94020EE045790DDAAFCD82C7245885, 09E4D714CA0F36B91A66C07DE7C47EC1CAD43B80CD2F5FDF771F48B6431E6A2D ] C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe
22:28:49.0140 0x0f14  DocuPrint P205b RUN - detected UnsignedFile.Multi.Generic ( 1 )
22:28:49.0140 0x0f14  DocuPrint P205b RUN ( UnsignedFile.Multi.Generic ) - warning
22:28:49.0968 0x0f14  [ 03A2D8B38609E9A6C0B1C7AE3AAD14C2, 9606BF08D90D434DE006024E4D9DE98271C33DDA0FE1DCE4C536A04A2EA2FC57 ] C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
22:28:50.0781 0x0f14  StatusAutoRunP205b - detected UnsignedFile.Multi.Generic ( 1 )
22:28:50.0781 0x0f14  StatusAutoRunP205b ( UnsignedFile.Multi.Generic ) - warning
22:28:50.0781 0x0f14  Force sending object to P2P due to detect: C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
22:28:51.0093 0x0f14  Object send P2P result: false
22:28:51.0531 0x0f14  [ 387B8DAC1A99130387DC580864F51D5D, 84E5F2DBC37B8D0DD62E6774993B3BDAEEAC0E8D2C05C889299B6DDCE0BD2929 ] C:\Program Files\Logitech Gaming Software\LCore.exe
22:28:52.0046 0x0f14  Launch LCore - ok
22:28:52.0390 0x0f14  [ 148C545849C1379A3D4448F5DE768E86, 0B87C4C0C422F16CB425151E4D6F57604FE5100E4EAA84CC3B4579BE1C661969 ] C:\Program Files\AVAST Software\Avast\avastUI.exe
22:28:52.0828 0x0f14  avast - ok
22:28:52.0906 0x0f14  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
22:28:52.0921 0x0f14  SunJavaUpdateSched - ok
22:28:52.0921 0x0f14  KernelFaultCheck - ok
22:28:53.0015 0x0f14  [ 700ECB8DB6B0FCE5C077438D2C4485D5, 35E25C018E552C76474C3D384ED74D982476C4A47C39BB45A1E38F7B054B387E ] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
22:28:53.0046 0x0f14  DivXMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
22:28:53.0046 0x0f14  DivXMediaServer ( UnsignedFile.Multi.Generic ) - warning
22:28:53.0578 0x0f14  [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
22:28:53.0937 0x0f14  DivXUpdate - ok
22:28:53.0968 0x0f14  [ 24232996A38C0B0CF151C2140AE29FC8, D2FED8CCAE118F06FD948A4B12445AA8C29A3E7BB5B6FE90970FBC27F426F0B0 ] C:\WINDOWS\system32\ctfmon.exe
22:28:54.0046 0x0f14  ctfmon.exe - ok
22:28:54.0218 0x0f14  [ 6F1A4819473D934E4FBED6D105CE78B2, B1EC615627BDFD86C3AACC5D88F5DEC26DE689EA8AAFDD17043EF15612B75AF9 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
22:28:54.0500 0x0f14  SUPERAntiSpyware - detected UnsignedFile.Multi.Generic ( 1 )
22:28:54.0500 0x0f14  SUPERAntiSpyware ( UnsignedFile.Multi.Generic ) - warning
22:28:54.0500 0x0f14  Force sending object to P2P due to detect: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
22:28:54.0734 0x0f14  Object send P2P result: false
22:28:55.0437 0x0f14  [ 4235133F017BD7C2917E331B6B36598A, 11570536BE4212A817ABE7C48CFDB26D20A98035517259442D32D73F2C419B62 ] C:\Program Files\BitComet\BitComet.exe
22:28:57.0578 0x0f14  BitComet - ok
22:28:57.0625 0x0f14  [ 24232996A38C0B0CF151C2140AE29FC8, D2FED8CCAE118F06FD948A4B12445AA8C29A3E7BB5B6FE90970FBC27F426F0B0 ] C:\WINDOWS\system32\ctfmon.exe
22:28:57.0734 0x0f14  ctfmon.exe - ok
22:28:57.0765 0x0f14  avg_spchecker - ok
22:28:57.0906 0x0f14  AV detected via SS1: avast! Antivirus, 5.0.134219211, enabled, updated
22:28:57.0906 0x0f14  FW detected via SS1: ZoneAlarm Firewall, 7.0.337.000, enabled
22:28:57.0906 0x0f14  ============================================================
22:28:57.0906 0x0f14  Scan finished
22:28:57.0906 0x0f14  ============================================================
22:28:57.0906 0x0238  Detected object count: 20
22:28:57.0906 0x0238  Actual detected object count: 20
22:30:33.0812 0x0238  d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  FXNADB ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  FXNADB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  mp3m2pls ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  mp3m2pls ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  ULCDRHlp ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  ULCDRHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  VMHybrid ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  VMHybrid ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  RemoteControl ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  RemoteControl ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  NeroFilterCheck ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  NeroFilterCheck ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0812 0x0238  DAEMON Tools-1033 ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0812 0x0238  DAEMON Tools-1033 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0828 0x0238  PWRISOVM.EXE ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0828 0x0238  PWRISOVM.EXE ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0828 0x0238  IntelliPoint ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0828 0x0238  IntelliPoint ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0828 0x0238  QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0828 0x0238  QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0828 0x0238  LauncherP205b ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0828 0x0238  LauncherP205b ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0828 0x0238  DocuPrint P205b RUN ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0828 0x0238  DocuPrint P205b RUN ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0828 0x0238  StatusAutoRunP205b ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0828 0x0238  StatusAutoRunP205b ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0828 0x0238  DivXMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0828 0x0238  DivXMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:33.0828 0x0238  SUPERAntiSpyware ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:33.0828 0x0238  SUPERAntiSpyware ( UnsignedFile.Multi.Generic ) - User select action: Skip


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like Avast killed it for you :)

 

22:28:44.0437 0x0f14 ================ Scan MBR ==================================
22:28:44.0453 0x0f14 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:28:44.0843 0x0f14 \Device\Harddisk0\DR0 - ok
22:28:44.0843 0x0f14 ================ Scan VBR ==================================
22:28:44.0843 0x0f14 [ 26FA86EE71CCF75F8B37DD470BFF6555 ] \Device\Harddisk0\DR0\Partition1
22:28:44.0875 0x0f14 \Device\Harddisk0\DR0\Partition1 - ok
22:28:44.0875 0x0f14 [ 4D6528198A4C41C53813DF26D03DB418 ] \Device\Harddisk0\DR0\Partition2
22:28:44.0906 0x0f14 \Device\Harddisk0\DR0\Partition2 - ok
22:28:44.0921 0x0f14 [ D8ACD6E47CE288D020B86F93F285F49A ] \Device\Harddisk0\DR0\Partition3
22:28:44.0937 0x0f14 \Device\Harddisk0\DR0\Partition3 - ok


The file name in the scan log is C:\Backup_MBR_0.bin. I hav not tried to repair or delete in Avast

You can remove this now as it is the infection

How is the computer behaving now ?

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#9
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

# AdwCleaner v3.214 - Report created 02/07/2014 at 23:08:26
# Updated 29/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : martin - MASTER
# Running from : C:\Documents and Settings\martin\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\FCTB
File Deleted : C:\WINDOWS\system32\Uninstall.exe
File Deleted : C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180


-\\ Mozilla Firefox v30.0 (en-GB)

[ File : C:\Documents and Settings\martin\Application Data\Mozilla\Firefox\Profiles\0vhopzow.default\prefs.js ]

Line Deleted : user_pref("foxamp.winampautostart", true);
Line Deleted : user_pref("foxamp.winampdir", "");
Line Deleted : user_pref("foxytunes.player_class", "@foxytunes.org/FoxyTunes/WinAmp;1");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.47.KeywordHistory", "%7Cvelocity%7C%2520%2509%2520Tontine%2520Australian%2520Winter%2520Weight%2520Wool%2520%7Ctontine%7Cafl%7Cperth%2520plastic%25[...]
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.ClearCacheDate", 2);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.DNSCatch", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.DisplayEULA", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.EBOMode", false);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.EnableDCAData_xx", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.EnableDCA_xx", false);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.FirstLaunchShown", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.InstallDomain", "flybuys.com.au");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.InstallType", "one_click");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.LoadLayoutDate.100967", 2);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.RestoreSearchAfterUpdate", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.SearchNameBeforeUpdate", "Search%20to%20earn%20points");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.StateReportDate", "1404222286991");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.beforeInstallSaved", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.beforeinstall.homepage", "hxxp%3A//au.news.yahoo.com/thewest%20%7C%20hxxp%3A//www.ozbargain.com.au/%20%7C%20hxxp%3A//thewest.footytips.com.au/home/[...]
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.beforeinstall.search", "Google");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.comp.search.47.engine_img", "");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.comp.search.47.engine_url", "aHR0cDovL2ZseWJ1eXMuc2VhcmNoLmFkbHV4LmNvbS9zZWFyY2gvP3V0bV9zb3VyY2U9YWRsdXgmdXRtX21lZGl1bT1jcGMmb3VybWFyaz0xJnE9");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.comp.search.47.text", "Search%20to%20earn%20points");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.comp.search.search_comp_cid.engine_img", "aHR0cHM6Ly9zdGF0aWMucmV3YXJkc2FjY2VsZXJhdG9yLmNvbS9jbGllbnRzL0NvbGVzL3Rvb2xiYXJzL3Byb2R1Y3Rpb24vMTAwOTY3L[...]
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.comp.search.search_comp_cid.engine_url", "aHR0cDovL2ZseWJ1eXMuc2VhcmNoLmFkbHV4LmNvbS9zZWFyY2gvP3V0bV9zb3VyY2U9YWRsdXgmdXRtX21lZGl1bT1jcGMmb3VybWFya[...]
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.comp.search.search_comp_cid.text", "Search%20to%20earn%20points");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.customNewTab", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.dcaDefaultMode", false);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.dcaShowInstallerPage", false);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.dcaShowSurvey", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.forceSave", false);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.helpUsImprove", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.hideOthers", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.partnerauth", false);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.processAddrBar", false);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.remove_homepage", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.remove_search", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.restoreSearch", false);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.runcmd.", "1375588026");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.searchHistory", true);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.search_comp_cid.KeywordHistory", "oz%2520bargain%7C1100d%2520jb%2520hifi%7C1100d%2520officeworks%7Cafl%7C");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.session", "637E320CF0F72A210A51CA611F8ABAF0D7B376C973B456A2C549B813A046253E151368710A680877D4E29E0DE02E78CF1E4E62384E972C92103A73A2F7D5F279899E6910[...]
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.tb_lang", "en");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.tool_id", "100967");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.user_id", "130779351");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.user_key", "7f05effd1e1ac4278b0b12d6d21e15d3a317b5e6");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.user_layouts", "100967");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.user_lnames", "flybuys%20Toolbar");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.vars.last_checked_for_balance_component", "1392806829");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.xml_service_url", "d7d6e7cdc6afc6adb9b77f33741af2e5");
Line Deleted : user_pref("freecaused8c4975b9e4b4574b5ab67fe58455a95.yahooSearch", false);

-\\ Google Chrome v35.0.1916.153

[ File : C:\Documents and Settings\martin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://gumtree.com.au/s-search-results.html?keyword={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [9884 octets] - [02/07/2014 23:05:48]
AdwCleaner[S0].txt - [9979 octets] - [02/07/2014 23:08:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10039 octets] ##########
 


  • 0

#10
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Is Adwcleaner better than Spywareblaster or Malwarebytes Anti-Malware?


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No, AdwCleaner is a specialist tool just for adware, and cleaning other such junk.

How is the computer behaving ?
  • 0

#12
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Still a little bit laggy when I click on firefox. But at least the virus is gone. I just perfomed avast and it is clean. I wonder how come avast was able to remove it? Was it because i did a scan with spywareblaster first (part of the routine)?

Thankyou so much for ur help.


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you do a boot scan with Avast as that is when it finds it easier to remove the bootkit

I notice that you are on service pack 2, I would highly recommend that you upgrade to SP 3 before Microsoft pulls it completely

Lets empty your temp files now to see if that improves firefox

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

  • 0

#14
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

No, just a normal scan. I read a few other forums and some ppl hav trouble with avast not being able to remove whistler.

Oh well it's gone, so thankyou very much for your help :)


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP