Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SearchAssist.net [Closed]


  • This topic is locked This topic is locked

#31
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi Denisejm,

I'd steer clear of that site--it's a conduit for unwanted software and it does not offer any fixes as it claims. Not all hope is lost with our case. :smashcomp:  I'd like to check whether malware still resides in the system--it could very well be the cause of all this persistent errors.
  • Step 1

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    If you haven't already, download 'Farbar Recovery Scan Tool by Farbar' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • The program will initialize. Press Yes to accept the disclaimer.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Step 3

    The following steps will attempt to fix Internet Explorer.
    • Uninstall Internet Explorer via the Control Panel. If any errors appear about a missing file, cancel the process and reboot your computer.
    • Install Internet Explorer via the installer. It will ask you to reboot once done.
    • Go back to the Control Panel and uninstall the said program again.
    • If the process goes smoothly, re-install Internet Explorer after for the last time.
    • If uninstalling still gives off errors, please use 'Fix It by Microsoft' to uninstall the program and post back the log it produces.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)

  • 0

Advertisements


#32
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

# AdwCleaner v4.106 - Report created 31/12/2014 at 08:51:16
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 2 (64

bits)
# Username : Administrator - KINGKONG
# Running from : C:\Documents and Settings\Administrator\My

Documents\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application

Data\Fighters
Folder Deleted : C:\Documents and

Settings\Administrator\Application Data\Fighters
Folder Deleted : C:\Documents and Settings\Default

User\Application Data\Fighters

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0

2478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E

F99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R2].txt - [7974 octets] - [15/12/2014 14:21:31]
AdwCleaner[R3].txt - [1931 octets] - [17/12/2014 21:43:01]
AdwCleaner[R4].txt - [1942 octets] - [17/12/2014 22:18:58]
AdwCleaner[R5].txt - [1925 octets] - [31/12/2014 08:49:02]
AdwCleaner[S2].txt - [6847 octets] - [15/12/2014 20:48:49]
AdwCleaner[S3].txt - [2027 octets] - [17/12/2014 21:46:01]
AdwCleaner[S4].txt - [1857 octets] - [17/12/2014 22:21:10]
AdwCleaner[S5].txt - [1731 octets] - [31/12/2014 08:51:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1791 octets]

##########
 


  • 0

#33
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Administrator at 2014-12-31 08:58:45
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM-x32\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Advanced WindowsCare Personal (HKLM-x32\...\Advanced WindowsCare V2 Personal_is1) (Version: 2.8.1 - IObit)
AiO_Scan (x32 Version: 51.0.109.000 - Hewlett-Packard) Hidden
AM-DeadLink (HKLM-x32\...\AM-DeadLink) (Version:  - )
Apollo WMV/ASF/ASX to DVD Burner 3.2 (HKLM-x32\...\Apollo WMV/ASF/ASX to DVD Burner_is1) (Version:  - Apollo Mulitmedia)
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.0.0 (HKLM-x32\...\Audacity_is1) (Version:  - )
Auto Gordian Knot 2.45 (HKLM-x32\...\AutoGK) (Version: 2.45 - len0x)
AVI/MPEG/RM Joiner 2.40 (HKLM-x32\...\AVI MPEG RM Joiner_is1) (Version:  - Boilsoft, Inc.)
AVI/MPEG/RM/WMV Splitter 4.28 (HKLM-x32\...\AVI MPEG RM WMV Splitter_is1) (Version:  - boilsoft, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CCScore (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
Corel WordPerfect Suite 8 (HKLM-x32\...\Corel WordPerfect Suite 8) (Version:  - )
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Dziobas Rar Player 0.009.51 (HKLM-x32\...\Dziobas Rar Player_is1) (Version:  - Kamil Dzióbek)
ESSCDBK (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 5.02.0000.0103 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESShelp (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 5.02.0000.0004 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpaht (x32 Version: 5.01.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpot (x32 Version: 5.01.0000.0001 - EASTMAN KODAK Company) Hidden
FairUse Wizard 2 (HKLM-x32\...\FairUse Wizard 2) (Version: (v2.8) - FairUse Wizard)
Falco Icon Studio 2.7 (HKLM-x32\...\Falco Icon Studio_is1) (Version:  - Falco, Inc.)
ffdshow x64 v1.1.3611 [2010-10-06] (HKLM\...\ffdshow64_is1) (Version: 1.1.3611.0 - )
Free YouTube Downloader 3.5.136 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
HD Tune 2.54 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HLPIndex (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
HLPRFO (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
HP Beta Printer Drivers for Windows XP x64 (5.64.0.17) (HKLM\...\{25E0F2BA-399C-4cf8-A654-53797016CB77}) (Version: 5.64.0.10 - HP)
HP Photosmart Essential (HKLM-x32\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
KSU (x32 Version: 632.62.0003.0003 - EASTMAN KODAK Company) Hidden
Media Player Classic - Home Cinema v1.4.2499.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC Team)
MediaInfo 0.7.7.4 (HKLM-x32\...\MediaInfo) (Version: 0.7.7.4 - )
MGI PhotoSuite 4 (Remove Only) (HKLM-x32\...\MGI_PRISM_V4_0) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft

Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft

Corporation)
MKVtoolnix 2.2.0 (HKLM-x32\...\MKVtoolnix) (Version: 2.2.0 - Moritz Bunkus)
Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Firefox 27.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Firefox 29.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MP3 Bitrate Changer 1.1 (HKLM-x32\...\MP3 Bitrate Changer_is1) (Version:  - Pianosoft)
MSN (HKLM-x32\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E1B33EF1-258C-4EC0-A340-D031100FE50D}) (Version: 6.20.2016.0 - Microsoft Corporation)
Nero 7 Demo (HKLM-x32\...\{84B2CF01-194D-2284-B313-F2E0D78D1033}) (Version: 7.00.1461 - Nero AG)
Notifier (x32 Version: 5.01.0000.0001 - EASTMAN KODAK Company) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 125.24 - NVIDIA Corporation)
OTtBPSDK (x32 Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PCDADDIN (x32 Version: 5.02.0000.0001 - Eastman Kodak Company) Hidden
PCDHELP (x32 Version: 5.02.0000.0001 - Eastman Kodak Company) Hidden
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM-x32\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5898 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.83 (HKLM-x32\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
Scan (x32 Version: 6.0.0.0 - Hewlett-Packard) Hidden
SFR (x32 Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKIN0001 (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50 PB5 (Public Beta 5) - C. Ghisler & Co.)
TransBar (HKLM-x32\...\TransBar) (Version:  - )
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Unlocker 1.8.5 (HKLM-x32\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2836198) (HKLM\...\KB2836198) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2890882) (HKLM\...\KB2890882) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 5 - Microsoft Corporation)
Update for Windows XP (KB932596) (HKLM\...\KB932596) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB936357) (HKLM\...\KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft

Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
VPRINTOL (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
Webshots Desktop (HKLM-x32\...\Webshots Desktop_is1) (Version:  - AGCM)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140744 - Microsoft Corporation)
Windows XP Service Pack 2 (HKLM\...\Windows x64 Service Pack) (Version:  - )
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
WIRELESS (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )
XviD v1.2.0 CVS (HKLM\...\XviD MPEG-4 Video Codec_is1) (Version:  - Celtic Druid)
XviD Video Codec 30082002-1 (Koepi's build with EPSZ ME) (HKLM-x32\...\XviD) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-12-2014 19:39:18 System Checkpoint
28-12-2014 19:45:35 System Checkpoint
29-12-2014 08:43:40 Removed WOT for Internet Explorer
29-12-2014 08:57:55 Restore Point before Corrupt Patch Registry keys
29-12-2014 08:58:12 Restore Point before FULL-DISKfighter was removed using Program Install and Uninstall troubleshooter
29-12-2014 08:58:28  FULL-DISKfighter
30-12-2014 13:45:18 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-02-18 07:00 - 2013-10-29 17:57 - 00000098 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-27 19:42 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\WINDOWS\pss\Start GeekBuddy.lnkCommon

Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => C:\Program Files (x86)\Common Files\Ahead\lib\NMBgMonitor.exe
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrooveMonitor =>
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\SysWOW64\NeroCheck.exe
MSCONFIG\startupreg: SmartRAM => "C:\Program Files (x86)\WindowsCare v2.7\MemCleaner.exe" /m
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TransBar => C:\Program Files (x86)\TransparentBar\TransBar.exe /s
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1560305870-1003223559-3566357663-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1560305870-1003223559-3566357663-501 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1560305870-1003223559-3566357663-1001 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC #2
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC #3
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter #2
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 09:03:50 AM) (Source: Microsoft Office 12) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (12/29/2014 09:03:39 AM) (Source: Microsoft Office 12) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 12.0.6661.5003, stamp 4fa2a9e1, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0,

fault address 0x00000000.

Error: (12/20/2014 10:27:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application driverfighter.exe, version 1.1.31.0, faulting module driverfighter.exe, version 1.1.31.0, fault address 0x000045ee.
Processing media-specific event for [driverfighter.exe!ws!]

Error: (12/19/2014 03:58:43 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (12/19/2014 00:38:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: KINGKONG)
Description: Product: WOT for Internet Explorer -- Error 1316. A network error occurred while attempting to read from the file: N:\- PROGRAMS\Downloaded

Programs\Security Programs\WOT x64 for Firefox\WOT-latest-en-x64.msi

Error: (12/19/2014 11:52:32 AM) (Source: MsiInstaller) (EventID: 11316) (User: KINGKONG)
Description: Product: WOT for Internet Explorer -- Error 1316. A network error occurred while attempting to read from the file: N:\- PROGRAMS\Downloaded

Programs\Security Programs\WOT x64 for Firefox\WOT-latest-en-x64.msi

Error: (12/15/2014 10:47:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: KINGKONG)
Description: Product: WOT for Internet Explorer -- Error 1316. A network error occurred while attempting to read from the file: N:\- PROGRAMS\Downloaded

Programs\Security Programs\WOT x64 for Firefox\WOT-latest-en-x64.msi

Error: (12/13/2014 09:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 34.0.5.5443, faulting module mozalloc.dll, version 34.0.5.5443, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/08/2014 06:03:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.3790.3959, faulting module libmpeg2_ff.dll, version 0.0.0.0, fault address 0x000000000000341a.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/08/2014 06:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.3790.3959, faulting module libmpeg2_ff.dll, version 0.0.0.0, fault address 0x000000000000341a.
Processing media-specific event for [explorer.exe!ws!]


System errors:
=============
Error: (12/31/2014 08:54:40 AM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.

Error: (12/31/2014 08:54:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aspi32 service failed to start due to the following error:
%%1275

Error: (12/31/2014 08:53:27 AM) (Source: 0) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys

Error: (12/31/2014 08:51:31 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Avira Real-Time

Protection service, but this action failed with the following error:
%%1056

Error: (12/31/2014 08:51:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in

0 milliseconds: Restart the service.

Error: (12/31/2014 08:51:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective

action will be taken in 0 milliseconds: Restart the service.

Error: (12/31/2014 08:51:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Web Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0

milliseconds: Restart the service.

Error: (12/31/2014 08:51:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000

milliseconds: Restart the service.

Error: (12/31/2014 08:51:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Logical Disk Manager Administrative Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/31/2014 08:51:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000

milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/29/2014 09:03:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6425.1000. This session

lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/17/2014 05:19:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6425.1000. This session

lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/05/2012 10:35:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/27/2011 04:44:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/27/2011 04:44:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/27/2011 04:44:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/27/2011 04:43:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/05/2010 07:46:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/05/2010 07:46:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/05/2010 07:46:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 4094 MB
Available physical RAM: 3047.57 MB
Total Pagefile: 5892.95 MB
Available Pagefile: 4963.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:34.18 GB) (Free:12.44 GB) NTFS
Drive d: (M 20-89, WS) (Fixed) (Total:897.33 GB) (Free:244.25 GB) NTFS
Drive e: (M 90-07, TOONS, ANIMS, COM) (Fixed) (Total:1863.01 GB) (Free:640.39 GB) NTFS
Drive f: (M 08-PR, MIX) (Fixed) (Total:1863.01 GB) (Free:1373.09 GB) NTFS
Drive g: (HD MOVIES, MINI-SERIES) (Fixed) (Total:1863.01 GB) (Free:352.82 GB) NTFS
Drive h: (DOCUMENTARIES) (Fixed) (Total:931.51 GB) (Free:64.26 GB) NTFS
Drive i: (BKS DOG HOL MU P&F SF&TE) (Fixed) (Total:931.51 GB) (Free:481.07 GB) NTFS
Drive j: (TV 1-D) (Fixed) (Total:931.51 GB) (Free:278.35 GB) NTFS
Drive k: (TV E-I, VIDEO CLIPS) (Fixed) (Total:1863.01 GB) (Free:1046.44 GB) NTFS
Drive l: (TV J-M, BIBLICAL) (Fixed) (Total:931.51 GB) (Free:398.23 GB) NTFS
Drive m: (TV N-SO) (Fixed) (Total:931.51 GB) (Free:453.85 GB) NTFS
Drive n: (TV ST-Z CL DR H&F MS PR RS) (Fixed) (Total:1863.01 GB) (Free:635.53 GB) NTFS
Drive z: (new tv episodes) (Fixed) (Total:931.51 GB) (Free:77.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3C1E3C1E)
Partition 1: (Active) - (Size=34.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=897.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9374)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 20643CEF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9375)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 43F5C04D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B49DBCD4)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B6370A21)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C76BC76B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3DC003A1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 9 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A2FC6F33)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 10 (Size: 1863 GB) (Disk ID: BAB1BAB2)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 11 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9FFEDC44)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#34
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

I still don't have Internet Options available. 

 

IE8 won't uninstall or reinstall.


  • 0

#35
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Hi Denisejm,

I'll need FRST.txt, too--the above is Addition.txt. Could you let me know which phases went wrong regarding Internet Explorer?

Happy New Year!  :cheers:


  • 0

#36
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

Sorry about that . . .  I thought I posted FRST.txt.  Here it is:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Administrator (administrator) on KINGKONG on 31-12-2014 08:57:56
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2008-08-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18670592 2009-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2008-06-19] (RealTek Semicoductor Corp.)
HKLM\...\Run: [SpyHunter Security Suite] => "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\WINDOWS\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [36X Raid Configurer] => C:\WINDOWS\SysWOW64\xRaidSetup.exe [1970176 2007-11-19] (JMicron Technology Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-12-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain-x32: C:\WINDOWS\SysWOW64\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet-x32: C:\WINDOWS\SysWOW64\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll-x32: C:\WINDOWS\SysWOW64\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy-x32: C:\WINDOWS\SysWOW64\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\EFS-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> D:\- Webshots\Launcher.exe (Webshots.com)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\Shell32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\Shell32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> Yahoo! URL = http://search.yahoo....-8&fr=chr-iobit
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab
DPF: HKLM-x32 {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1321508482812
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1321508432468
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWow64\mshtml.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\Shell32.dll (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWow64\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10508288 2009-02-10] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8360960 2009-02-10] (Microsoft Corporation)
Winsock: Catalog5-x64 03 %SystemRoot%\system32\NLAapi.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1DDC0173-88C1-41DE-B25C-585A91DC2F21}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{24CB7CFF-5BDF-4D03-B675-2F9E29EE4A2A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2C3728E0-79F6-4148-A857-00965E95E10C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{53EA468D-C928-4662-996B-38CD8D27EBD6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7EDEF09F-B6A1-4B5B-B62B-88BEB3A875C0}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VLC Media Player 2.0.5\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-19]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-18] (SUPERAntiSpyware.com)
R2 AeLookupSvc; C:\Windows\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S3 ALG; C:\Windows\SysWOW64\alg.exe [45056 2007-02-18] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [911360 2011-01-26] (ATI Technologies Inc.)
R2 AudioSrv; C:\Windows\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-12-12] (Avira Operations GmbH & Co. KG)
S3 CiSvc; C:\Windows\SysWOW64\cisvc.exe [6656 2007-02-18] (Microsoft Corporation)
S4 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S4 ClipSrv; C:\Windows\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
S3 Common Toolkit 2; C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [337920 2013-08-08] (SPAMfighter ApS) [File not signed]
R2 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
R2 Dnscache; C:\Windows\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
S4 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
S3 HTTPFilter; C:\Windows\SysWOW64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
R2 LmHosts; C:\Windows\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S4 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S4 NetDDE; C:\Windows\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S4 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S4 NetDDEdsdm; C:\Windows\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\Windows\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
S3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-18] (Microsoft Corporation)
S3 Nla; C:\Windows\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
R2 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
S2 nvsvc; C:\WINDOWS\system32\nvsvc64.exe [178688 2009-09-27] (NVIDIA Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-18] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S4 RasAuto; C:\Windows\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
S4 RasMan; C:\Windows\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 seclogon; C:\Windows\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\Windows\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\Windows\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S4 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation)
S4 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S4 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-18] (Microsoft Corporation)
S4 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1066496 2013-04-22] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWOW64\advapi32.dll [620032 2013-04-22] (Microsoft Corporation)
S4 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
R2 Eventlog;  [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; No ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S4 adpu160m; No ImagePath
S4 adpu320; No ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1794560 2009-01-09] (Creative)
S4 AmdIde; No ImagePath
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S4 arc; No ImagePath
S3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16512 2002-07-16] (Adaptec) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-06] ()
S4 Atdisk; No ImagePath
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7718912 2011-01-26] (ATI Technologies Inc.)
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
S4 dpti2o; No ImagePath
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-31] ()
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S1 i2omgmt; No ImagePath
S4 iirsp; No ImagePath
S1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [5396992 2009-07-20] (Realtek Semiconductor Corp.)
S4 IntelIde; No ImagePath
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [105312 2009-06-25] (JMicron Technology Corp.) [File not signed]
S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1854976 2009-01-09] (Creative Technology Ltd.)
S4 mraid35x; No ImagePath
S3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
S3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [9687424 2009-09-27] (NVIDIA Corporation)
S3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [72736 2009-08-21] (NVIDIA Corporation)
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
S1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R0 rr232x; C:\Windows\System32\drivers\rr232x.sys [144384 2007-10-26] (HighPoint Technologies, Inc.) [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMIX.sys [3023360 2009-05-20] (Realtek Semiconductor Corp.)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [124928 2007-11-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
S4 Simbad; No ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-16] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-16] (Microsoft Corporation)
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-29] (Microsoft Corporation)
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVCx32: Browser -> No ServiceDLL Path.
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> No ServiceDLL Path.
NETSVCx32: Messenger -> No ServiceDLL Path.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> No ServiceDLL Path.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 08:53 - 2014-12-31 08:53 - 00000390 _____ () C:\WINDOWS\PFRO.log
2014-12-31 08:30 - 2014-12-31 08:54 - 00000000 _____ () C:\WINDOWS\0.log
2014-12-31 01:39 - 2014-12-31 01:39 - 00000000 ____D () C:\Program Files (x86)\Advanced WindowsCare V2
2014-12-31 01:39 - 2014-12-31 01:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced WindowsCare V2 Personal
2014-12-31 01:15 - 2014-12-31 01:15 - 302627644 _____ () C:\Documents and Settings\Administrator\My Documents\RegBackup-10115.reg
2014-12-31 01:06 - 2014-12-31 01:07 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Firefox Bookmarks Backup 30Dec14
2014-12-31 00:01 - 2014-12-31 00:01 - 00000823 _____ () C:\Documents and Settings\Administrator\Desktop\SpyHunter.lnk
2014-12-31 00:01 - 2014-12-31 00:01 - 00000000 ____D () C:\sh4ldr
2014-12-31 00:00 - 2014-12-31 00:00 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-12-30 23:59 - 2014-12-30 23:59 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-29 08:58 - 2014-12-29 09:10 - 00000000 ____D () C:\MATS
2014-12-20 10:44 - 2014-12-20 10:44 - 00004536 _____ () C:\Documents and Settings\Administrator\Desktop\FightersLogs.zip
2014-12-20 01:27 - 2014-12-20 01:27 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-20 01:27 - 2014-12-20 01:27 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-20 01:04 - 2014-12-20 01:04 - 00000583 _____ () C:\WINDOWS\system32\MyDefrag.debuglog
2014-12-20 00:53 - 2014-12-20 10:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-12-20 00:53 - 2014-12-20 10:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Yahoo!
2014-12-20 00:53 - 2014-12-20 00:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
2014-12-20 00:46 - 2014-12-20 00:48 - 00000000 ____D () C:\Adobe_Flash_Player_Firefox_Mozilla_Opera_Chrome_64bit_v11
2014-12-19 12:33 - 2014-12-19 12:33 - 00000782 _____ () C:\Firefox  34.0.5.lnk
2014-12-19 12:24 - 2014-12-20 10:43 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-19 12:23 - 2014-12-19 12:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-18 23:31 - 2014-12-19 00:23 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-12-18 23:28 - 2014-12-19 12:23 - 00000000 ____D () C:\Program Files (x86)\Spybot S&D v
2014-12-18 19:57 - 2005-03-24 17:35 - 00232448 ____C (Eicon Networks) C:\Windows\System32\dllcache\xlog.exe
2014-12-18 19:57 - 2005-03-24 17:35 - 00214272 ____C (Microsoft) C:\Windows\System32\dllcache\yk51x64.sys
2014-12-18 19:56 - 2007-02-17 01:05 - 00024192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wstcodec.sys
2014-12-18 19:56 - 2007-02-17 01:04 - 00532480 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdmtpdr.dll
2014-12-18 19:56 - 2007-02-17 01:04 - 00202752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdmtp.dll
2014-12-18 19:56 - 2007-02-17 01:02 - 00119552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wceusbsh.sys
2014-12-18 19:56 - 2007-02-17 01:02 - 00080896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wiamsmud.dll
2014-12-18 19:56 - 2005-03-24 17:35 - 00097280 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdmtpus.dll
2014-12-18 19:56 - 2005-03-24 17:35 - 00093696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdconns.dll
2014-12-18 19:56 - 2005-03-24 17:35 - 00055808 ____C (S2io Inc.) C:\Windows\System32\dllcache\xenamd64.sys
2014-12-18 19:56 - 2005-03-24 17:35 - 00029696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdusb.sys
2014-12-18 19:56 - 2005-03-24 17:35 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmiacpi.sys
2014-12-18 19:56 - 2005-03-24 17:35 - 00015360 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdtrace.dll
2014-12-18 19:56 - 2005-03-24 17:35 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wshirda.dll
2014-12-18 19:56 - 2005-03-24 17:34 - 00128000 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wiafbdrv.dll
2014-12-18 19:56 - 2005-03-24 17:34 - 00114816 ____C (VIA Networking Technologies, Inc. ) C:\Windows\System32\dllcache\wetn5b64.sys
2014-12-18 19:56 - 2005-03-24 17:34 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wd.sys
2014-12-18 19:55 - 2007-02-17 01:01 - 00081920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\vfwwdm32.dll
2014-12-18 19:55 - 2007-02-17 01:01 - 00044032 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\vidcap.ax
2014-12-18 19:55 - 2007-02-17 01:00 - 00216320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00102912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00061440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\uliagpkx.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00058880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\uagp35.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00042496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbccid.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00026368 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbohci.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00042496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbser.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00038912 ____C (Promise Technology, Inc.) C:\Windows\System32\dllcache\ultra.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00036608 ____C (VIA Technologies, Inc.) C:\Windows\System32\dllcache\viairda.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00034432 ____C (ULi Electronics Inc.) C:\Windows\System32\dllcache\uli5261.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\viaide.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\toside.sys
2014-12-18 19:54 - 2007-02-17 00:55 - 00056320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\smb0w.dll
2014-12-18 19:54 - 2007-02-17 00:55 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sonyait.sys
2014-12-18 19:54 - 2005-03-24 17:34 - 00084992 ____C (LSI Logic) C:\Windows\System32\dllcache\symmpi.sys
2014-12-18 19:54 - 2005-03-24 17:34 - 00041984 ____C (LSI Logic) C:\Windows\System32\dllcache\symc8xx.sys
2014-12-18 19:54 - 2005-03-24 17:34 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\tandqic.sys
2014-12-18 19:54 - 2005-03-24 17:25 - 00039936 ____C (LSI Logic) C:\Windows\System32\dllcache\sym_u3.sys
2014-12-18 19:54 - 2005-03-24 17:25 - 00037376 ____C (LSI Logic) C:\Windows\System32\dllcache\sym_hi.sys
2014-12-18 19:54 - 2005-03-24 17:25 - 00028160 ____C (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\stcusb.sys
2014-12-18 19:54 - 2005-03-24 17:25 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\streamip.sys
2014-12-18 19:54 - 2005-03-24 17:24 - 00068608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\smb3w.dll
2014-12-18 19:54 - 2005-03-24 17:24 - 00046080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sm91w.dll
2014-12-18 19:54 - 2005-03-24 17:24 - 00043008 ____C (SiS Corporation) C:\Windows\System32\dllcache\sisnic.sys
2014-12-18 19:54 - 2005-03-24 17:24 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\slip.sys
2014-12-18 19:54 - 2005-03-24 17:24 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sonymc.sys
2014-12-18 19:54 - 2005-03-24 17:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\snyaitmc.sys
2014-12-18 19:53 - 2007-02-17 00:54 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\scsiscan.sys
2014-12-18 19:53 - 2007-02-17 00:53 - 00040576 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\sccmusbm.sys
2014-12-18 19:53 - 2007-02-17 00:51 - 00051200 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rndismpx.sys
2014-12-18 19:53 - 2007-02-17 00:51 - 00033792 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rasirda.sys
2014-12-18 19:53 - 2007-02-17 00:51 - 00032256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ramdisk.sys
2014-12-18 19:53 - 2007-02-17 00:50 - 00316928 ____C () C:\Windows\System32\dllcache\psisdecd.dll
2014-12-18 19:53 - 2007-02-17 00:50 - 00271872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ptpusd.dll
2014-12-18 19:53 - 2007-02-17 00:50 - 00025344 ____C (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\pscr.sys
2014-12-18 19:53 - 2007-02-17 00:50 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\qic157.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00094208 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rfcomm.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00059904 ____C (Realtek Semiconductor Corporation) C:\Windows\System32\dllcache\rtl39a64.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00044032 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\sccmn50m.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00037888 ____C (Realtek Semiconductor Corporation ) C:\Windows\System32\dllcache\rtl69a64.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00032256 ____C (SCM Microsystems) C:\Windows\System32\dllcache\scr111.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00031232 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\scmstcs.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00030720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sermouse.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\scsiprnt.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\seaddsmc.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\serscan.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00010240 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\rsmgrstr.dll
2014-12-18 19:53 - 2005-03-24 17:23 - 00057344 ____C () C:\Windows\System32\dllcache\psisrndr.ax
2014-12-18 19:52 - 2007-02-17 00:44 - 00944640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2psvc.dll
2014-12-18 19:52 - 2007-02-17 00:44 - 00505856 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2pgraph.dll
2014-12-18 19:52 - 2007-02-17 00:44 - 00161024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\phildec.sys
2014-12-18 19:52 - 2007-02-17 00:44 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\powerfil.sys
2014-12-18 19:52 - 2005-03-24 17:22 - 00135680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2pnetsh.dll
2014-12-18 19:52 - 2005-03-24 17:22 - 00132608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2pgasvc.dll
2014-12-18 19:52 - 2005-03-24 17:22 - 00077824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\pnrpnsp.dll
2014-12-18 19:52 - 2005-03-24 17:22 - 00013824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\pnrmc.sys
2014-12-18 19:51 - 2007-02-17 00:41 - 00124416 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\nv_agp.sys
2014-12-18 19:51 - 2007-02-17 00:39 - 00103680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\nabtsfec.sys
2014-12-18 19:51 - 2007-02-17 00:39 - 00062976 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstape.sys
2014-12-18 19:51 - 2007-02-17 00:39 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msircomm.sys
2014-12-18 19:51 - 2007-02-17 00:39 - 00008064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstee.sys
2014-12-18 19:51 - 2005-03-24 17:22 - 00186880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2p.dll
2014-12-18 19:51 - 2005-03-24 17:21 - 00185344 ____C (NVIDIA Corporation) C:\Windows\System32\dllcache\nvenet.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00042240 ____C (National Semiconductor Corporation) C:\Windows\System32\dllcache\nscirda.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ne2000.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00017408 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ndisip.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00014336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\nsmmc.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00005120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msmpu401.sys
2014-12-18 19:25 - 2007-02-17 00:38 - 00094720 ____C () C:\Windows\System32\dllcache\msdvbnp.ax
2014-12-18 19:25 - 2007-02-17 00:38 - 00071680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdv.sys
2014-12-18 19:25 - 2007-02-17 00:36 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ltotape.sys
2014-12-18 19:25 - 2007-02-17 00:35 - 00026112 ____C (Litronic Industries) C:\Windows\System32\dllcache\lit220p.sys
2014-12-18 19:25 - 2005-03-24 17:21 - 00036352 ____C (LSI Logic Corporation) C:\Windows\System32\dllcache\mraid35x.sys
2014-12-18 19:25 - 2005-03-24 17:21 - 00028672 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\modemcsa.sys
2014-12-18 19:25 - 2005-03-24 17:21 - 00023040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mpe.sys
2014-12-18 19:25 - 2005-03-24 17:21 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\miniqic.sys
2014-12-18 19:25 - 2005-03-24 17:20 - 00569344 ____C (Agere Systems) C:\Windows\System32\dllcache\ltmdm64.sys
2014-12-18 19:25 - 2005-03-24 17:20 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mammoth.sys
2014-12-18 19:25 - 2005-03-24 17:20 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\loop.sys
2014-12-18 19:24 - 2007-02-17 00:35 - 00138752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kswdmcap.ax
2014-12-18 19:24 - 2007-02-17 00:35 - 00088064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kstvtune.ax
2014-12-18 19:24 - 2005-03-24 17:20 - 00074752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ksxbar.ax
2014-12-18 19:23 - 2007-02-17 00:34 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbdjpn.dll
2014-12-18 19:23 - 2007-02-17 00:34 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbdkor.dll
2014-12-18 19:21 - 2007-02-17 00:31 - 00237056 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irftp.exe
2014-12-18 19:21 - 2007-02-17 00:31 - 00152576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irda.sys
2014-12-18 19:21 - 2007-02-17 00:31 - 00043008 ____C (SigmaTel, Inc.) C:\Windows\System32\dllcache\irstusb.sys
2014-12-18 19:21 - 2007-02-17 00:31 - 00034816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irsir.sys
2014-12-18 19:21 - 2005-03-24 17:20 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106.dll
2014-12-18 19:21 - 2005-03-24 17:20 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101c.dll
2014-12-18 19:21 - 2005-03-24 17:20 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd103.dll
2014-12-18 19:21 - 2005-03-24 17:20 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101b.dll
2014-12-18 19:21 - 2005-03-24 17:19 - 00070784 ____C (Intel Corporation) C:\Windows\System32\dllcache\ixg5132e.sys
2014-12-18 19:21 - 2005-03-24 17:19 - 00023552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ipsink.ax
2014-12-18 19:21 - 2005-03-24 17:19 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irmon.dll
2014-12-18 19:21 - 2005-03-24 17:19 - 00009216 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\intelide.sys
2014-12-18 19:19 - 2005-03-24 17:19 - 00048128 ____C (Intel Corp./ICP vortex GmbH) C:\Windows\System32\dllcache\iirsp.sys
2014-12-18 19:19 - 2005-03-24 17:18 - 01038048 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmnt5.sys
2014-12-18 19:19 - 2005-03-24 17:18 - 00885760 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmdd5.dll
2014-12-18 19:19 - 2005-03-24 17:18 - 00244992 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmdev5.dll
2014-12-18 19:19 - 2005-03-24 17:18 - 00136704 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmdnt5.dll
2014-12-18 19:19 - 2005-03-24 17:18 - 00055296 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmrnt5.dll
2014-12-18 19:18 - 2007-02-17 00:28 - 00385024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hpojwia.dll
2014-12-18 19:18 - 2007-02-17 00:28 - 00035840 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidbatt.sys
2014-12-18 19:18 - 2007-02-17 00:22 - 00061952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\gagp30kx.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 01080832 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsf_dp4.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00804352 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsfcnxt4.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00241664 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdaudio.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00236032 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsfbs4.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00080896 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdashcut.exe
2014-12-18 19:18 - 2005-03-24 17:18 - 00063872 ____C (VIA Networking Technologies, Inc. ) C:\Windows\System32\dllcache\get5a64.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00044544 ____C (Gemplus) C:\Windows\System32\dllcache\grserial.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00043008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidbth.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00037402 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsfc4.dll
2014-12-18 19:18 - 2005-03-24 17:18 - 00033280 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hpsjmcro.dll
2014-12-18 19:18 - 2005-03-24 17:18 - 00030720 ____C (Gemplus) C:\Windows\System32\dllcache\gpr400.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00028672 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdaprop.dll
2014-12-18 19:18 - 2005-03-24 17:18 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidir.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidgame.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00009728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hpt4qic.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00006144 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdaudres.dll
2014-12-18 19:17 - 2007-02-17 00:17 - 00182784 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00652288 ____C (AVM Berlin) C:\Windows\System32\dllcache\fpcibase.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00643072 ____C (AVM Berlin) C:\Windows\System32\dllcache\fpcmbase.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00232960 ____C (Intel Corporation) C:\Windows\System32\dllcache\e1g5132e.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00191744 ____C (Intel Corporation) C:\Windows\System32\dllcache\efe5b32e.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00103936 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucm.dll
2014-12-18 19:17 - 2005-03-24 17:17 - 00081408 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunib.dll
2014-12-18 19:17 - 2005-03-24 17:17 - 00081408 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuni.dll
2014-12-18 19:17 - 2005-03-24 17:17 - 00076800 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimg.dll
2014-12-18 19:17 - 2005-03-24 17:17 - 00062848 ____C (VIA Technologies, Inc. ) C:\Windows\System32\dllcache\fet5a64.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\elmsmc.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\exabyte2.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00491520 ____C (Eicon Networks) C:\Windows\System32\dllcache\diwansrv.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00462336 ____C (Eicon Networks) C:\Windows\System32\dllcache\dimaint.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00404480 ____C (Eicon Networks) C:\Windows\System32\dllcache\ditrace.exe
2014-12-18 19:17 - 2005-03-24 17:16 - 00045056 ____C (Eicon Networks) C:\Windows\System32\dllcache\disrvsu.dll
2014-12-18 19:17 - 2005-03-24 17:16 - 00038400 ____C (Eicon Networks) C:\Windows\System32\dllcache\disrvpp.dll
2014-12-18 19:17 - 2005-03-24 17:16 - 00035328 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\dpti2o.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00032768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4usb.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00023552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4prt.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4scan.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00013824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dlttape.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00006144 ____C (Eicon Networks) C:\Windows\System32\dllcache\disrvci.dll
2014-12-18 19:16 - 2007-02-17 00:09 - 00260096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\csamsp.dll
2014-12-18 19:16 - 2007-02-17 00:09 - 00031360 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\cmbp0wdm.sys
2014-12-18 19:16 - 2007-02-17 00:09 - 00021120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cmbatt.sys
2014-12-18 19:16 - 2007-02-17 00:09 - 00015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\compbatt.sys
2014-12-18 19:16 - 2005-03-24 17:16 - 00310784 ____C (Eicon Networks) C:\Windows\System32\dllcache\dicapi.sys
2014-12-18 19:16 - 2005-03-24 17:16 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ddsmc.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00096768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyzport.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00094720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyyport.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyycoins.dll
2014-12-18 19:16 - 2005-03-24 17:15 - 00036864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyzcoins.dll
2014-12-18 19:16 - 2005-03-24 17:15 - 00035328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyzports.dll
2014-12-18 19:16 - 2005-03-24 17:15 - 00034816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyyports.dll
2014-12-18 19:16 - 2005-03-24 17:15 - 00027136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyclad-z.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00024064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyclom-y.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00013824 ____C (CMD Technology, Inc.) C:\Windows\System32\dllcache\cmdide.sys
2014-12-18 19:15 - 2007-02-17 00:05 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ccdecode.sys
2014-12-18 19:15 - 2005-03-24 17:14 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\changer.sys
2014-12-18 01:19 - 2005-03-24 17:16 - 00023552 ____C (Eicon Networks Corporation) C:\Windows\System32\dllcache\diapi264.dll
2014-12-18 01:19 - 2005-03-24 17:12 - 00018432 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmc2064.dll
2014-12-18 01:16 - 2007-02-17 00:05 - 00320512 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthport.sys
2014-12-18 01:16 - 2007-02-17 00:05 - 00196608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthpan.sys
2014-12-18 01:16 - 2007-02-17 00:05 - 00065536 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthmodem.sys
2014-12-18 01:16 - 2007-02-17 00:05 - 00051200 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthprint.sys
2014-12-18 01:16 - 2007-02-17 00:05 - 00027648 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthenum.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00147456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\brmfcwia.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00082944 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmflpt.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00068608 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfusb.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00063488 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfrsmg.exe
2014-12-18 01:16 - 2005-03-24 17:14 - 00059904 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brserwdm.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00041984 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brparwdm.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00037376 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brevif.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00036352 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfbidi.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00035840 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brbidiif.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthusb.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bulltlp3.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00022016 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brfiltlo.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00019968 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brusbmdm.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00019456 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brusbscn.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00019456 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brcoinst.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00015360 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brserif.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00008192 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brfiltup.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00007168 ____C (Brother Industries,Ltd.) C:\Windows\System32\dllcache\brscnrsm.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00007168 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brparimg.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00006656 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brfilt.sys
2014-12-18 01:15 - 2007-02-17 00:03 - 00026112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bdaplgin.ax
2014-12-18 01:15 - 2007-02-17 00:03 - 00020864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bdasup.sys
2014-12-18 01:15 - 2007-02-17 00:03 - 00018816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\battc.sys
2014-12-18 01:15 - 2005-03-24 17:14 - 00480256 ____C (Broadcom Corporation) C:\Windows\System32\dllcache\bcmwl564.sys
2014-12-18 00:51 - 2014-12-18 00:51 - 00000000 ____D () C:\RegBackup
2014-12-18 00:50 - 2007-02-17 00:03 - 00067968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\avc.sys
2014-12-18 00:50 - 2007-02-17 00:03 - 00056320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\agp440.sys
2014-12-18 00:50 - 2007-02-17 00:02 - 00078080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\61883.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00264704 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinevxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00192768 ____C (AVM GmbH) C:\Windows\System32\dllcache\b1cbase.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00191488 ____C (Broadcom Corporation) C:\Windows\System32\dllcache\b57amd64.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00188416 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmcoxp.dll
2014-12-18 00:50 - 2005-03-24 17:12 - 00168960 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmenum.dll
2014-12-18 00:50 - 2005-03-24 17:12 - 00104960 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmcowan.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00101888 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinesxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00084992 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinraxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00080896 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinbtxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00073728 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atineuxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00040960 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinxbxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00036864 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinsnxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00036352 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativtmxx.dll
2014-12-18 00:50 - 2005-03-24 17:12 - 00033280 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativtmww.dll
2014-12-18 00:50 - 2005-03-24 17:12 - 00031744 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativmvxx.ax
2014-12-18 00:50 - 2005-03-24 17:12 - 00030720 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmunet.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00023552 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativmvww.ax
2014-12-18 00:50 - 2005-03-24 17:12 - 00022144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\avcstrm.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00020992 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinpdxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00020480 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinmdxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00018944 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinttxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00013824 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativdaxx.ax
2014-12-18 00:50 - 2005-03-24 17:12 - 00009728 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativdaww.ax
2014-12-18 00:50 - 2005-03-24 17:11 - 01127424 ____C (Agere Systems) C:\Windows\System32\dllcache\agrsm64.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00246784 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\adpu320.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00182272 ____C (Intel Corporation) C:\Windows\System32\dllcache\ac97intc.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00160256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\adpu160m.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00120832 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\aic78xx.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00117248 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\aic78u2.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00108032 ____C (Color Flatbed Scanner) C:\Windows\System32\dllcache\acerscad.dll
2014-12-18 00:50 - 2005-03-24 17:11 - 00093696 ____C (VIA Technologies, Inc.) C:\Windows\System32\dllcache\ac97via.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00062464 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\arc.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00059392 ____C (Adaptec, Inc ) C:\Windows\System32\dllcache\adptsf50.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00053248 ____C (AMD) C:\Windows\System32\dllcache\amdac97.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00031744 ____C (Advanced Micro Devices (AMD), Inc.) C:\Windows\System32\dllcache\amd64n5.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00018432 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\4mmdat.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00014336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\adicvls.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00009216 ____C (Acer Laboratories Inc.) C:\Windows\System32\dllcache\aliide.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\amdide.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00004608 ____C (Agere Systems) C:\Windows\System32\dllcache\agrsco64.dll
2014-12-18 00:39 - 2014-12-18 00:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-18 00:39 - 2014-12-18 00:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-12-17 23:47 - 2014-12-17 23:48 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Firefox Bookmarks Backup 17Nov14
2014-12-16 20:02 - 2014-12-31 08:57 - 00000000 ____D () C:\FRST
2014-12-15 21:55 - 2014-12-15 21:55 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-15 21:55 - 2014-12-15 21:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-12-15 11:15 - 2014-12-31 08:51 - 00000000 ____D () C:\AdwCleaner
2014-12-14 13:33 - 2014-12-14 13:33 - 00005100 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-12-14 13:30 - 2014-12-14 13:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-13 21:29 - 2014-12-13 21:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\LavasoftStatistics
2014-12-13 21:26 - 2014-12-13 21:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v4$
2014-12-13 21:01 - 2014-12-14 14:25 - 00000390 __RSH () C:\Documents and Settings\Administrator\ntuser.pol
2014-12-13 21:01 - 2014-12-13 21:01 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Add-in Express
2014-12-12 08:42 - 2014-12-13 21:12 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security Trace.evt
2014-12-12 08:42 - 2014-12-13 21:12 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security CEF.evt
2014-12-09 23:09 - 2014-12-20 13:09 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Calenders 2015
2014-12-03 15:51 - 2014-12-03 15:51 - 00003737 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 08:58 - 2012-01-19 14:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-31 08:53 - 2014-06-06 18:32 - 00000300 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-12-31 08:53 - 2009-05-29 06:01 - 00000159 _____ () C:\Documents and Settings\LocalService\wiadebug.log
2014-12-31 08:53 - 2009-05-29 06:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-31 08:51 - 2014-07-08 00:44 - 00762172 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-31 08:51 - 2009-05-29 06:01 - 00032652 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
2014-12-31 08:51 - 2009-05-29 06:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-12-31 08:51 - 2009-05-29 06:01 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-12-31 01:41 - 2013-04-26 15:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2014-12-31 01:34 - 2011-06-08 17:07 - 00000265 _____ () C:\Documents and Settings\Administrator\wiadebug.log
2014-12-31 01:06 - 2011-06-05 16:15 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\My Files
2014-12-31 00:22 - 2009-05-29 06:01 - 00001615 _____ () C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Remote Assistance.lnk
2014-12-30 23:31 - 2013-11-10 09:44 - 00000134 _____ () C:\Documents and Settings\Administrator\Desktop\Internet Explorer Troubleshooting.url
2014-12-30 12:02 - 2011-06-05 16:17 - 00000000 ____D () C:\Icons
2014-12-29 09:17 - 2011-12-08 15:03 - 00196608 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-12-29 08:43 - 2011-03-18 13:31 - 00000000 ____D () C:\Program Files (x86)\WindowsCare v2.7
2014-12-28 15:32 - 2009-05-29 05:50 - 00000000 ____D () C:\Program Files (x86)\MSN
2014-12-27 15:15 - 2014-11-20 11:55 - 00003721 _____ () C:\- Drive Index 113014.txt
2014-12-27 12:35 - 2007-02-18 07:00 - 00013736 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-26 13:22 - 2009-06-19 12:52 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-12-23 22:03 - 2013-05-05 01:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-12-22 17:13 - 2009-05-29 07:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-12-20 10:25 - 2014-07-08 00:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Calenders 2014
2014-12-20 01:19 - 2012-03-25 20:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-20 01:18 - 2011-08-02 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-12-20 00:48 - 2009-05-29 07:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-12-19 15:58 - 2014-06-19 14:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 15:56 - 2009-05-29 06:01 - 00000000 ___SD () C:\Documents and Settings\NetworkService
2014-12-19 15:56 - 2009-05-29 06:01 - 00000000 ___SD () C:\Documents and Settings\LocalService
2014-12-19 12:33 - 2014-05-27 19:42 - 00000788 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-19 12:33 - 2014-05-27 19:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-19 11:26 - 2011-01-08 13:16 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-12-17 23:44 - 2014-11-04 10:52 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Firefox Bookmarks Backup 04Nov14
2014-12-15 08:47 - 2013-04-26 10:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\WindowsShell.Manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\wuaucpl.cpl.manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\sapi.cpl.manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\nwc.cpl.manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\ncpa.cpl.manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\cdplayer.exe.manifest
2014-12-13 21:26 - 2009-05-29 01:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\mui
2014-12-13 21:26 - 2009-05-29 01:35 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-12-13 21:21 - 2009-05-29 01:42 - 00716606 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-13 21:14 - 2014-10-28 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
2014-12-13 21:12 - 2014-10-28 10:44 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security.evt
2014-12-12 09:13 - 2014-06-06 18:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-12 09:13 - 2014-06-06 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-12-12 09:13 - 2014-06-06 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-12-08 19:20 - 2014-10-28 11:26 - 00354520 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2014-12-08 19:20 - 2014-10-28 11:26 - 00286424 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2014-12-02 20:44 - 2014-11-11 14:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2014-12-02 20:44 - 2012-05-20 16:13 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-02 20:44 - 2010-10-12 10:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-12-01 11:21 - 2009-05-29 01:35 - 00000000 ____D () C:\WINDOWS\Help

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================


  • 0

#37
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

I don't know the reason, but I didn't get the vgx.dll.000 error message when I tried to reinstall IE8 today (so I could try to tell you when the error message appears). I did a search of vgx.dll which produced a number of files in the results but a search for vgx.dll.000 produced no results.  I only remember that the vgx error message didn't appear in the very beginning of the reinstall, and then the reinstall wouldn't go any further.  I removed Internet Explorer 8 (DEP) today using Add/Remove programs, and Add/Remove Programs doesn't list IE8 as installed on my pc but the folder is still located in "C:\Program Files (x86)\Internet Explorer" and I can't just delete it.  Also, when I try to install IE8, a message says that it needs to uninstall a previous IE8 installation.  It's a little confusing.

 

These are screenshots (attached) are of my attempt to reinstall IE8 x64 today in the order of when they happened.

Attached Thumbnails

  • 1 ie8 x64 install 1.JPG
  • 2 ie8 x64 install 2.jpg
  • 3 ie8 x64 install 3.JPG
  • 4 ie8 x64 install 4.jpg
  • 5 ie8 x64 install 5.jpg
  • 6 Internet Options, Admin Toolsjpg.jpg
  • 7 vgx.dll search.JPG
  • 8 using Add-Remove Programs.jpg
  • 9 C-Program Files (x86)-Internet Explorer.JPG

  • 0

#38
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Hi Denisejm,

Thank you for the images! It appears that there is something in your system that keeps putting back the Internet Explorer restriction. Let's nuke the pest.  :alarm:

  • Step 1

    Download ComboFix by sUBs to your desktop from one of the following locations:

    'Link 1'
    'Link 2'
    • Disable all of your security applications. If you need instructions on how to do so, please follow 'this' guide.
    • Double-click on ComboFix.exe. Agree to the disclaimer by choosing I Agree. If it requests to update, allow it.
    • ComboFix will begin extracting its files.
    • Once done, a blue command prompt box will appear. Wait for it to finish.
    • ComboFix will reboot your system. If it does not, please do so.
    • Once you are back to your desktop, ComboFix will initialize a follow-up scan.
    • When finished, a log will pop-up. Alternatively, you can find it at C:\ComboFix.txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Notes:
    • Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    • Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
  • Step 2

    Download 'TDSSKiller by Kaspersky Lab ZAO' and save it to your desktop.
    • Double-click TDSSKiller.exe to run it. It will ask for administrator privileges.
    • Kindly read and Accept the next two prompts.
    • Click Start Scan to begin the scan.
      • If an infected file is detected, the default action will be Cure, click on Continue.
      • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. If so, click on Reboot Now. If not, click Close.
    • The log will be made available at C:\TDSSKiller.*_*_*_log.txt. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • ComboFix.txt (ComboFix)
    • TDSSKiller.*_*_*_log.txt (TDSSKiller)

  • 0

#39
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

00:27:25.0093 0x0a80  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
00:27:31.0140 0x0a80  ============================================================
00:27:31.0140 0x0a80  Current date / time: 2015/01/03 00:27:31.0140
00:27:31.0140 0x0a80  SystemInfo:
00:27:31.0140 0x0a80  
00:27:31.0140 0x0a80  OS Version: 5.2.3790 ServicePack: 2.0
00:27:31.0140 0x0a80  Product type: Workstation
00:27:31.0140 0x0a80  ComputerName: KINGKONG
00:27:31.0140 0x0a80  UserName: Administrator
00:27:31.0140 0x0a80  Windows directory: C:\WINDOWS
00:27:31.0140 0x0a80  System windows directory: C:\WINDOWS
00:27:31.0140 0x0a80  Running under WOW64
00:27:31.0140 0x0a80  Processor architecture: Intel x64
00:27:31.0140 0x0a80  Number of processors: 4
00:27:31.0140 0x0a80  Page size: 0x1000
00:27:31.0140 0x0a80  Boot type: Normal boot
00:27:31.0140 0x0a80  ============================================================
00:27:31.0296 0x0a80  KLMD registered as C:\WINDOWS\system32\drivers\17959694.sys
00:27:31.0359 0x0a80  System UUID: {9D729C19-710F-2DDA-D0DB-4B995CBFF4FF}
00:27:31.0843 0x0a80  Drive \Device\Harddisk4\DR4 - Size: 0xE8E0CADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
00:27:31.0843 0x0a80  Drive \Device\Harddisk5\DR5 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
00:27:31.0843 0x0a80  Drive \Device\Harddisk6\DR6 - Size: 0xE8E0CADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
00:27:31.0859 0x0a80  Drive \Device\Harddisk7\DR7 - Size: 0xE8E0CADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
00:27:31.0890 0x0a80  Drive \Device\Harddisk8\DR8 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
00:27:31.0906 0x0a80  Drive \Device\Harddisk9\DR9 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
00:27:31.0906 0x0a80  Drive \Device\Harddisk10\DR10 - Size: 0x1D1C100DE00 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
00:27:31.0906 0x0a80  Drive \Device\Harddisk11\DR11 - Size: 0xE8E0CADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
00:27:31.0906 0x0a80  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
00:27:31.0906 0x0a80  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
00:27:31.0906 0x0a80  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
00:27:31.0906 0x0a80  Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
00:27:31.0921 0x0a80  ============================================================
00:27:31.0921 0x0a80  \Device\Harddisk4\DR4:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
00:27:31.0921 0x0a80  \Device\Harddisk5\DR5:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
00:27:31.0921 0x0a80  \Device\Harddisk6\DR6:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
00:27:31.0921 0x0a80  \Device\Harddisk7\DR7:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk7\DR7\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
00:27:31.0921 0x0a80  \Device\Harddisk8\DR8:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk8\DR8\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
00:27:31.0921 0x0a80  \Device\Harddisk9\DR9:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk9\DR9\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
00:27:31.0921 0x0a80  \Device\Harddisk10\DR10:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk10\DR10\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
00:27:31.0921 0x0a80  \Device\Harddisk11\DR11:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk11\DR11\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
00:27:31.0921 0x0a80  \Device\Harddisk0\DR0:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF
00:27:31.0921 0x0a80  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C7EE, BlocksNum 0x702A91D3
00:27:31.0921 0x0a80  \Device\Harddisk1\DR1:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
00:27:31.0921 0x0a80  \Device\Harddisk2\DR2:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
00:27:31.0921 0x0a80  \Device\Harddisk3\DR3:
00:27:31.0921 0x0a80  MBR partitions:
00:27:31.0921 0x0a80  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
00:27:31.0921 0x0a80  ============================================================
00:27:31.0937 0x0a80  C: <-> \Device\Harddisk0\DR0\Partition1
00:27:31.0953 0x0a80  D: <-> \Device\Harddisk0\DR0\Partition2
00:27:32.0421 0x0a80  E: <-> \Device\Harddisk10\DR10\Partition1
00:27:32.0421 0x0a80  G: <-> \Device\Harddisk2\DR2\Partition1
00:27:32.0437 0x0a80  I: <-> \Device\Harddisk4\DR4\Partition1
00:27:32.0453 0x0a80  J: <-> \Device\Harddisk11\DR11\Partition1
00:27:32.0468 0x0a80  H: <-> \Device\Harddisk6\DR6\Partition1
00:27:32.0500 0x0a80  L: <-> \Device\Harddisk8\DR8\Partition1
00:27:32.0500 0x0a80  N: <-> \Device\Harddisk5\DR5\Partition1
00:27:32.0515 0x0a80  M: <-> \Device\Harddisk7\DR7\Partition1
00:27:32.0562 0x0a80  F: <-> \Device\Harddisk1\DR1\Partition1
00:27:32.0578 0x0a80  K: <-> \Device\Harddisk3\DR3\Partition1
00:27:32.0593 0x0a80  Z: <-> \Device\Harddisk9\DR9\Partition1
00:27:32.0593 0x0a80  ============================================================
00:27:32.0593 0x0a80  Initialize success
00:27:32.0593 0x0a80  ============================================================
00:27:38.0937 0x0a90  ============================================================
00:27:38.0937 0x0a90  Scan started
00:27:38.0937 0x0a90  Mode: Manual;
00:27:38.0937 0x0a90  ============================================================
00:27:38.0937 0x0a90  KSN ping started
00:27:39.0328 0x0a90  KSN ping finished: true
00:27:39.0593 0x0a90  ================ Scan system memory ========================
00:27:39.0593 0x0a90  System memory - ok
00:27:39.0593 0x0a90  ================ Scan services =============================
00:27:39.0656 0x0a90  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:27:39.0656 0x0a90  !SASCORE - ok
00:27:39.0781 0x0a90  Abiosdsk - ok
00:27:39.0828 0x0a90  [ 0CC42D1FB637112DE6F6196DDAF83DEC, C554152C72102E4FEB1B712CC46CEC95C09ED1C2A822B7C1C0E10123016E68D3 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:27:39.0828 0x0a90  ACPI - ok
00:27:39.0843 0x0a90  [ A4D4F508BC6613442B0C32CDE443E382, 17D804FC5846CBBC9C35113DEC6A8BFD8C07848522C6394F26E9BFA8A9EA80CA ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
00:27:39.0843 0x0a90  ACPIEC - ok
00:27:39.0843 0x0a90  adpu160m - ok
00:27:39.0859 0x0a90  adpu320 - ok
00:27:39.0890 0x0a90  [ 92500BC3A6E241BBC357F532DD500A75, FE14096E9F3DA851092D43EB58AA89C69235456768EA6D0CB9BCFE655FCA90CD ] aec             C:\WINDOWS\system32\drivers\aec.sys
00:27:39.0890 0x0a90  aec - ok
00:27:39.0906 0x0a90  [ AC7010DDE9111A1C65D7391ADA5C7257, 8F28866AC9F10C377A401A9E7F6E50106DA72967E8C4F65D641B6AACEF7D2FD5 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
00:27:39.0906 0x0a90  AeLookupSvc - ok
00:27:39.0953 0x0a90  [ F0E008AC59FAA5ECD22C8891B3300378, ABDF0794591793458EF59D5749459E9D75CF2C166F1BC54FC4EA69A767715EED ] AFD             C:\WINDOWS\System32\drivers\afd.sys
00:27:39.0953 0x0a90  AFD - ok
00:27:39.0953 0x0a90  aic78u2 - ok
00:27:39.0968 0x0a90  aic78xx - ok
00:27:39.0984 0x0a90  [ 2D21FF6D4CD30E679F1A294D5BA3D97B, 9202A43243E48CDF1274A63D09FAC5591835D59F488F06C811D47A8DF965391F ] ALG             C:\WINDOWS\System32\alg.exe
00:27:39.0984 0x0a90  ALG - ok
00:27:40.0000 0x0a90  AliIde - ok
00:27:40.0078 0x0a90  [ AC75C8BDF6251E117FED0F8EC0E10D17, F5253C18799BE3F4E126D359FEA1892A9A12B7E6FC8716CF8ADC4A0EB405382A ] Ambfilt64       C:\WINDOWS\system32\drivers\Ambft64.sys
00:27:40.0125 0x0a90  Ambfilt64 - ok
00:27:40.0140 0x0a90  AmdIde - ok
00:27:40.0203 0x0a90  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:27:40.0203 0x0a90  AntiVirSchedulerService - ok
00:27:40.0234 0x0a90  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:27:40.0250 0x0a90  AntiVirService - ok
00:27:40.0296 0x0a90  [ 051A7A9C035BBAB779E2C96E65C32600, 22B9FB02A24A64F8CD2C99BAA3AC0CD4ABD42FBAD495EBB2CE24504A1E44A184 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
00:27:40.0312 0x0a90  AntiVirWebService - ok
00:27:40.0328 0x0a90  [ 4542CC17440E85D2D2D73A7D40FAED0A, F157F9A137DEACFC5A1A982265F5CE05A79C0CF8F13291773E2351BEFCB94E08 ] Apowersoft_AudioDevice C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys
00:27:40.0328 0x0a90  Apowersoft_AudioDevice - ok
00:27:40.0359 0x0a90  [ 4F6B2DE8BC199C542F174844BB64485A, 6DCB098F5B0EBB188554E2B1415C1FF22D2FCFFA49A505A81933E812039DFBBF ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
00:27:40.0359 0x0a90  AppMgmt - ok
00:27:40.0359 0x0a90  arc - ok
00:27:40.0390 0x0a90  [ FDA73C1ECD1EC4F366FF0AB85ABF816D, 5A1125D2E75CACF75C70988B2A21E0110ED050FF9FB052E9B56822C10253FE0A ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:27:40.0390 0x0a90  Arp1394 - ok
00:27:40.0421 0x0a90  Aspi32 - ok
00:27:40.0484 0x0a90  [ F9F0F095586009E5DA0C32E648AA99FA, DBF3F49B62A13FF5DA1189665F1E41FE51F1A4AEEF24ECD793F6D68753BEBA25 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
00:27:40.0484 0x0a90  aspnet_state - ok
00:27:40.0500 0x0a90  [ 340B0467E98A8C92697D73034DB4BCB7, 342572B566747A05DA5391CFC027A6703AECCE29C3D288428884D8641A35D0F5 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
00:27:40.0500 0x0a90  aswHwid - ok
00:27:40.0515 0x0a90  [ 7380ACDD2D8E6621392E56D9A0467FE4, A364874276B85EC7E338A336ACC3427B7C6EFC6DA7F835580A31883A7B16E8F1 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:27:40.0515 0x0a90  AsyncMac - ok
00:27:40.0546 0x0a90  [ 7A1814D0D112F50F828E25557A1ED29F, 2A85B602D5087A27736A2BBE71FDA372E9B843539C10AFF3C4A0A8A9784408FE ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
00:27:40.0546 0x0a90  atapi - ok
00:27:40.0546 0x0a90  Atdisk - ok
00:27:40.0609 0x0a90  [ 3C882CF5C5E76F54ECE93ADA51F55842, 2D5D843F5DDDC886F403C1AED4EA7F78A7B70E761118FCBDBBF5F9B39F88E3E0 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
00:27:40.0640 0x0a90  Ati HotKey Poller - ok
00:27:40.0875 0x0a90  [ 7B5D98845ABC01B96579D8D712831A40, 9F4AFE24A29D71C207D5E66F8CF7C0BAA45D0D984C6FBA74EF453A1FF3E2838C ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:27:41.0078 0x0a90  ati2mtag - ok
00:27:41.0109 0x0a90  [ 62D65FCE5695B53A2DDF92E83111EA06, EA309ED82765593D1A1762DE62226647BF873524A780F000883B3F2382215622 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:27:41.0109 0x0a90  Atmarpc - ok
00:27:41.0140 0x0a90  [ 0DA015AB1EE54988572CFC4B7644556A, AD282873A3917A0DB5FF3C6C91877F6607CDDE1F752712E7E7C6B9F7EB4B062F ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
00:27:41.0140 0x0a90  AudioSrv - ok
00:27:41.0156 0x0a90  [ 1437089F59DBA75FEE4ED959077A938E, 9063F1BF7D018961894172E7F63D7295BD2A4F1A24255F89905810AB756626AD ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
00:27:41.0156 0x0a90  audstub - ok
00:27:41.0171 0x0a90  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
00:27:41.0171 0x0a90  avgntflt - ok
00:27:41.0187 0x0a90  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
00:27:41.0187 0x0a90  avipbb - ok
00:27:41.0234 0x0a90  [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
00:27:41.0234 0x0a90  Avira.OE.ServiceHost - ok
00:27:41.0250 0x0a90  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
00:27:41.0250 0x0a90  avkmgr - ok
00:27:41.0265 0x0a90  [ 8BA2E5CDFDE406DC4646AFB894804844, DB043993312412262AD89111E3CFE3B21A4F85E356D71F1353E38052ACC4DED4 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
00:27:41.0265 0x0a90  Beep - ok
00:27:41.0296 0x0a90  [ 749C15323919984A6E08BAD427D89936, FA23F2813EA95B91831CAB9EA58C6573F11ED5175ABD89BB1752C59E4F2C9E12 ] BITS            C:\WINDOWS\system32\qmgr.dll
00:27:41.0312 0x0a90  BITS - ok
00:27:41.0343 0x0a90  [ 982563CF02CD6D4E5D8E0F4B5CBB9B6A, 2A793288E8EED0C656E62D53FB538F9CE9B65B7666370D406F5BC34DB7CD3472 ] CdaC15BA        C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
00:27:41.0343 0x0a90  CdaC15BA - ok
00:27:41.0343 0x0a90  [ 9067D96899D98CA4535A76E8C8B2E3A5, 9B1F9F69B5BC3F519F1A7F191AE0440F1DD33E405396C4214AE565E913C1D41C ] CdaD10BA        C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
00:27:41.0343 0x0a90  CdaD10BA - ok
00:27:41.0375 0x0a90  [ 4D99E36322FB51A8D1B2B6D6B69D9889, ADD7675C57EE2576AB3D79B3C6DCA9284BC1D75728D89842DE871C08B1BCE455 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
00:27:41.0375 0x0a90  Cdfs - ok
00:27:41.0390 0x0a90  [ 11663FE50E499FFEE77979542B285F38, F19E6270B6C548BDBFE5FE1A001AD50BFEBA330415BB742FB8C912E9AF33C860 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:27:41.0390 0x0a90  Cdrom - ok
00:27:41.0390 0x0a90  Changer - ok
00:27:41.0406 0x0a90  [ 46C54F209031AFA0F100D0703FC346DA, 5E122FDAC6FB1DBB71A65EE81FD6F65D326B4C465C9311A54B190AFE111BB9A2 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
00:27:41.0406 0x0a90  CiSvc - ok
00:27:41.0421 0x0a90  [ 74F11D0323666D9F615A2D3692590122, EBF245F1FCDEBF8FF25179D1D606235CB216855323D33246C868D36BD2143506 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
00:27:41.0421 0x0a90  ClipSrv - ok
00:27:41.0468 0x0a90  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:27:41.0531 0x0a90  clr_optimization_v2.0.50727_32 - ok
00:27:41.0546 0x0a90  [ FA58B51ED71C9133E141164EAA7C54EB, 36310620185E43149A5CACFC9E26D3F322D7E5A958024885232F1AC0A5AA5C0D ] clr_optimization_v2.0.50727_64 C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:27:41.0562 0x0a90  clr_optimization_v2.0.50727_64 - ok
00:27:41.0609 0x0a90  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:27:41.0609 0x0a90  clr_optimization_v4.0.30319_32 - ok
00:27:41.0640 0x0a90  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:27:41.0640 0x0a90  clr_optimization_v4.0.30319_64 - ok
00:27:41.0640 0x0a90  CmdIde - ok
00:27:41.0687 0x0a90  [ D62ACABD756469F03072A90B148A95BE, AB139D8167038AE0FF5CE328A2CACBCA6CDC3C07DB5BB90DB2DC0BF425F65138 ] Common Toolkit 2 C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe
00:27:41.0703 0x0a90  Common Toolkit 2 - ok
00:27:41.0703 0x0a90  COMSysApp - ok
00:27:41.0750 0x0a90  [ 3CA734CE373E5675FBC15CA2C45228E5, A6C6E9FABDE5EA18D266DB71C0CC6B51D682116D1898CCB4E9BA730F15C44B32 ] cpudrv64        C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
00:27:41.0750 0x0a90  cpudrv64 - ok
00:27:41.0765 0x0a90  [ 423F7A6E3AF4C2A73C8C8AD945F72CBA, D552491C3874B60859E278EE11F5A1DE15E16C2B58CE7B6E473A0311BB6D996D ] crcdisk         C:\WINDOWS\system32\DRIVERS\crcdisk.sys
00:27:41.0765 0x0a90  crcdisk - ok
00:27:41.0796 0x0a90  [ 8B0B3744C60936ACAE31012799DB3982, D4A85362ABDCD874A79F65911A7DA76122D00BD53E47AEBFC58C0FFB7E99BC0B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
00:27:41.0796 0x0a90  CryptSvc - ok
00:27:41.0843 0x0a90  [ 8830EF3E7DDB479F00113A5B59B6F601, C710896F146914EF19D591C3BB336DC3488CF38A6CDCD01E78540916C77F7A26 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
00:27:41.0875 0x0a90  DcomLaunch - ok
00:27:41.0890 0x0a90  [ DE4C841DDA8D5800515A5CA908580A36, B1B92BD9D611A7E6EC00D6970602FDDAE563EC99A810CF2404AB1A42F8AB41A8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
00:27:41.0906 0x0a90  Dhcp - ok
00:27:41.0906 0x0a90  [ 417D7B9C6F36685A417E54690F8BD7B2, AB8EF8885BCB7667624DB06A2B50582FF3AE5FDFF7A8BD410CEE2FA326B161B0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
00:27:41.0906 0x0a90  Disk - ok
00:27:41.0921 0x0a90  dmadmin - ok
00:27:41.0953 0x0a90  [ 19D704C92C2E2BD4DC99DB18A3523918, 0905E497E14AB2CB3A00C6C35BCB9BB9E0635AB09B632F8B95D29B80EC5A4E4A ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
00:27:41.0968 0x0a90  dmboot - ok
00:27:41.0984 0x0a90  [ B293CE1C9243219F6B9E5DBCAA75B962, F01F0F949D4FD82BA8CA0E17A76CC05EF9FF90F6E425A297453B78C8D1D43494 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
00:27:41.0984 0x0a90  dmio - ok
00:27:42.0000 0x0a90  [ C294E31D6CB7407A43C96EC1FEC1F8A4, 62F2E5A2B4FA04416EA58E9D525B482BFF6753FBD2378B17B0438527156032B0 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
00:27:42.0000 0x0a90  dmload - ok
00:27:42.0015 0x0a90  [ 76F7E7922F428BE040F800920BB8FF3B, 71C4C0ECEFE3DFED359891F855F86B18142B8D5F432F08F4D77A32E166F14BF6 ] dmserver        C:\WINDOWS\System32\dmserver.dll
00:27:42.0031 0x0a90  dmserver - ok
00:27:42.0031 0x0a90  [ 551D4D8CEB91D5B5066222A16C747609, 908621992704D45F9F19F7D08ACC563DCBB211EC147485C1E2539B5F13735A79 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
00:27:42.0031 0x0a90  Dnscache - ok
00:27:42.0046 0x0a90  dpti2o - ok
00:27:42.0062 0x0a90  [ B063A36E4E027A9DBE2B019EBBBEAE86, DA2BA66D9C610B03D973C6747C5FBA34F2582AE9BE9F6162816F455694306E37 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
00:27:42.0062 0x0a90  ERSvc - ok
00:27:42.0078 0x0a90  [ 3B32CAA07D672F8A2E0DF5CB3A873F45, 09687E30FA5779C3593769D66CAEBED95C932746EDD6E83DABE3DCFD126AB5EC ] EsgScanner      C:\WINDOWS\system32\DRIVERS\EsgScanner.sys
00:27:42.0078 0x0a90  EsgScanner - ok
00:27:42.0109 0x0a90  [ D255E0DDB63A6223BFD8057266380017, 89E5C9413612700C119BCC7CED69425C3E7D21D51CC1E2C397FCF6342AC977FF ] Eventlog        C:\WINDOWS\system32\services.exe
00:27:42.0109 0x0a90  Eventlog - ok
00:27:42.0140 0x0a90  [ 3CDFF4AB6CF70B9C687A7BD0517283DA, 716A917C7A2B9B314F006CF6FA23A2EC4E42DC74CC479A5C584368203C0AAD96 ] EventSystem     C:\WINDOWS\system32\es.dll
00:27:42.0140 0x0a90  EventSystem - ok
00:27:42.0156 0x0a90  [ 7C713B9F6F968F135D3D819492882CDD, 07F05A9240603B1B0C1845ABDA4188BE591CF3BC8784D88146B953895DF2F905 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
00:27:42.0171 0x0a90  Fastfat - ok
00:27:42.0171 0x0a90  [ 7E35D423FF10AB5B8AF1D3DE86236690, 27976CA874C7FAC2CD6B0ABD4C3278B42FE96CFE15B621CE80923A2A5E6DA38D ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
00:27:42.0171 0x0a90  Fdc - ok
00:27:42.0187 0x0a90  [ 73EA9000F8FB2E060954EB7C3377A3C7, 2B9EB0C4904019B5E404F5A47028E2F16A375C4F67420CE3647D9132D362ABF3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
00:27:42.0187 0x0a90  Fips - ok
00:27:42.0203 0x0a90  [ 8AC77974378EAC3548330951A5DEEEBF, 1C0B7338E8F00E1915E1CDC265FD7249548DDD949106A5CE451A6CAE3FABE2FD ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:27:42.0203 0x0a90  Flpydisk - ok
00:27:42.0218 0x0a90  [ 087DB260F98056AC40261ACAE4240882, 9583DECB2631425BA470256A970B305949AA2C95A232F51D498A1ADF70A5948C ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
00:27:42.0234 0x0a90  FltMgr - ok
00:27:42.0265 0x0a90  [ 8A4DCD28D2BE12946F6D5D308B0942A6, 92956D815C4C63AA1886AB26AEDBCBBBB352D56AAD7081FC0AADFAE5B956241B ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
00:27:42.0265 0x0a90  FontCache3.0.0.0 - ok
00:27:42.0265 0x0a90  [ 70DF80567A55A97894B4E8952EC5E7FC, C0AB4711F3755D84F3C419FED5F8D9AA9A3337B7F1F147F84D4A54073DD27914 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:27:42.0265 0x0a90  Fs_Rec - ok
00:27:42.0281 0x0a90  [ E90AA7C073519DD8571670818CB85CCB, 5474D20C1355AD986B7A43B21D0069C94C31254426C9A4F33ABCDE6A34C0580C ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:27:42.0281 0x0a90  Ftdisk - ok
00:27:42.0296 0x0a90  [ 46E2828BCA26B31FA5A1DD4D84DF633D, CB10B020D60B24543AA25AFD006B2DD13EF8F4762CBB5BDFF96D8223FD2083BA ] gdrv            C:\WINDOWS\gdrv.sys
00:27:42.0312 0x0a90  gdrv - ok
00:27:42.0312 0x0a90  [ 865D4D0B4E3730EF8040000CFB846D9F, E5F4BB59A16AF2E984615F57B1F6E552F2D5BF2E248ED993D8A4B20F06B41DCD ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:27:42.0312 0x0a90  Gpc - ok
00:27:42.0328 0x0a90  [ D36E47728CDBC8D17A77D36A6CBC29BB, F24FBB4C773C330A0F040833745C3B66ED203AFB913C9614EF5A33989BD1E576 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:27:42.0328 0x0a90  HDAudBus - ok
00:27:42.0359 0x0a90  [ 40E274B64843813A81C42687592339D7, 90C3262F6F809543A5B00B0ED7AC0A71821BEAB68C955451470CF4BED0E930D5 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:27:42.0359 0x0a90  helpsvc - ok
00:27:42.0359 0x0a90  [ 9648AD494BE12B39ACC2DB638E2340A0, 5606D26B37E26AC50A66E068DCAA4F897EADD1EE9DF49C8A28490F28646DA8BB ] HidServ         C:\WINDOWS\System32\hidserv.dll
00:27:42.0359 0x0a90  HidServ - ok
00:27:42.0390 0x0a90  [ F32BEC5614A61BBB2BEDE070D279F88B, B9CA32159CFBF658F412C77BF175BFC2E8209A32947F7C4BB251AD2A76D81759 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:27:42.0390 0x0a90  hidusb - ok
00:27:42.0421 0x0a90  [ 2138F3FD8F0658ADEF14C6E5870FE1E9, 18CA58FB6765CDBCDFE05E78C9C7F43AD4760046AA62403B9013E0CA21FF591B ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
00:27:42.0437 0x0a90  HTTP - ok
00:27:42.0453 0x0a90  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] HTTPFilter      C:\WINDOWS\System32\lsass.exe
00:27:42.0453 0x0a90  HTTPFilter - ok
00:27:42.0453 0x0a90  i2omgmt - ok
00:27:42.0468 0x0a90  [ 50FD608643D9B56C4C75C0784513F77E, 676229455643781D79F421B986CCCAA14F861492B66C7225AE1347881E561777 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:27:42.0468 0x0a90  i8042prt - ok
00:27:42.0500 0x0a90  IASJet - ok
00:27:42.0546 0x0a90  [ 501CF65702D7F64C38DB360F7EB07ADC, D4EC76EC74B6A79D06CD14C75ABC82ED1931CF5EF393BBCADA40FCC78FA9BD6D ] idsvc           C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:27:42.0578 0x0a90  idsvc - ok
00:27:42.0578 0x0a90  iirsp - ok
00:27:42.0593 0x0a90  [ D2E541613B72FF9FCEDF37B166930706, CF3985DCD3EABEF8B972664C0F22C6A42E2C3F3A3572EC391D083B7E76A00455 ] imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
00:27:42.0593 0x0a90  imapi - ok
00:27:42.0625 0x0a90  [ 9014C144CD95EEE1F5884664A4BFB4D8, B8E6D6509C11B080558AF72377D4373E5D363979D3B0FE832E3B41D20870ACFE ] ImapiService    C:\WINDOWS\system32\imapi.exe
00:27:42.0625 0x0a90  ImapiService - ok
00:27:42.0625 0x0a90  InCDFs - ok
00:27:42.0640 0x0a90  InCDPass - ok
00:27:42.0640 0x0a90  InCDRm - ok
00:27:42.0843 0x0a90  [ 26338A01DA139D4CA51E0FEC3B0A4342, 6AE8AEADF927D50E6DD64307EE6D5AD9ECE06402FF8CBDC6AF44C082DB8A6C81 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKHDA64.SYS
00:27:42.0984 0x0a90  IntcAzAudAddService - ok
00:27:43.0000 0x0a90  IntelIde - ok
00:27:43.0000 0x0a90  [ F8DEF5F83DEF3D1EE89BC851BFB6A886, FECFE1FE36877441956C1DBD96A46A946CB5EC2744A8B3D6252548196A2CA8DC ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:27:43.0000 0x0a90  intelppm - ok
00:27:43.0015 0x0a90  [ 6601A43EE389D0ADB11AAEDE9A98036B, 0CE5143CC0FFFC7CAAF083A54227010137E00E97876C4D9BC898C4B7320F8DF6 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
00:27:43.0031 0x0a90  Ip6Fw - ok
00:27:43.0046 0x0a90  [ 1B1B4654A5492A42D2E1BF5B2B22D32B, 17BE92DEE96967788F35DCB4BA325D6411230B55214F5895D27F5DDC2B12544C ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:27:43.0046 0x0a90  IpFilterDriver - ok
00:27:43.0046 0x0a90  IpInIp - ok
00:27:43.0062 0x0a90  [ 088ECB04137DF1F52EC10C29D57A8CCA, E1A581047C1DA3F51950FA54B51AEADEA2A41EF8189F31CCBE7638B376024E36 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:27:43.0062 0x0a90  IpNat - ok
00:27:43.0093 0x0a90  [ DB841EC6F027C780002EF47AABFDDF86, 59CF682AC2C3908495BF8791CE545095E931D1D2CEE71E9D33A7DD2FA0D31015 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:27:43.0093 0x0a90  IPSec - ok
00:27:43.0109 0x0a90  [ 8B7015EA0171242CCA03C2FB48CCC771, 9CC5BB9492751CC1829E87B17964F2A6BCCB2EB448145998881E31330970FF8D ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
00:27:43.0109 0x0a90  IRENUM - ok
00:27:43.0125 0x0a90  [ D994162E4D8E931FC16A892A87852BBB, F80D217317E08F1366040DA5FC7331EFE9DF5DDC8608AAD4FAA45D6DF118E28B ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:27:43.0125 0x0a90  isapnp - ok
00:27:43.0140 0x0a90  [ C4A16606E637BAD563AEAAD7A8275657, F7518821998DF06366DE69DE801FAADF00666D0DE91553EE64A2B6AA4F9B014B ] JRAID           C:\WINDOWS\system32\DRIVERS\jraid.sys
00:27:43.0140 0x0a90  JRAID - ok
00:27:43.0156 0x0a90  [ E85095372008A9194C7ED6206CB782DA, 4C19D415D2D35F4A3E173D47C3F9881659C68D98ECB0123450665CD79FF2C001 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:27:43.0156 0x0a90  Kbdclass - ok
00:27:43.0187 0x0a90  [ F96D8CEC38EFD64AAF41976D214FC54E, 6F4CD427EDB076427457DC9ABDD6FD19AF19A25A132F5FC0AE3CE24DAD6B50D4 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:27:43.0187 0x0a90  kbdhid - ok
00:27:43.0203 0x0a90  [ 1B280B3B4C10CC2E3EC3AEC17EB6B658, 8540FA4B4E06067ADD9421C8444B0F143970513CEF000CE6899572D4F3B8CA1B ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
00:27:43.0203 0x0a90  kmixer - ok
00:27:43.0234 0x0a90  [ E9BC44A069593B8BFCE33610A0196D6B, BEDA50968C749053886C8F22D6EB5FBB6B7D42E7E064366E1DC2FD91860D3F47 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
00:27:43.0234 0x0a90  KSecDD - ok
00:27:43.0250 0x0a90  [ 5CB302B6CAACE41AF70C34B56EB3DB23, DE545B1CF1D37D2A58826665D8694B0F6FAAA293D4DB4D707D32FC726EF42866 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
00:27:43.0250 0x0a90  ksthunk - ok
00:27:43.0265 0x0a90  [ 80DB42573F8EF6CBB6A7A0FF6966A352, B2CF856BC3EE206B983C213F476DA040A74C315C45F22867F587BF02C76EC160 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
00:27:43.0265 0x0a90  LmHosts - ok
00:27:43.0296 0x0a90  [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
00:27:43.0296 0x0a90  MBAMProtector - ok
00:27:43.0375 0x0a90  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
00:27:43.0421 0x0a90  MBAMScheduler - ok
00:27:43.0453 0x0a90  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
00:27:43.0484 0x0a90  MBAMService - ok
00:27:43.0531 0x0a90  [ 7C4C76B39D5525C4A465E0BE32528E19, B7FE3B2AE7E8A936AFC0572A6C4F23327400EAD16B26B6E1193F1C9C3767B3E1 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:27:43.0531 0x0a90  Microsoft Office Groove Audit Service - ok
00:27:43.0546 0x0a90  [ AD6BC1EFA0C1B53409947F06DE87FC89, A5A32E731151E6A22969A12FB75E64448E3B012CA56AD3FE7E92EE89B89173A3 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
00:27:43.0546 0x0a90  mnmdd - ok
00:27:43.0546 0x0a90  mnmsrvc - ok
00:27:43.0562 0x0a90  [ 9A67A96A0CBC2BC658ABF8C9B5EE065A, BDFC3D82578E049592A273E7247A80495D2BB82B9F2E603164037CBC4B7CA28F ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
00:27:43.0562 0x0a90  Modem - ok
00:27:43.0625 0x0a90  [ 48796EB50E697A39D19D865E5CBDDAE2, A3DAF6F717C783A54341EEA6AB40698A0FCE86B7CE42771153C20B221F3F61BB ] Monfilt64       C:\WINDOWS\system32\drivers\Monft64.sys
00:27:43.0671 0x0a90  Monfilt64 - ok
00:27:43.0687 0x0a90  [ 12ACF32EDF03E46805347817ACB9F64C, 03549892876175B3FB3C7DFC51460E2576C3CD575C99A173745088E1D38410ED ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:27:43.0687 0x0a90  Mouclass - ok
00:27:43.0703 0x0a90  [ A0C4E4A79C5D6F418315C33177F2B5BC, AF892EF90545319E9DC68AB1848FF291CE1059A2CD04AA7BD12945C01A1949BA ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:27:43.0703 0x0a90  mouhid - ok
00:27:43.0718 0x0a90  [ 7E9CC7E4282A8E7A480560A6F817C177, CA6A9FAFAFD1E62A79EE1E88F103FC36ADA1026FAFCC626DB9C88421DE5555D8 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
00:27:43.0718 0x0a90  MountMgr - ok
00:27:43.0750 0x0a90  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:27:43.0750 0x0a90  MozillaMaintenance - ok
00:27:43.0750 0x0a90  mraid35x - ok
00:27:43.0765 0x0a90  [ F588AB7DCFFEFB2891764CF380A80B63, 03C37D442A6F96B2E0CB309926024E9E8FBE650D895B605EEA2F8F28BA2376A3 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:27:43.0765 0x0a90  MRxDAV - ok
00:27:43.0796 0x0a90  [ 6F7ADB8185B2B5B50DBF5789DB962EDA, BD51C5E2D51D221D6DE2D9C0A8B31412A23E2E9C65BB90FCE2734A804EC33A69 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
00:27:43.0796 0x0a90  MSDTC - ok
00:27:43.0812 0x0a90  [ 983F4AB7A50D56CD33E2061EE733BD55, 91F67285564BDD007C56F124E34323B455747D79A1D370690D016316A73A247E ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
00:27:43.0812 0x0a90  Msfs - ok
00:27:43.0812 0x0a90  MSIServer - ok
00:27:43.0843 0x0a90  [ 308EC6FBEF38871CB2C4CACE9C8F4808, BAE1435430A08930207DDA961AE4B62D7657ECA57F84B7C6102C776FBBD327D0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:27:43.0843 0x0a90  MSKSSRV - ok
00:27:43.0859 0x0a90  [ 8D3226738479719AAB3B6D2617D7A55C, 2C6974639170016C00010CDC49231BD8B10D7B5B5D2775B19065EC9DC32B1CC0 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:27:43.0859 0x0a90  MSPCLOCK - ok
00:27:43.0875 0x0a90  [ 058D63E8D000AE678D4549BFA8EB0DEB, E3BC297DF7D9C67D235B35B692B7CFE37B38A14A5CD78EB5E7A7652E3BB39AF1 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
00:27:43.0875 0x0a90  MSPQM - ok
00:27:43.0890 0x0a90  [ 5992D1F9ED64017A76AFEE2B79F5CFB9, 82077C3D5C7C77B923E75A250837BE3E911BCD3ED4A53C8A13E4372429E32721 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:27:43.0890 0x0a90  mssmbios - ok
00:27:43.0906 0x0a90  [ 4E3A0746542AA482117293234BFDE2C9, F40DB8961B7706EA015C91BB0AF43972BFE7BD3F84F55BCBBEBF3ABCB20585A2 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
00:27:43.0906 0x0a90  Mup - ok
00:27:43.0937 0x0a90  [ 6FE83D05AEBEF7930D7CE91568DC99DF, 584DA0561F1E106830B4958510862B8520885257B9F67A10A192D6A5EE384D4E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
00:27:43.0937 0x0a90  NDIS - ok
00:27:43.0953 0x0a90  [ 74612C7B722DF0DBCC972F301BD1BF1E, 5A3457D2855D180CDCAC26FF832AEDC8CCD678B153EBEB9D22E93B2D399E1209 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:27:43.0953 0x0a90  NdisTapi - ok
00:27:43.0968 0x0a90  [ 49C1207C1AE8C6958F1C1747132814C2, C1DA17D8A9CC4A93E620E98E52880F7591419145B9C031FF4501794D3B8252F9 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:27:43.0968 0x0a90  Ndisuio - ok
00:27:43.0984 0x0a90  [ 6157A7AEAE6D2B948FF2E872FFAC765B, 22C28325D50EF4B5C7EB9AAA71BCB72CECE2B6591D380C24285E938DCD15E3BF ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:27:44.0000 0x0a90  NdisWan - ok
00:27:44.0000 0x0a90  [ 24EA58A8257C3A4557C589EE0D4AB19B, 944FDE6B04759D9EDADFB50E870359ADA3924F84ED6A78E8747E47F9598AC0D7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
00:27:44.0000 0x0a90  NDProxy - ok
00:27:44.0015 0x0a90  [ FEDAAFB6CD700B9E0787C94D81C07DB5, D8394E0922C9F92DA27526F96841BD675AAC8EA9F0B8783A8E1B08E8239CB41A ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
00:27:44.0031 0x0a90  NetBT - ok
00:27:44.0093 0x0a90  [ FB13279D8C89ADD5B0F7497C45BCF1C3, 955E3876C7DD8E5B21834EC827061DB1696CDDF11132F887A0E3EFAAABE2E536 ] NetDDE          C:\WINDOWS\system32\netdde.exe
00:27:44.0093 0x0a90  NetDDE - ok
00:27:44.0093 0x0a90  [ FB13279D8C89ADD5B0F7497C45BCF1C3, 955E3876C7DD8E5B21834EC827061DB1696CDDF11132F887A0E3EFAAABE2E536 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
00:27:44.0109 0x0a90  NetDDEdsdm - ok
00:27:44.0125 0x0a90  [ F28FD9DBA68A85D6EE4225A83F127D2B, 60D97E3FBA76A767C29AE9586E6DCE55EB9F6F696583338DFA58436A00FF78A9 ] Netman          C:\WINDOWS\System32\netman.dll
00:27:44.0140 0x0a90  Netman - ok
00:27:44.0156 0x0a90  [ 8BC776595238AB62072AA6BEB17DDF59, 50C6944D52D13A602F254F7ADCFB7A66C51334E273DDA0876DFC40F0D1E158F0 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:27:44.0156 0x0a90  NetTcpPortSharing - ok
00:27:44.0171 0x0a90  [ DAFC30299E872CD7ED3795EA0FA08F67, 71D95D624B12621BC918A39CA2D684916C8CB6E388EC6D01D011597B0B36C7B7 ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:27:44.0171 0x0a90  NIC1394 - ok
00:27:44.0203 0x0a90  [ 7F6F508DAE92E99B62287562F10343B1, 04B53937806A1D96E47317DF5B762980DE9B0D0D6365968A594C97A750EC482A ] Nla             C:\WINDOWS\System32\mswsock.dll
00:27:44.0218 0x0a90  Nla - ok
00:27:44.0218 0x0a90  [ 81819038621A2C524781EC503D400287, 9CB8DD11863C1AC2CBD2D5A6F4237770A6D864FF11098924D5ECDE07634D6E29 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
00:27:44.0218 0x0a90  Npfs - ok
00:27:44.0250 0x0a90  [ C8904B5F90AB2236692E83D491C4D426, 331F8944AF992054B62F43E83BD31D0B82BC96EE3483E18B9F2BAA35803BC83D ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
00:27:44.0281 0x0a90  Ntfs - ok
00:27:44.0312 0x0a90  [ A398462077F68A41B4DFF9FB7E8FC7B8, C59A19BAC990525AE3CBB81414DBED5BCB5FED0E2B42620953A77D467E4CEAC6 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
00:27:44.0343 0x0a90  NtmsSvc - ok
00:27:44.0343 0x0a90  [ 501039187C444FA7AB9D97B6A6C667B3, 96E2D68DEC08A78BC73868DC35DC23E62CDC1D5A91381A90BBAC5866952A6D19 ] Null            C:\WINDOWS\system32\drivers\Null.sys
00:27:44.0343 0x0a90  Null - ok
00:27:44.0640 0x0a90  [ E23C140648EF1777786BE93E85E163F2, A38D54AEFEE8054A61CE601169CAE9CE137B1C0754FD3B218E9D726071BA3FDC ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:27:44.0906 0x0a90  nv - ok
00:27:44.0937 0x0a90  [ B82381FAB4D2FBF3178752A26A4D8707, 9987746F0B2F587B78552FF46879CF32B91C7F118992286848D1EDA46CB9D663 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64.sys
00:27:44.0953 0x0a90  NVHDA - ok
00:27:44.0968 0x0a90  [ A133096755E988DA96EA0C185777D2B6, 88DD3F4AFBA795F7D720F69602EE5C6F215CBC2257FD780983912BF3DE06B2C3 ] nvsvc           C:\WINDOWS\system32\nvsvc64.exe
00:27:44.0984 0x0a90  nvsvc - ok
00:27:44.0984 0x0a90  NwlnkFlt - ok
00:27:44.0984 0x0a90  NwlnkFwd - ok
00:27:45.0062 0x0a90  [ 1F0E05DFF4F5A833168E49BE1256F002, A858267572033C185293B0FD15B2BFDA679D0771A14C0ADF24461B529DBAD8DF ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:27:45.0078 0x0a90  odserv - ok
00:27:45.0078 0x0a90  [ F8160AC8AE516A33221427C2353A7D12, B47DE09882E0D3F6A6ACD40EBA75103C19DEDFD3276C5A45D8462AD07A7C6E65 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:27:45.0078 0x0a90  ohci1394 - ok
00:27:45.0109 0x0a90  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:27:45.0109 0x0a90  ose - ok
00:27:45.0140 0x0a90  [ 7DDAA09186DA9F1D304E819B5A6BBC5A, 274FD7391E81642F022045A2472283942CB9278B61D640575942E6D0A2FC2297 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
00:27:45.0140 0x0a90  Parport - ok
00:27:45.0140 0x0a90  [ 5F9A703240468A0C35A629D17FFCA847, 9D5EBB415C17E79B5DA1281F2B5AFA2AC20645108DD514BE60F7DDD72F7D239E ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
00:27:45.0140 0x0a90  PartMgr - ok
00:27:45.0156 0x0a90  [ 5B2C8D6971D8DF4937C2FA013CD4C00D, DF679B09318EF922DB5F2DD55DEADE60C29C038B70A8EA470BA5C11B041D9CBF ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
00:27:45.0171 0x0a90  PCI - ok
00:27:45.0187 0x0a90  [ F1978C7849A0047306DB3B8BB94F0764, 4423A89C71CF1C4DE1670B7B8BAAA03E66FEC1F76470E6F1FE3C9BD1F83D87C5 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
00:27:45.0187 0x0a90  PCIIde - ok
00:27:45.0203 0x0a90  [ 037F3A19F49A4C6A320C4154EBD6EE9D, CEF1860D8DD031FA69A6FADD62A91C11EAF98109082906436CCFCBAC7F32C21B ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
00:27:45.0218 0x0a90  Pcmcia - ok
00:27:45.0234 0x0a90  [ AF7CE12C4F3DC8CB2B07685C916BBCFE, 1AF47113778D411BF3CF82ACF428676908121B1F3252133A5F98E188ED1E9C6C ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
00:27:45.0250 0x0a90  pcouffin - ok
00:27:45.0250 0x0a90  PDCOMP - ok
00:27:45.0250 0x0a90  PDFRAME - ok
00:27:45.0265 0x0a90  PDRELI - ok
00:27:45.0265 0x0a90  PDRFRAME - ok
00:27:45.0312 0x0a90  [ D255E0DDB63A6223BFD8057266380017, 89E5C9413612700C119BCC7CED69425C3E7D21D51CC1E2C397FCF6342AC977FF ] PlugPlay        C:\WINDOWS\system32\services.exe
00:27:45.0312 0x0a90  PlugPlay - ok
00:27:45.0328 0x0a90  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
00:27:45.0328 0x0a90  PolicyAgent - ok
00:27:45.0328 0x0a90  [ E176F640EE6BF550F61FAA9CE9A683F4, 52218543EC0265275C1E47A356EABAA3DD6A4B92D1394B939EB5A061DC8143BD ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:27:45.0328 0x0a90  PptpMiniport - ok
00:27:45.0343 0x0a90  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:27:45.0343 0x0a90  ProtectedStorage - ok
00:27:45.0359 0x0a90  [ 01AAE06E543C0956AC247546A8F2DAFE, 9E42997B145A8071D1FF0A80D9978001E84CD639541117DE36C1766B7F3418E2 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
00:27:45.0359 0x0a90  PSched - ok
00:27:45.0375 0x0a90  [ 35E39A969D227C2A56C1DC98361D8E35, A8F6135798D562EF21F8A546CD7C7A48C88AC8CC51BE24DCEA9B3233DDA48F3A ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:27:45.0375 0x0a90  Ptilink - ok
00:27:45.0390 0x0a90  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\WINDOWS\system32\Drivers\PxHlpa64.sys
00:27:45.0390 0x0a90  PxHlpa64 - ok
00:27:45.0390 0x0a90  [ D646A315E6386DAC1D96C8CE8A4BFEE7, 2DCCFDC6A390AD6938957A9CA80CF4B76FC3CE3211D707E43CE2C9AADE101CFD ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:27:45.0390 0x0a90  RasAcd - ok
00:27:45.0421 0x0a90  [ 3F573D0C001B982C3180860366783BC0, D059C7298717513B5F8086E5C1FC83FB8E1D053E60D4F3A4E1B8BBD668560F3D ] RasAuto         C:\WINDOWS\System32\rasauto.dll
00:27:45.0421 0x0a90  RasAuto - ok
00:27:45.0421 0x0a90  [ D81FDC53EE9C0F68D709E504342D1D74, 9C0224B1D0D3672AD737EE7F15BC32938B37F75840ECAABCCBAE82D6518C0BDB ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:27:45.0437 0x0a90  Rasl2tp - ok
00:27:45.0468 0x0a90  [ 47F7838F77A42F85C763899AB1B77D14, A21A653135A4AF028D4216F4CB3B2891F283AF7ACEEC1FCD929CE0703C952165 ] RasMan          C:\WINDOWS\System32\rasmans.dll
00:27:45.0484 0x0a90  RasMan - ok
00:27:45.0500 0x0a90  [ 31FA5AB662C58CC5CF92396224F6B29A, E6279EF4F6A78EC17F0B10A446AF476C005FC4F9FE41057E540B2505B831EFE2 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:27:45.0500 0x0a90  RasPppoe - ok
00:27:45.0500 0x0a90  [ 701493F9A6EDE759AF8D3FA7C08BAB3B, 2659B1F99BCECDD760E808439B8AAFE67301CCF0A0B7D581E5950B3515B62E31 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
00:27:45.0515 0x0a90  Raspti - ok
00:27:45.0515 0x0a90  [ C013379D04060318C3B2E4967D82739A, DB7092052C44D103C4AF4792742F9701A33BBF0C8FFEF29A86CBDBCF470B2F75 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:27:45.0515 0x0a90  RDPCDD - ok
00:27:45.0562 0x0a90  [ 0482A9BE0BE2098A12A61464306BF24B, 2F42ADB978F20888BC985F65FA9673C25BB02F6550CE3BCBBBAFA92B788EC0CE ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:27:45.0578 0x0a90  rdpdr - ok
00:27:45.0640 0x0a90  [ E87DF32229D27AFBD9EA4EFC70BD0DAA, 3336B1697FA7D0245A96E08E5FA2763D02C604AAFF208FF2394309B8559A6821 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
00:27:45.0640 0x0a90  RDPWD - ok
00:27:45.0671 0x0a90  [ A72BE0B07655141AB4EABECF0D66528A, F92EAD99AA7B903442EB22150D5C6ABE50347C843005A6C4DD47D025E4FBD905 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
00:27:45.0671 0x0a90  RDSessMgr - ok
00:27:45.0687 0x0a90  [ 1D793394201000D2D56E848C18FE9A62, 18B876699CEBA83A1926E04C9C4EDEC9982D8C79A419EA0E181AC9588F391A07 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
00:27:45.0687 0x0a90  redbook - ok
00:27:45.0718 0x0a90  [ 60C8A5D4954CCE7D280369DFF5068019, 1F7E437B3CD0A576875863A945B6015899B63A29FADB7B74D7091C8F5044C395 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
00:27:45.0718 0x0a90  RemoteAccess - ok
00:27:45.0734 0x0a90  [ B2D55CE8C7C946C625B687F75040AD3F, 8BBCFB5765E42DA638681A659FEC67C3C5BE784575FAFEA9D729F7908DF3B120 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
00:27:45.0734 0x0a90  RemoteRegistry - ok
00:27:45.0781 0x0a90  [ 8830EF3E7DDB479F00113A5B59B6F601, C710896F146914EF19D591C3BB336DC3488CF38A6CDCD01E78540916C77F7A26 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
00:27:45.0796 0x0a90  RpcSs - ok
00:27:45.0828 0x0a90  [ 5DFF23F304B264D74427EB5DB871767D, 726EDE4A63E9634855765D4A7FEA929664A3D1EBBA31DB31E5D736A99CDC4B74 ] rr232x          C:\WINDOWS\system32\drivers\rr232x.sys
00:27:45.0828 0x0a90  rr232x - ok
00:27:45.0921 0x0a90  [ AD850A1113416A4B57D91218388F24D9, D1145D9039F392C5E3E3B5263A4AF0E0FDC120A3433A372BFFFB0EDB9C34F976 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMIX.sys
00:27:46.0031 0x0a90  RTHDMIAzAudService - ok
00:27:46.0046 0x0a90  [ E1839D992CA6EB1B7735311B1D11F894, 6081204B8DDF5C18F65A166B1B37E2F36D5E6BA05A10C516A304525EF4487F0E ] RTLE8023x64     C:\WINDOWS\system32\DRIVERS\Rtenic64.sys
00:27:46.0046 0x0a90  RTLE8023x64 - ok
00:27:46.0062 0x0a90  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] SamSs           C:\WINDOWS\system32\lsass.exe
00:27:46.0062 0x0a90  SamSs - ok
00:27:46.0078 0x0a90  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:27:46.0078 0x0a90  SASDIFSV - ok
00:27:46.0078 0x0a90  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:27:46.0078 0x0a90  SASKUTIL - ok
00:27:46.0093 0x0a90  [ 1BCC22ED6AF5083B850A8FEE358AC09B, 45339334ACACEAECA83485C687F86E2D5B1BDAB3D5F2976D7DA825F4EB71FC0C ] sbp2port        C:\WINDOWS\system32\DRIVERS\sbp2port.sys
00:27:46.0093 0x0a90  sbp2port - ok
00:27:46.0109 0x0a90  [ A2069FFA2A6FEBB3818F180373C84A89, 5BA399793247AF1BC2B8C8A417211EF5D4FC9C126496E5692E5D0C08BD38D512 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
00:27:46.0125 0x0a90  SCardSvr - ok
00:27:46.0140 0x0a90  [ 71CD398385835C08613C65E5BF91E7FA, C43407F43557B8B3F43C76245DD18C66155D3D0B4B020A061C052C7B9B615C4C ] Schedule        C:\WINDOWS\system32\schedsvc.dll
00:27:46.0156 0x0a90  Schedule - ok
00:27:46.0171 0x0a90  [ 6D4CCD356DA407194C2574A68D9C727A, 621EBD4A81645CEA675F9070FBACFA04BA7670F3604F2308AB1E130E050032B9 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:27:46.0171 0x0a90  Secdrv - ok
00:27:46.0187 0x0a90  [ B4E054549321372D995E4DB9A5304E77, 8D3FF430963AFEDF8388CD23B4C63ABF62F3419B8084F0FC30D7068FCBCFC257 ] seclogon        C:\WINDOWS\System32\seclogon.dll
00:27:46.0187 0x0a90  seclogon - ok
00:27:46.0203 0x0a90  [ 222C0A6C354D6A90700956C60574A09A, 1D44DF7A052B7CD8D220A453D8ECCF39FC74D126B94C5B2AE36EA56C821DB642 ] SENS            C:\WINDOWS\system32\sens.dll
00:27:46.0203 0x0a90  SENS - ok
00:27:46.0218 0x0a90  [ 111B29F3FCF9FB61C903A01E3706F7DC, EB872B6769806170E26BEC23F689B38D0779A1219353B0DA47F52F747DC4120A ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
00:27:46.0218 0x0a90  serenum - ok
00:27:46.0234 0x0a90  [ C0DC97399576FCCFF5FE877EC2D8DACC, 0AED50A4D99161FC66B323606D13F08ED4556ACD18E5EDE1E030EB5FECF03D1E ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
00:27:46.0234 0x0a90  Serial - ok
00:27:46.0265 0x0a90  [ C6EACC8920A31B8D5842D1F7A28E2113, 8883115F406A4A8588DD9E8ED6E9ED7ED4AFF9DFDBE8B391C0D9AEBE187DD27D ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
00:27:46.0265 0x0a90  Sfloppy - ok
00:27:46.0296 0x0a90  [ C87F7B646931CEB8525F2D9B7E26F9FB, DDA819DEFB29EBE26DB10E496D1D70EC0B8CDAA1E44B150A46E46D00A2862690 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:27:46.0312 0x0a90  ShellHWDetection - ok
00:27:46.0312 0x0a90  Simbad - ok
00:27:46.0359 0x0a90  [ 17EC29105989101DB536C49E1279A0EB, 7B8D96703584DCBF94802B18C8A601D806DB2D3DA4EA0D33AA4C268C9C06467F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
00:27:46.0359 0x0a90  splitter - ok
00:27:46.0359 0x0a90  [ 5918677301E62A935A837EC22BA7088C, 2293F4DA8699AEE199C754E59C051D633EF0D52B427D1AF891A814211E2D1B0C ] Spooler         C:\WINDOWS\system32\spoolsv.exe
00:27:46.0359 0x0a90  Spooler - ok
00:27:46.0375 0x0a90  [ DAE1D5553D42A06034001D6EF4F5CB36, CAD426CCD2BFE81F7B13D2777F699CFE9F7708FFE768BBB618C78601D4AD99CA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
00:27:46.0390 0x0a90  sr - ok
00:27:46.0406 0x0a90  [ 7B6DA719973755BD091131E53AD6EC23, 2C0D2191ACDF2BA7D5711C6088F28D9478396B6144FBFFECE5B688646A701C62 ] srservice       C:\WINDOWS\system32\srsvc.dll
00:27:46.0406 0x0a90  srservice - ok
00:27:46.0421 0x0a90  [ 94AD81C8EE2385EDDB08C7E34FEDB7A8, 86565EC29AC5CB84B6BA3B482ED2EB743EF11BD53A93EAEDA2400DFCF3F88440 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
00:27:46.0421 0x0a90  SSDPSRV - ok
00:27:46.0453 0x0a90  [ F6D4F452DB507820F726525A1425F0CC, D5D46951B2B08156ADE2E4B74CAE95345718F9B27208B190FE526D946950A8C2 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
00:27:46.0468 0x0a90  stisvc - ok
00:27:46.0468 0x0a90  [ B6536185FEEB8F0C86AD3BF2FBAB4F2F, D9E2935B3C1D3326E5BCC2F8C8D65D72B453D60E5E702812383256606B69D414 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
00:27:46.0468 0x0a90  swenum - ok
00:27:46.0500 0x0a90  [ 8E9E35B36A27AD154A5F92397CDE343C, EDB9F8B366D8CDEB26CB0C669559829D7D7522F8EC673CE5F53A7858B78AA17B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
00:27:46.0500 0x0a90  swmidi - ok
00:27:46.0531 0x0a90  [ 2E54746998139CB708B83974F1AC09F3, 167CA13C072DFFD094C230B8466823B63A09B6015C5D827D0A2C174519DBC771 ] swprv           C:\WINDOWS\System32\swprv.dll
00:27:46.0546 0x0a90  swprv - ok
00:27:46.0546 0x0a90  symc8xx - ok
00:27:46.0562 0x0a90  symmpi - ok
00:27:46.0562 0x0a90  sym_hi - ok
00:27:46.0578 0x0a90  sym_u3 - ok
00:27:46.0593 0x0a90  [ 2E843F129DAF4C789DF7ACD40E26208F, A7B8B46AA5E72B43142E2D59E49DE908FEF3FFBD2E54D1AF1B0CCA8142462009 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
00:27:46.0593 0x0a90  sysaudio - ok
00:27:46.0609 0x0a90  [ D3FFFEA8C94BA3C1CEAC9694AC390472, E777300694BF46F6E988CEE703144E079B1AC2D4DF1E59FDCEEED4E2DC157B51 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
00:27:46.0625 0x0a90  SysmonLog - ok
00:27:46.0656 0x0a90  [ FAFEFC85FC929B81571BFF315C93E299, 830BEB95F7259305B6ED0FD064533E3757D6B0C53D9038034AC8953E3C95DE9F ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
00:27:46.0656 0x0a90  TapiSrv - ok
00:27:46.0687 0x0a90  [ C013E7F14FD378A16F5B7A4B5A7050E9, 01B150BDA82C126CA63EA0659539B3DB1FC39CB19B4D7A8DE6EB66BDC1DEC638 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:27:46.0718 0x0a90  Tcpip - ok
00:27:46.0734 0x0a90  [ DA1E9CD22238FA4DB565EF41C7312E1B, 5E858462DBD7557CC8CADA0E5A26F11F1F22829FD29D8A91916F7A384A1D7543 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
00:27:46.0734 0x0a90  TDPIPE - ok
00:27:46.0750 0x0a90  [ 47D24EBB1C442DCC18D89B8B89BAFB49, BD906AB7C17AC9CCCB551DE51B7354597B9676276C65CBF9F8C9FC97451C6AFF ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
00:27:46.0750 0x0a90  TDTCP - ok
00:27:46.0765 0x0a90  [ 8AB9AD44907D4C57AD10E175C8720ECF, 279EB8472C15E6BCA2D680B8B6D66C7C0945182B0325A7B999DF5C90B23BDDAA ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
00:27:46.0765 0x0a90  TermDD - ok
00:27:46.0796 0x0a90  [ F4849A4962779132B02CA4BBF696F434, 7D3A81E2B8006E8B733C0B85E4586DEA19D18707DBF433DFAB636FF221BAA938 ] TermService     C:\WINDOWS\System32\termsrv.dll
00:27:46.0796 0x0a90  TermService - ok
00:27:46.0812 0x0a90  [ C87F7B646931CEB8525F2D9B7E26F9FB, DDA819DEFB29EBE26DB10E496D1D70EC0B8CDAA1E44B150A46E46D00A2862690 ] Themes          C:\WINDOWS\System32\shsvcs.dll
00:27:46.0828 0x0a90  Themes - ok
00:27:46.0875 0x0a90  [ 0FDF294D30CA53391485132854151B26, 6CD8BDDEC3B712C65E71964375565EE7DB60E77D1809FBDA85DE3B0C0B190F34 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
00:27:46.0875 0x0a90  TlntSvr - ok
00:27:46.0875 0x0a90  TosIde - ok
00:27:46.0890 0x0a90  [ 483FFCD8E5080198D87EEED44246E6A9, 769748087408A515B865079BE3FAE3BF1F483A750EB376509844FC787AB6ADEC ] TrkWks          C:\WINDOWS\system32\trkwks.dll
00:27:46.0906 0x0a90  TrkWks - ok
00:27:46.0921 0x0a90  [ A6DD2DFCC44EC61D18AA645620CD8F63, 74B4BBBAD1955CED21F14C9AAB19805689FA077B6BFACDD4C12B45D4C78A9DBB ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
00:27:46.0921 0x0a90  Udfs - ok
00:27:46.0921 0x0a90  ultra - ok
00:27:46.0953 0x0a90  [ C306CEA0F1477240A5D9A7E61DB2F3E1, 42B6F3A344B3851A0A4531793A54E3F1E4035497B4878CC74B828774CCE4E4F3 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
00:27:46.0953 0x0a90  UMWdf - ok
00:27:46.0968 0x0a90  [ B2AF2BA8A3205A8458B61F638FB431DD, 489402C773A1124917704C155D8E15B82490233E9E5135B62A88EFE73AA28C38 ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
00:27:46.0968 0x0a90  UnlockerDriver5 - ok
00:27:46.0984 0x0a90  [ 1446762923434D2A9C315325CF4770C8, 6FE7368615F3A40CC402E44F53534E285C95921EA5B056E03057BA13CCA73A82 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
00:27:47.0000 0x0a90  Update - ok
00:27:47.0015 0x0a90  [ FC584D63C6B12434D12BBC9CB278C560, DE9981183A3A6311A02D3D41386608F8D9B5ED918E310BCC0205F91A0ECBFFB4 ] upnphost        C:\WINDOWS\System32\upnphost.dll
00:27:47.0015 0x0a90  upnphost - ok
00:27:47.0031 0x0a90  [ 3EC1501AA03CECD66ED093428FBC8B0E, A54797051FF44765BA62BA9F71B3F4D6E0E3494DBA193930AE88D7A3CCBEE503 ] UPS             C:\WINDOWS\System32\ups.exe
00:27:47.0031 0x0a90  UPS - ok
00:27:47.0046 0x0a90  [ 3421B0691A0E365A020836369A296F0C, D5E78999A26196B841AAE4690588097179676F72F43E573AB173F74B8C7E1225 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:27:47.0046 0x0a90  usbccgp - ok
00:27:47.0062 0x0a90  [ AE6521A1C79FC955FF26BE9CA5521B51, 657DAF4A3DCDF10E08CA6DCC7B62BF24C437FF4708F18CA0A47F7E8897E83D9A ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:27:47.0062 0x0a90  usbehci - ok
00:27:47.0078 0x0a90  [ D63CB1B59D54F9C2BB8A4107584A664F, 92B1744EB8FFB6BD5C8502508825C8D88F94EF76ED119937A4A791D2EA030198 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:27:47.0078 0x0a90  usbhub - ok
00:27:47.0109 0x0a90  [ 040F6F425A6CC4FB156470502CAFB31B, 83665F72188F2AACF34A3333BE7AB2DCA36EB2209121BC8CD5E5A6E1332EC439 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:27:47.0109 0x0a90  usbprint - ok
00:27:47.0140 0x0a90  [ 280894F834F5B9910DADFF7568F37B31, 600898F3497A037331164DBF6AFE85956CF96F100921953A1B7FAF3EE96E8105 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:27:47.0140 0x0a90  usbscan - ok
00:27:47.0156 0x0a90  [ EDCE8A162E8023FD1751E08E23E41948, 6BFCEC240F243FA213D844D0A0A736BC96DDC57CE2FF5AB0A93A70FE5B91CDCA ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:27:47.0156 0x0a90  USBSTOR - ok
00:27:47.0171 0x0a90  [ 4B7B4A2CC997C482A0AA7CA663AF62A0, 2C961F136DE4843194DE96FC2CB09803170630CA6411DF91FBDFC7EC7B7BE83D ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:27:47.0171 0x0a90  usbuhci - ok
00:27:47.0203 0x0a90  [ B1E327AEA4ECF42DDF7C579B0FB0DE4C, BADE3BB0B11E5ECC9F98726AB9ABEAF6BFB9416B31F2E6A6D5FBBB1656BDD8C9 ] vds             C:\WINDOWS\System32\vds.exe
00:27:47.0218 0x0a90  vds - ok
00:27:47.0234 0x0a90  [ B40CFD2FFDD838B0CE0C35EE449407BD, E5ABAA0DC1E55B71522A908287820FB91B2ED554A1F1D45CA3FBEE59C674F77E ] vga             C:\WINDOWS\system32\DRIVERS\vgapnp.sys
00:27:47.0234 0x0a90  vga - ok
00:27:47.0234 0x0a90  [ 78EBFE6F11F10DB8237B910E9158CA91, E2F6EC862C80F6C6CEAEE586659A99C725B9EB8C786CB0A9E51F36946523D8BD ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
00:27:47.0250 0x0a90  VgaSave - ok
00:27:47.0250 0x0a90  ViaIde - ok
00:27:47.0281 0x0a90  [ 941D45C8A14B2B1E8A57D0EEF6A98AEB, 50BDB18C6CD4B12EAB321B502202B959C7A88FCAAE87F88801E3155A18A8B392 ] VolSnap         C:\WINDOWS\system32\DRIVERS\volsnap.sys
00:27:47.0281 0x0a90  VolSnap - ok
00:27:47.0390 0x0a90  [ 0A05DE966B412D6289632AC05FC6ADA2, BB6E46415DDD45F62842D328D53B704A39D119283E3794F4C98DC64C324DE622 ] VSS             C:\WINDOWS\System32\vssvc.exe
00:27:47.0453 0x0a90  VSS - ok
00:27:47.0484 0x0a90  [ 6FE371026674BAF189F7A81746A67C87, 51BD0AF47ED0CA9769017EE1777D94C2314094BFC90291C87C0BB32C31246271 ] W32Time         C:\WINDOWS\system32\w32time.dll
00:27:47.0500 0x0a90  W32Time - ok
00:27:47.0515 0x0a90  [ D2A01D73FE4A455C1D741B48C56763B2, 4BE09FF135A64A17C505C15C8F5DCB04C61BF43CA5C0C6530AD25B46C91B7C1D ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:27:47.0515 0x0a90  Wanarp - ok
00:27:47.0531 0x0a90  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam64.sys
00:27:47.0531 0x0a90  WDC_SAM - ok
00:27:47.0546 0x0a90  WDICA - ok
00:27:47.0562 0x0a90  [ DAFF7E89C84079022B9606F83E1BD29A, 7DEB90751776F6BD5578746738531FD8F1E5E149689D8766620DC1383559EAF9 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
00:27:47.0578 0x0a90  wdmaud - ok
00:27:47.0578 0x0a90  [ FE8590FA0367A29BC7ED7BFC4962AD1C, DA18DD579D2AD183A8ACF63416F67890575F5E26438F311E0D70EFA1418ACF09 ] WebClient       C:\WINDOWS\System32\webclnt.dll
00:27:47.0593 0x0a90  WebClient - ok
00:27:47.0593 0x0a90  WinHttpAutoProxySvc - ok
00:27:47.0640 0x0a90  [ 881271D649E778690A365D73B8958509, 33450D9174FDABEC3D504AA4B8E7C3F051A97976E24276047F9A6758837F90A1 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
00:27:47.0640 0x0a90  winmgmt - ok
00:27:47.0687 0x0a90  [ 81E883CE0157B97E9D762E449E50D69F, DBC46E51F44F607B86BEDF2B9434759CBF38832AFCC758490A33A5E6F6A30788 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
00:27:47.0687 0x0a90  WmdmPmSN - ok
00:27:47.0734 0x0a90  [ B55E124A96723E55258710C68B2BCE3B, 627E8EBB59141450D51936A0A04628DF804A0CC409A4E2EC3CC2A20EF7D71390 ] Wmi             C:\WINDOWS\System32\advapi32.dll
00:27:47.0765 0x0a90  Wmi - ok
00:27:47.0796 0x0a90  [ 56980BE8B5A6861B5D9175EABA8AC7DC, BC47558AA9C9F282A9EFAADF9DC2D9C454FBE48A87AF9AE9EF5EA07139354061 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:27:47.0796 0x0a90  WmiApSrv - ok
00:27:47.0859 0x0a90  [ 991E2C2CF3BC204C2BB2EE1476149E4E, 3ACEE4D02B989A397BC7A8CDDE90850173F351888C119CC60187CB8934DCC16D ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:27:47.0890 0x0a90  WPFFontCache_v0400 - ok
00:27:47.0921 0x0a90  [ EF7576AF44B484F7A3E6072D633BAB34, 03736A1CD63857BB9C1422DFCE66232FE3E76DD92EA4BC708A7EAD79DE639772 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
00:27:47.0921 0x0a90  wuauserv - ok
00:27:47.0953 0x0a90  [ F4EC5C736BBA9A27F9C36412C930B386, 51820C6FC8E865D4927EC8DADC435A70B2554195CF8DC226CE6A7FBDDA697CD4 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
00:27:47.0968 0x0a90  WZCSVC - ok
00:27:48.0000 0x0a90  [ A1ABA5A0B4F1FF9B83C50F92F8C080A2, 757A3F939DA878921BB23CD9560A33AD15E91A9718A132EECB61EF3D45506959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
00:27:48.0000 0x0a90  xmlprov - ok
00:27:48.0031 0x0a90  ================ Scan global ===============================
00:27:48.0046 0x0a90  [ 2AE60E46216266CDC9E20886E4CE3281, 25192BDD2098853D401A109C5E983C7DC086B30983F19ED53ACB70F37412FBA2 ] C:\WINDOWS\system32\basesrv.dll
00:27:48.0078 0x0a90  [ 09AC0851FE16DDB82224E970ED3F4817, 89ADD2538CC3B1C75A4E8AA7A9EF6CC4B0200F82F1FF47505D9311B99937480E ] C:\WINDOWS\system32\winsrv.dll
00:27:48.0109 0x0a90  [ 09AC0851FE16DDB82224E970ED3F4817, 89ADD2538CC3B1C75A4E8AA7A9EF6CC4B0200F82F1FF47505D9311B99937480E ] C:\WINDOWS\system32\winsrv.dll
00:27:48.0125 0x0a90  [ D255E0DDB63A6223BFD8057266380017, 89E5C9413612700C119BCC7CED69425C3E7D21D51CC1E2C397FCF6342AC977FF ] C:\WINDOWS\system32\services.exe
00:27:48.0140 0x0a90  [ Global ] - ok
00:27:48.0140 0x0a90  ================ Scan MBR ==================================
00:27:48.0156 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk4\DR4
00:27:48.0156 0x0a90  \Device\Harddisk4\DR4 - ok
00:27:48.0187 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
00:27:48.0203 0x0a90  \Device\Harddisk5\DR5 - ok
00:27:48.0203 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6
00:27:48.0203 0x0a90  \Device\Harddisk6\DR6 - ok
00:27:48.0234 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk7\DR7
00:27:48.0234 0x0a90  \Device\Harddisk7\DR7 - ok
00:27:48.0265 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk8\DR8
00:27:48.0281 0x0a90  \Device\Harddisk8\DR8 - ok
00:27:48.0296 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk9\DR9
00:27:48.0296 0x0a90  \Device\Harddisk9\DR9 - ok
00:27:48.0296 0x0a90  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk10\DR10
00:27:48.0312 0x0a90  \Device\Harddisk10\DR10 - ok
00:27:48.0312 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk11\DR11
00:27:48.0312 0x0a90  \Device\Harddisk11\DR11 - ok
00:27:48.0328 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:27:48.0500 0x0a90  \Device\Harddisk0\DR0 - ok
00:27:48.0500 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
00:27:48.0500 0x0a90  \Device\Harddisk1\DR1 - ok
00:27:48.0531 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
00:27:48.0546 0x0a90  \Device\Harddisk2\DR2 - ok
00:27:48.0546 0x0a90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
00:27:48.0546 0x0a90  \Device\Harddisk3\DR3 - ok
00:27:48.0546 0x0a90  ================ Scan VBR ==================================
00:27:48.0562 0x0a90  [ DB589B4C5C445B63AC307597DE5C6D16 ] \Device\Harddisk4\DR4\Partition1
00:27:48.0593 0x0a90  \Device\Harddisk4\DR4\Partition1 - ok
00:27:48.0593 0x0a90  [ 125370C0969398BABD54F43FD7A9F1E6 ] \Device\Harddisk5\DR5\Partition1
00:27:48.0687 0x0a90  \Device\Harddisk5\DR5\Partition1 - ok
00:27:48.0687 0x0a90  [ 9A6F8BFED512741D750FAC4B021AC4E8 ] \Device\Harddisk6\DR6\Partition1
00:27:48.0734 0x0a90  \Device\Harddisk6\DR6\Partition1 - ok
00:27:48.0734 0x0a90  [ B80C63DF260554DBDF3C7D6F06087A0C ] \Device\Harddisk7\DR7\Partition1
00:27:48.0781 0x0a90  \Device\Harddisk7\DR7\Partition1 - ok
00:27:48.0796 0x0a90  [ D9173BA7AD4E28F5BA5ED012A80D1F9D ] \Device\Harddisk8\DR8\Partition1
00:27:48.0843 0x0a90  \Device\Harddisk8\DR8\Partition1 - ok
00:27:48.0843 0x0a90  [ E854DFF28B18D6F31746ECF13FE64C9A ] \Device\Harddisk9\DR9\Partition1
00:27:48.0875 0x0a90  \Device\Harddisk9\DR9\Partition1 - ok
00:27:48.0875 0x0a90  [ BBDA160B58623E54B431EBFE62C47D1F ] \Device\Harddisk10\DR10\Partition1
00:27:49.0328 0x0a90  \Device\Harddisk10\DR10\Partition1 - ok
00:27:49.0343 0x0a90  [ E2BD7B63FEA971005394C2E875F84B89 ] \Device\Harddisk11\DR11\Partition1
00:27:49.0375 0x0a90  \Device\Harddisk11\DR11\Partition1 - ok
00:27:49.0390 0x0a90  [ B4D76871C8CAF9FFE890553072351125 ] \Device\Harddisk0\DR0\Partition1
00:27:49.0421 0x0a90  \Device\Harddisk0\DR0\Partition1 - ok
00:27:49.0421 0x0a90  [ DC8D8C0D8494EE33ED15CD12E30F2CDE ] \Device\Harddisk0\DR0\Partition2
00:27:49.0453 0x0a90  \Device\Harddisk0\DR0\Partition2 - ok
00:27:49.0453 0x0a90  [ 24692C5696597A9647D3BE5A800CF604 ] \Device\Harddisk1\DR1\Partition1
00:27:49.0531 0x0a90  \Device\Harddisk1\DR1\Partition1 - ok
00:27:49.0531 0x0a90  [ BC7BDCBD4010F62550F36C82F4375C2A ] \Device\Harddisk2\DR2\Partition1
00:27:49.0625 0x0a90  \Device\Harddisk2\DR2\Partition1 - ok
00:27:49.0625 0x0a90  [ A4EE829533E5A427BE5D042B1309F279 ] \Device\Harddisk3\DR3\Partition1
00:27:49.0718 0x0a90  \Device\Harddisk3\DR3\Partition1 - ok
00:27:49.0718 0x0a90  ================ Scan generic autorun ======================
00:27:49.0734 0x0a90  [ 846535EF009EC28753C9B64FCB30F299, 456F313D07A3BFB3FAE4528DA5C62565E73120A68456AE94DEE801A9B6F5971B ] C:\WINDOWS\SOUNDMAN.EXE
00:27:49.0734 0x0a90  SoundMan - ok
00:27:50.0281 0x0a90  [ 3EAAA3A5439839F8A12C80E99E4A86D2, 2643124D959EEB834A318D7F2C472038AE7820A82AF65FD8DDAB9AB68667FA3C ] C:\WINDOWS\RTHDCPL.EXE
00:27:50.0765 0x0a90  RTHDCPL - ok
00:27:50.0812 0x0a90  nwiz - ok
00:27:50.0812 0x0a90  NvMediaCenter - ok
00:27:50.0812 0x0a90  NvCplDaemon - ok
00:27:50.0906 0x0a90  [ C99D1EB52DE019556F72671CB23D8513, 1D5CB1CC3D4D6BC504934362C2631CBC034719668526736622C72289B21AFD55 ] C:\WINDOWS\ALCWZRD.EXE
00:27:50.0984 0x0a90  AlcWzrd - ok
00:27:51.0015 0x0a90  SpyHunter Security Suite - ok
00:27:51.0031 0x0a90  [ DB4E2D9C09A5762CB2551222B5E443B2, 318AD09D1821E38B7D7ACC0A06965057B494A752C9E34FD1CA41247DC703F985 ] C:\WINDOWS\RaidTool\xInsIDE.exe
00:27:51.0031 0x0a90  JMB36X IDE Setup - ok
00:27:51.0109 0x0a90  [ 05A2C09EFD474148B8464181D1802F79, AF46FD9F78B1948739E26E9EBE63C4F541705B9AA6B26F5A42555E89BAF1C58D ] C:\WINDOWS\SysWOW64\xRaidSetup.exe
00:27:51.0156 0x0a90  36X Raid Configurer - ok
00:27:51.0203 0x0a90  [ BBCCA29684E7C80B7AE4F5680EDF6FA8, 1101DCCB6CD0C45308F4A23DC4EEF6C6A7EE89C3A0A9FA74F5D2AFBACE6DCC98 ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
00:27:51.0218 0x0a90  DivXMediaServer - ok
00:27:51.0265 0x0a90  [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
00:27:51.0265 0x0a90  avgnt - ok
00:27:51.0328 0x0a90  [ 69607799E8D83684A0555A7080BD9B1D, D444ACA6C76754D8D4E4DB89809A0C5B38CCD0E6099211CB26B74E95BC496BCE ] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
00:27:51.0375 0x0a90  Aimersoft Helper Compact.exe - ok
00:27:51.0453 0x0a90  [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
00:27:51.0500 0x0a90  DivXUpdate - ok
00:27:51.0531 0x0a90  [ BA18CFAB98426BFA6D6EC7E5B1961ED0, 540BF2CFDB099296F2AA24D192EFC5B013C88C0152763454521355ACBB50337D ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
00:27:51.0546 0x0a90  Avira Systray - ok
00:27:51.0562 0x0a90  [ 20F0FD2AF9C3C9BDE39BEE469F5A9928, DD829A6B75C79854139112AC08BFD7BA26225EE44A1FF1124CA23481A5576CBE ] C:\WINDOWS\system32\tscupgrd.exe
00:27:51.0562 0x0a90  tscuninstall - ok
00:27:51.0562 0x0a90  [ 20F0FD2AF9C3C9BDE39BEE469F5A9928, DD829A6B75C79854139112AC08BFD7BA26225EE44A1FF1124CA23481A5576CBE ] C:\WINDOWS\system32\tscupgrd.exe
00:27:51.0562 0x0a90  tscuninstall - ok
00:27:51.0578 0x0a90  [ 20F0FD2AF9C3C9BDE39BEE469F5A9928, DD829A6B75C79854139112AC08BFD7BA26225EE44A1FF1124CA23481A5576CBE ] C:\WINDOWS\system32\tscupgrd.exe
00:27:51.0578 0x0a90  tscuninstall - ok
00:27:51.0578 0x0a90  Waiting for KSN requests completion. In queue: 210
00:27:52.0609 0x0a90  AV detected via SS1: Avira Desktop, 14.0.4.620, enabled, updated
00:27:52.0906 0x0a90  ============================================================
00:27:52.0906 0x0a90  Scan finished
00:27:52.0906 0x0a90  ============================================================
00:27:52.0906 0x0aac  Detected object count: 0
00:27:52.0906 0x0aac  Actual detected object count: 0
 


  • 0

#40
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

I tried both links for ComboFix but both of them wouldn't work.  The message says that my OpSys is not supported. I have XP Pro x64.

Attached Thumbnails

  • ComboFix not for XP x64.jpg

Edited by Denisejm, 02 January 2015 - 11:36 PM.

  • 0

Advertisements


#41
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Hi Denisejm,

My bad--that tool indeed does not support 64-bit versions of Windows XP.  :blush: Is SUPERAntiSpyware still installed in your machine? It appears to be. The below script will remove malware and remnants of security programs you have installed in the past.

  • Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
    • SpyHunter
    Inform me if you encounter problems in the removal process.
  • Step 2

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    EmptyTemp:
    CloseProcesses:
    HKLM\...\Run: [SpyHunter Security Suite] => "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
    C:\Program Files\Enigma Software Group
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-1560305870-1003223559-3566357663-500\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> Yahoo! URL = http://search.yahoo....-8&fr=chr-iobit
    R2 Eventlog;  [X]
    S3 WinHttpAutoProxySvc; winhttp.dll [X]
    2014-12-31 01:39 - 2014-12-31 01:39 - 00000000 ____D () C:\Program Files (x86)\Advanced WindowsCare V2
    2014-12-31 01:39 - 2014-12-31 01:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced WindowsCare V2 Personal
    2014-12-31 00:01 - 2014-12-31 00:01 - 00000823 _____ () C:\Documents and Settings\Administrator\Desktop\SpyHunter.lnk
    2014-12-20 00:46 - 2014-12-20 00:48 - 00000000 ____D () C:\Adobe_Flash_Player_Firefox_Mozilla_Opera_Chrome_64bit_v11
    2014-12-19 12:33 - 2014-12-19 12:33 - 00000782 _____ () C:\Firefox  34.0.5.lnk
    2014-12-08 19:20 - 2014-10-28 11:26 - 00354520 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
    2014-12-08 19:20 - 2014-10-28 11:26 - 00286424 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
    2014-12-13 21:14 - 2014-10-28 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
    2014-12-13 21:12 - 2014-10-28 10:44 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security.evt
    2014-12-13 21:14 - 2014-10-28 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
    2014-12-13 21:12 - 2014-10-28 10:44 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security.evt
    2014-12-20 01:18 - 2011-08-02 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2014-12-22 17:13 - 2009-05-29 07:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
    2014-12-13 21:29 - 2014-12-13 21:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\LavasoftStatistics
    2014-12-29 08:43 - 2011-03-18 13:31 - 00000000 ____D () C:\Program Files (x86)\WindowsCare v2.7
    2014-12-31 00:22 - 2009-05-29 06:01 - 00001615 _____ () C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Remote Assistance.lnk
    2014-12-30 23:31 - 2013-11-10 09:44 - 00000134 _____ () C:\Documents and Settings\Administrator\Desktop\Internet Explorer Troubleshooting.url
    2014-12-19 12:23 - 2014-12-19 12:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2014-12-18 23:31 - 2014-12-19 00:23 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
    2014-12-18 23:28 - 2014-12-19 12:23 - 00000000 ____D () C:\Program Files (x86)\Spybot S&D v
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Avast\AvastEmUpdate.exe
    2014-12-31 08:53 - 2014-06-06 18:32 - 00000300 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
      • Click Finish after.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'Fix It by Microsoft' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Follow the on-screen instructions as it attempts to uninstall Internet Explorer 8.
    • Wait for it to finish. It won't take long.
    • Please do not install Internet Explorer 8 after.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

  • 0

#42
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

SpyHunter wasn't listed in Add/Remove Programs or RevoUninstaller.  I did a search for SpyHunter and it came up with 4 files.  It had an uninstaller but it didn't work so I set a System Restore point and deleted the items.

 

After I did the FRST fix, my pc stopped before reaching my desktop.  The error message said "lsass.exe - System Error  Object Name not found."  I tried rebooting but got the same message.  So I tapped F5 and chose "Last Known Configuration that worked" and my pc was able to boot to my desktop again.  Is there a way to do the fix without getting the lsass.exe error message?

 

This is the FixLog.txt but whatever good it did was lost when I had to go back to "Last Known Configuration that worked":

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 02
Ran by Administrator at 2015-01-03 10:49:39 Run:5
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
mp:
CloseProcesses:
HKLM\...\Run: [SpyHunter Security Suite] => "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
C:\Program Files\Enigma Software Group
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> Yahoo! URL = http://search.yahoo....-8&fr=chr-iobit
R2 Eventlog;  [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
2014-12-31 01:39 - 2014-12-31 01:39 - 00000000 ____D () C:\Program Files (x86)\Advanced WindowsCare V2
2014-12-31 01:39 - 2014-12-31 01:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced WindowsCare V2 Personal
2014-12-31 00:01 - 2014-12-31 00:01 - 00000823 _____ () C:\Documents and Settings\Administrator\Desktop\SpyHunter.lnk
2014-12-20 00:46 - 2014-12-20 00:48 - 00000000 ____D () C:\Adobe_Flash_Player_Firefox_Mozilla_Opera_Chrome_64bit_v11
2014-12-19 12:33 - 2014-12-19 12:33 - 00000782 _____ () C:\Firefox  34.0.5.lnk
2014-12-08 19:20 - 2014-10-28 11:26 - 00354520 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2014-12-08 19:20 - 2014-10-28 11:26 - 00286424 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2014-12-13 21:14 - 2014-10-28 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
2014-12-13 21:12 - 2014-10-28 10:44 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security.evt
2014-12-13 21:14 - 2014-10-28 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
2014-12-13 21:12 - 2014-10-28 10:44 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security.evt
2014-12-20 01:18 - 2011-08-02 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-12-22 17:13 - 2009-05-29 07:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-12-13 21:29 - 2014-12-13 21:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\LavasoftStatistics
2014-12-29 08:43 - 2011-03-18 13:31 - 00000000 ____D () C:\Program Files (x86)\WindowsCare v2.7
2014-12-31 00:22 - 2009-05-29 06:01 - 00001615 _____ () C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Remote Assistance.lnk
2014-12-30 23:31 - 2013-11-10 09:44 - 00000134 _____ () C:\Documents and Settings\Administrator\Desktop\Internet Explorer Troubleshooting.url
2014-12-19 12:23 - 2014-12-19 12:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-18 23:31 - 2014-12-19 00:23 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-12-18 23:28 - 2014-12-19 12:23 - 00000000 ____D () C:\Program Files (x86)\Spybot S&D v
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Avast\AvastEmUpdate.exe
2014-12-31 08:53 - 2014-06-06 18:32 - 00000300 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
*****************

mp: => Error: No automatic fix found for this entry.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpyHunter Security Suite => value deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Yahoo!" => Key deleted successfully.
HKCR\CLSID\Yahoo! => Key not found.
Eventlog => Unable to stop service
Eventlog => Service deleted successfully.
WinHttpAutoProxySvc => Service deleted successfully.
C:\Program Files (x86)\Advanced WindowsCare V2 => Moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced WindowsCare V2 Personal => Moved successfully.
"C:\Documents and Settings\Administrator\Desktop\SpyHunter.lnk" => File/Directory not found.
C:\Adobe_Flash_Player_Firefox_Mozilla_Opera_Chrome_64bit_v11 => Moved successfully.
C:\Firefox  34.0.5.lnk => Moved successfully.
C:\WINDOWS\system32\cmdvrt64.dll => Moved successfully.
C:\WINDOWS\SysWOW64\cmdvrt32.dll => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Comodo => Moved successfully.
Could not move "C:\WINDOWS\system32\config\COMODO Internet Security.evt" => Scheduled to move on reboot.
"C:\Documents and Settings\All Users\Application Data\Comodo" => File/Directory not found.
Could not move "C:\WINDOWS\system32\config\COMODO Internet Security.evt" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Lavasoft => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\LavasoftStatistics => Moved successfully.
C:\Program Files (x86)\WindowsCare v2.7 => Moved successfully.
C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Remote Assistance.lnk => Moved successfully.
C:\Documents and Settings\Administrator\Desktop\Internet Explorer Troubleshooting.url => Moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy => Moved successfully.
C:\WINDOWS\system32\config\SpybotSD.evt => Moved successfully.
C:\Program Files (x86)\Spybot S&D v => Moved successfully.
C:\WINDOWS\Tasks\avast! Emergency Update.job => Moved successfully.
"C:\WINDOWS\Tasks\avast! Emergency Update.job" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-03 10:57:43)<=

"C:\WINDOWS\system32\config\COMODO Internet Security.evt" => File could not move.
"C:\WINDOWS\system32\config\COMODO Internet Security.evt" => File could not move.

==== End of Fixlog 10:57:43 ====

 

 

 


  • 0

#43
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/3/2015
Scan Time: 11:20:41 AM
Logfile: MBAM Results Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.03.07
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322141
Time Elapsed: 7 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#44
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

Through all of this, even when I "uninstalled" IE, the icons are still on my desktop and task bar.  I just clicked on them but IE didn't open.  I didn't reinstall them.  I didn't get a .txt report but, after it rebooted, the results were opened on my desktop.

 

Edit:  An IE icon is also in my Start Menu.  It doesn't work either.

Attached Thumbnails

  • MicrosoftFixit.JPG

Edited by Denisejm, 03 January 2015 - 10:53 AM.

  • 0

#45
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi Denisejm,

Do you happen to have your installation disc with you? There are missing system files that need to be replaced, and I suspect there are other corrupt files just waiting to be found. The process requires Internet Explorer to be uninstalled so please keep it that way for now. Know that the repair process will only touch system files as well and will not harm any of your documents. While you are at it, please give me fresh FRST logs so we can see which lines have been removed or otherwise.
 

SpyHunter wasn't listed in Add/Remove Programs or RevoUninstaller.  I did a search for SpyHunter and it came up with 4 files.  It had an uninstaller but it didn't work so I set a System Restore point and deleted the items.

 
Ah, you actually did not have to bother--the script I included will also remove the remnants of the said installation in case you could not locate the entry. Post back in the future first next time! ;)
 

mp:

 
A portion of the fix seems to have been copied incorrectly.
 

Through all of this, even when I "uninstalled" IE, the icons are still on my desktop and task bar.  I just clicked on them but IE didn't open.  I didn't reinstall them.  I didn't get a .txt report but, after it rebooted, the results were opened on my desktop.
 
Edit:  An IE icon is also in my Start Menu.  It doesn't work either.


Since it has been "uninstalled" (but apparently left behind remnants), don't expect that it will. I assume by "doesn't work" you mean nothing happens when any of the icons are clicked?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP