Inactive Forced Restart upon Internet Connection "You are about to be logged off"

danbe · Mar 12, 2014

Hello, I seem to have about the same problem as the user in this thread:

https://www.techspot.com/community/...ws-has-encountered-a-critical-problem.184550/

If I connect to the internet, after a few minutes a prompt shows, saying that Windows has encountered a critical error and will now restart in one minute. The window has the heading "You are about to be logged off". Whether I click OK or do nothing, Windows restarts in about a minute.

What I've tried is uninstalling the driver for my network adapter and letting Windows reinstall it after manually restarting. Afterwards I was able to browse the internet for at least 20 or 30 minutes before getting the error. I'm now posting this in Safe Mode with no hassles.

I got this computer for free from a friend and it came like this. It's 32-bit windows 7. If anyone can help me, does this sound like malware or just an error? Can someone please help me like the kind person in the thread above, and should I follow the same directions in the first post? I have run full MWB and Avira scans, and done the Memory Diag. with no issues except MWB found 1 PUP, which I deleted but it seemed more like a false positive.

Broni · Mar 12, 2014

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Run the following tool from safe mode.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

danbe · Mar 13, 2014

Thank you Broni.

The first time I ran FRST I forgot to run it in safe mode. I ran it a second time in safe mode so the following FRST.txt is from safe mode but it wouldn't create another Addition.txt so that file was run under normal. If that's a problem let me know how to create another one.

FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-03-2014 01
Ran by 2013-12 Guest (administrator) on RTW-HM2 on 13-03-2014 21:54:18
Running from C:\Users\2013-12 Guest\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\helppane.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [101136 2007-01-11] (Logitech Inc.)
HKLM\...\Run: [Bluetooth HCI Monitor] - C:\Windows\system32\HCIMNTR.DLL [9728 2006-12-07] (Logitech Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BDRegion] - C:\Program Files\Cyberlink\Shared Files\brs.exe [91432 2008-05-07] (cyberlink)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2008-02-22] ()
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE [101136 2007-01-11] (Logitech Inc.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [87336 2008-04-09] (Cyberlink Corp.)
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8BEA2C70C226CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - FB51BF31761D41E49FB20C9B45D1B11B URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: SmartSwipe - {9EA1D653-4A77-4FF0-A3CE-C83466E835B1} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - SmartSwipe - {9EA1D653-4A77-4FF0-A3CE-C83466E835B1} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\2013-12 Guest\AppData\Roaming\Mozilla\Firefox\Profiles\t85oa6ed.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\2013-12 Guest\AppData\Roaming\Mozilla\Firefox\Profiles\t85oa6ed.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-03-04]
FF Extension: NoScript - C:\Users\2013-12 Guest\AppData\Roaming\Mozilla\Firefox\Profiles\t85oa6ed.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-04]
FF Extension: Adblock Plus - C:\Users\2013-12 Guest\AppData\Roaming\Mozilla\Firefox\Profiles\t85oa6ed.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-04]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010-12-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\9.0.0.18\
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\9.0.0.18\ []
FF HKLM\...\Firefox\Extensions: [smartswipe@netsecuretechnologies.com] - C:\Program Files\NetSecure\SmartSwipe\Firefox
FF Extension: SmartSwipe - C:\Program Files\NetSecure\SmartSwipe\Firefox [2012-02-07]

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-12] (Creative Labs)
S2 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [110592 2007-02-20] (Logitech Inc.)
S2 lxdi_device; C:\Windows\system32\lxdicoms.exe [517040 2007-06-11] ( )
S2 NSTSECSvc; C:\Program Files\NetSecure\SmartSwipe\NSTSECSvc_32.EXE [142040 2012-01-31] (NetSecure Technologies Ltd.)
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-02-14] ()
S2 QuickBooksDB18; C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [X]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-14] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-14] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
S1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [273552 2010-11-30] (EldoS Corporation)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
S3 Jukebox; C:\Windows\System32\DRIVERS\ctpdusb2.sys [16752 2004-09-29] (Creative Technology Ltd.)
S3 LazerUsb; C:\Windows\System32\DRIVERS\LazerUsb.sys [5739520 2007-10-16] (Lumanate Inc.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [84512 2011-10-16] (Acronis)
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [61424 2008-05-07] (Cyberlink Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-13 21:36 - 2014-03-13 21:36 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-03-12 21:42 - 2014-03-12 21:43 - 00038118 _____ () C:\Users\2013-12 Guest\Downloads\Addition.txt
2014-03-12 21:41 - 2014-03-13 21:54 - 00013326 _____ () C:\Users\2013-12 Guest\Downloads\FRST.txt
2014-03-12 21:41 - 2014-03-13 21:54 - 00000000 ____D () C:\FRST
2014-03-12 21:36 - 2014-03-12 21:36 - 00000333 _____ () C:\Users\2013-12 Guest\Desktop\techdirect.txt
2014-03-12 20:58 - 2014-03-12 20:58 - 01145856 _____ (Farbar) C:\Users\2013-12 Guest\Downloads\FRST.exe
2014-03-12 19:47 - 2014-03-12 19:47 - 03469871 _____ (LIGHTNING UK!) C:\Users\2013-12 Guest\Downloads\SetupImgBurn_2.5.8.0.exe
2014-03-12 19:38 - 2014-03-12 19:38 - 00000072 _____ () C:\Users\2013-12 Guest\Downloads\setup-x86.exe.sig
2014-03-12 19:37 - 2014-03-12 19:37 - 00742912 _____ () C:\Users\2013-12 Guest\Downloads\setup-x86.exe
2014-03-12 19:36 - 2014-03-12 19:36 - 00184707 _____ () C:\Users\2013-12 Guest\Downloads\Install-winMd5Sum.exe
2014-03-12 18:44 - 2014-03-12 20:03 - 00000000 ____D () C:\Users\2013-12 Guest\Downloads\Intret
2014-03-12 18:33 - 2014-03-12 19:10 - 729808896 _____ () C:\Users\2013-12 Guest\Downloads\lubuntu-13.10-desktop-i386.iso
2014-03-11 21:08 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 21:08 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 21:08 - 2014-02-28 23:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 21:08 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 21:08 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 21:08 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 21:08 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 21:08 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 21:08 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 21:08 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 21:08 - 2014-02-28 22:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 21:08 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 21:08 - 2014-02-28 22:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 21:08 - 2014-02-28 22:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 21:08 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 21:08 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 21:08 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 21:08 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 21:08 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 21:08 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 21:08 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 21:08 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 21:08 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 21:08 - 2014-01-27 21:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 21:06 - 2014-02-06 20:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 21:06 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 21:06 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-04 18:02 - 2014-03-04 18:02 - 04765152 _____ (Piriform Ltd) C:\Users\2013-12 Guest\Downloads\ccsetup411.exe
2014-03-04 18:01 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-04 18:01 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-04 18:01 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-04 18:00 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-04 18:00 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-04 18:00 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-04 18:00 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-04 18:00 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-04 18:00 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-04 18:00 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-04 18:00 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-04 18:00 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-04 18:00 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-04 18:00 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-04 04:23 - 2014-03-13 21:35 - 00137028 _____ () C:\Windows\setupact.log
2014-03-04 04:23 - 2014-03-04 04:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 04:22 - 2014-03-04 04:22 - 00101966 _____ () C:\Windows\PFRO.log
2014-03-04 04:01 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-03 23:09 - 2014-03-03 23:09 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Avira
2014-03-03 23:05 - 2014-03-03 23:05 - 00000000 ____D () C:\ProgramData\Avira
2014-03-03 23:05 - 2014-03-03 23:05 - 00000000 ____D () C:\Program Files\Avira
2014-03-03 23:05 - 2014-02-14 12:00 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-03 23:05 - 2014-02-14 12:00 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-03 23:05 - 2014-02-14 12:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-03 23:05 - 2014-02-14 12:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-03-03 22:39 - 2014-03-03 22:45 - 137044488 _____ () C:\Users\2013-12 Guest\Downloads\avira_free_antivirus_en.exe
2014-03-03 22:12 - 2014-03-03 22:12 - 04462384 _____ (AVG Technologies) C:\Users\2013-12 Guest\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-03 22:12 - 2014-03-03 22:12 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\MFAData
2014-03-03 22:12 - 2014-03-03 22:12 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Avg2014
2014-03-03 20:48 - 2014-03-03 20:48 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf374bc8d5a0ed.job
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Mozilla
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Mozilla
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Malwarebytes
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 20:36 - 2013-04-04 15:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2014-03-13 21:54 - 2014-03-12 21:41 - 00013326 _____ () C:\Users\2013-12 Guest\Downloads\FRST.txt
2014-03-13 21:54 - 2014-03-12 21:41 - 00000000 ____D () C:\FRST
2014-03-13 21:44 - 2010-11-20 16:01 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 21:38 - 2011-10-11 23:14 - 01267058 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 21:38 - 2011-10-11 22:01 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 21:38 - 2011-10-11 22:01 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 21:36 - 2014-03-13 21:36 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-03-13 21:35 - 2014-03-04 04:23 - 00137028 _____ () C:\Windows\setupact.log
2014-03-13 21:35 - 2010-12-28 13:45 - 00000480 _____ () C:\Windows\Tasks\SDMsgUpdate (SD).job
2014-03-13 21:35 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 21:35 - 2008-06-16 20:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-12 21:43 - 2014-03-12 21:42 - 00038118 _____ () C:\Users\2013-12 Guest\Downloads\Addition.txt
2014-03-12 21:41 - 2010-11-17 00:18 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 21:36 - 2014-03-12 21:36 - 00000333 _____ () C:\Users\2013-12 Guest\Desktop\techdirect.txt
2014-03-12 20:58 - 2014-03-12 20:58 - 01145856 _____ (Farbar) C:\Users\2013-12 Guest\Downloads\FRST.exe
2014-03-12 20:03 - 2014-03-12 18:44 - 00000000 ____D () C:\Users\2013-12 Guest\Downloads\Intret
2014-03-12 19:47 - 2014-03-12 19:47 - 03469871 _____ (LIGHTNING UK!) C:\Users\2013-12 Guest\Downloads\SetupImgBurn_2.5.8.0.exe
2014-03-12 19:38 - 2014-03-12 19:38 - 00000072 _____ () C:\Users\2013-12 Guest\Downloads\setup-x86.exe.sig
2014-03-12 19:37 - 2014-03-12 19:37 - 00742912 _____ () C:\Users\2013-12 Guest\Downloads\setup-x86.exe
2014-03-12 19:36 - 2014-03-12 19:36 - 00184707 _____ () C:\Users\2013-12 Guest\Downloads\Install-winMd5Sum.exe
2014-03-12 19:10 - 2014-03-12 18:33 - 729808896 _____ () C:\Users\2013-12 Guest\Downloads\lubuntu-13.10-desktop-i386.iso
2014-03-12 18:29 - 2011-10-30 09:28 - 00000000 ____D () C:\Windows\pss
2014-03-12 18:23 - 2009-07-13 23:33 - 00725504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 18:22 - 2008-06-16 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 05:40 - 2008-06-16 20:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 21:10 - 2009-10-23 18:47 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1000UA.job
2014-03-11 20:59 - 2011-09-27 14:34 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1004UA.job
2014-03-04 18:57 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-04 18:30 - 2009-11-30 20:17 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1003UA.job
2014-03-04 18:24 - 2011-10-18 15:36 - 00000000 ___RD () C:\Program Files\Skype
2014-03-04 18:24 - 2008-08-22 11:20 - 00000000 ____D () C:\ProgramData\Skype
2014-03-04 18:02 - 2014-03-04 18:02 - 04765152 _____ (Piriform Ltd) C:\Users\2013-12 Guest\Downloads\ccsetup411.exe
2014-03-04 04:23 - 2014-03-04 04:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 04:22 - 2014-03-04 04:22 - 00101966 _____ () C:\Windows\PFRO.log
2014-03-04 04:21 - 2011-10-12 22:02 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-03-04 04:21 - 2011-10-12 22:02 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-03-04 04:05 - 2013-07-13 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-04 04:03 - 2011-10-12 21:38 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-03 23:59 - 2011-09-27 14:34 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1004Core.job
2014-03-03 23:09 - 2014-03-03 23:09 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Avira
2014-03-03 23:05 - 2014-03-03 23:05 - 00000000 ____D () C:\ProgramData\Avira
2014-03-03 23:05 - 2014-03-03 23:05 - 00000000 ____D () C:\Program Files\Avira
2014-03-03 23:02 - 2011-12-11 17:54 - 00000000 ____D () C:\Program Files\Avanquest
2014-03-03 23:02 - 2008-06-16 20:05 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-03 23:01 - 2013-12-11 20:04 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Apple Computer
2014-03-03 23:01 - 2011-10-17 14:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-03 23:00 - 2011-01-09 19:54 - 00000000 ____D () C:\Program Files\Garmin
2014-03-03 22:58 - 2013-06-24 20:47 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-03 22:56 - 2012-09-23 10:59 - 00000000 ____D () C:\Program Files\NCH Software
2014-03-03 22:55 - 2011-10-11 22:04 - 00000000 ____D () C:\ProgramData\Creative
2014-03-03 22:45 - 2014-03-03 22:39 - 137044488 _____ () C:\Users\2013-12 Guest\Downloads\avira_free_antivirus_en.exe
2014-03-03 22:38 - 2010-11-16 15:27 - 00000000 ____D () C:\Program Files\Allway Sync
2014-03-03 22:25 - 2011-10-16 11:22 - 00000000 ____D () C:\Program Files\Common Files\Acronis
2014-03-03 22:19 - 2008-06-16 21:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-03 22:13 - 2010-12-12 13:48 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-03 22:12 - 2014-03-03 22:12 - 04462384 _____ (AVG Technologies) C:\Users\2013-12 Guest\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-03 22:12 - 2014-03-03 22:12 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\MFAData
2014-03-03 22:12 - 2014-03-03 22:12 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Avg2014
2014-03-03 21:10 - 2009-10-23 18:47 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1000Core.job
2014-03-03 20:48 - 2014-03-03 20:48 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf374bc8d5a0ed.job
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Mozilla
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Mozilla
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Malwarebytes
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-28 23:30 - 2014-03-11 21:08 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 23:11 - 2014-03-11 21:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 23:10 - 2014-03-11 21:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 22:52 - 2014-03-11 21:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 22:51 - 2014-03-11 21:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-11 21:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 22:43 - 2014-03-11 21:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 22:43 - 2014-03-11 21:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 22:40 - 2014-03-11 21:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 22:38 - 2014-03-11 21:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 22:38 - 2014-03-11 21:08 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 22:37 - 2014-03-11 21:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 22:31 - 2014-03-11 21:08 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 22:25 - 2014-03-11 21:08 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 22:16 - 2014-03-11 21:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:14 - 2014-03-11 21:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:03 - 2014-03-11 21:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:00 - 2014-03-11 21:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 21:57 - 2014-03-11 21:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 21:32 - 2014-03-11 21:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 21:27 - 2014-03-11 21:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:25 - 2014-03-11 21:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-19 18:17 - 2013-12-11 20:03 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Adobe
2014-02-19 18:16 - 2013-12-11 20:04 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Adobe
2014-02-14 12:00 - 2014-03-03 23:05 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-14 12:00 - 2014-03-03 23:05 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-14 12:00 - 2014-03-03 23:05 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-14 12:00 - 2014-03-03 23:05 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

Some content of TEMP:
====================
C:\Users\2013-12 Guest\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!

LastRegBack: 2014-03-04 01:15

==================== End Of Log ============================

danbe · Mar 13, 2014

ADDITION.TXT:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-03-2014 01
Ran by 2013-12 Guest at 2014-03-13 21:54:39
Running from C:\Users\2013-12 Guest\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.6 - Hewlett-Packard) Hidden
32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
3ivx MPEG-4 5.0.2 (remove only) (HKLM\...\3ivx MPEG-4 5.0.2) (Version: 5.0.2 - 3ivx Technologies, Pty. Ltd.)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDDRV_Installer (Version: 1.00.0000 - Logitech Inc.) Hidden
Creative ALchemy (HKLM\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
DVD Architect Studio 5.0 (HKLM\...\{8292F88E-2DB7-456B-A8F1-9079B7432A1E}) (Version: 5.0.128 - Sony)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HP LaserJet P3010 Series PCL 6 (HKLM\...\HP LaserJet P3010 Series PCL 6) (Version: 10/09/2008 61.083.41.03 - HP)
HP LaserJet P3010 Series Screen Fonts (HKLM\...\{CB71331A-9DCE-4A0D-B527-FD96BD5CFC4A}) (Version: 2.0.0.0 - Hewlett Packard, Co.)
HP LaserJet P3010 Series User Guide (HKLM\...\{06C4BA69-5210-4707-B5BE-E26D487E1854}) (Version: 1.0.0.0 - Hewlett Packard, Co.)
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
iolo technologies' System Mechanic 5 Professional (HKLM\...\iolo technologies' System Mechanic 5 Professional) (Version: - iolo technologies, LLC)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Java(TM) 6 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.)
Java(TM) 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KhalSetup (Version: 3.21.29 - Logitech) Hidden
Learn to Use Excel 2010 (HKLM\...\{5746D17A-0D04-4EA2-9036-70E69BFCB5D9}) (Version: 1.00 - Avanquest)
Learn to Use Powerpoint 2010 (HKLM\...\{548ACC30-4392-4DE3-A9D9-52C1484AD005}) (Version: 1.00 - Avanquest)
Learn to Use Windows 7 (HKLM\...\{482DEE41-EC3D-461A-AF86-3C113AE84FB4}) (Version: 1.00 - Avanquest)
Learn to Use Word 2010 (HKLM\...\{7B8B7D94-FD67-46EC-A509-8D9D49D99D4B}) (Version: 1.00 - Avanquest)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NewBlue Cartoonr for Vegas (HKLM\...\NewBlue Cartoonr for Vegas) (Version: - )
NewBlue VideoFX for Sony Vegas MSPS (HKLM\...\NewBlue VideoFX for Sony Vegas MSPS) (Version: - )
NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Control Panel 320.78 (Version: 320.78 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2078 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 2.4 (HKLM\...\{2CD2C0DB-81C3-416B-9FA6-589B9235359B}) (Version: 2.4.9310 - OpenOffice.org)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (Version: 7.3.2830.0 - CyberLink Corporation) Hidden
PowerDVD Ultra (HKLM\...\InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.2830.0 - CyberLink Corporation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Serif DrawPlus X4 (HKLM\...\{EEA1BB90-CF27-449E-B269-0C5A660AC4C1}) (Version: 11.0.3.023 - Serif (Europe) Ltd)
Serif PagePlus X4 (HKLM\...\{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}) (Version: 14.0.5.027 - Serif (Europe) Ltd)
Serif PagePlus X4 Resources (HKLM\...\{A93EC091-461F-46EE-BAE1-327EB608AA60}) (Version: 14.0.1.010 - Serif (Europe) Ltd)
Serif Premium Template Pack 1 for WebPlus (HKLM\...\{0A1CAF84-CDC8-477F-997F-800AB090EA46}) (Version: 12.0.0.012 - Serif (Europe) Ltd)
Serif WebPlus X4 (HKLM\...\{9ADA45A0-8043-470A-8E8B-02EA7D95F896}) (Version: 12.0.5.033 - Serif (Europe) Ltd)
Serif WebPlus X4 Resources (HKLM\...\{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}) (Version: 12.0.0.008 - Serif (Europe) Ltd)
SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 3.2 - Logitech)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartDraw VP (HKLM\...\SmartDraw VP) (Version: - SmartDraw.com)
SmartFTP Client (HKLM\...\{A19B28F0-CA25-4180-A782-D4EDD758B708}) (Version: 4.0.1123.0 - SmartSoft Ltd.)
SmartFTP Client 4.0 Setup Files (remove only) (HKLM\...\SmartFTP Client 4.0 Setup Files) (Version: 4.0 - SmartSoft Ltd)
SmartSwipe (HKLM\...\SmartSwipe) (Version: 7.219.1718.0 - NetSecure Technologies)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sony Vocal Eraser (HKLM\...\Sony Vocal Eraser_is1) (Version: 1.00 - iZotope, Inc.)
Sound Forge Audio Studio 10.0 (HKLM\...\{6473C0E9-9763-4D94-808A-B250540AA750}) (Version: 10.0.152 - Sony)
SRM Evaluation Software V 6.32.57 (HKLM\...\{AABCAF42-285D-4702-BD25-BAFE963C7A40}) (Version: 6.32.57 - SRM)
SRM Software 6.41.01 (HKLM\...\{DB124147-DDBA-4DDB-9434-FA76AB796648}) (Version: 6.41.01 - SRM)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Logitech HIDClass (10/16/2006 1.0) (HKLM\...\1EC636D2DBA2D9924E02E10DA797DEC16306C1A9) (Version: 10/16/2006 1.0 - Logitech)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))

==================== Restore Points =========================

22-01-2014 15:04:32 Scheduled Checkpoint
11-02-2014 00:43:57 Windows Update
11-02-2014 00:52:17 Windows Update
19-02-2014 22:53:22 Windows Update
04-03-2014 03:23:42 Removed Apple Software Update
04-03-2014 03:24:48 Removed Acronis Sync Agent
04-03-2014 03:31:48 Removed Apple Application Support
04-03-2014 03:38:52 Removed Apple Mobile Device Support
04-03-2014 03:42:05 Removed Bonjour
04-03-2014 03:56:26 Removed Garmin Aviation Checklist Editor
04-03-2014 03:56:41 Removed Garmin Communicator Plugin
04-03-2014 03:57:02 Removed iTunes
04-03-2014 04:00:40 Removed Garmin USB Drivers
04-03-2014 04:00:58 Removed iCloud
04-03-2014 04:02:08 Removed Learn to Use Outlook 2010
04-03-2014 09:00:13 Windows Update
04-03-2014 23:22:28 Windows Update
12-03-2014 10:38:25 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1BD532D9-DCE2-468E-9D82-B31AC13107D6} - System32\Tasks\{20365247-CC4C-4A0E-93CD-19FE2AEDC3FB} => C:\Program Files\Advanced System Optimizer\ffInfo.exe
Task: {2AC02D4A-105E-432D-A5CE-8DB6A51FA7EF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {37401BB5-BA76-4FED-8E4F-ACA717A38146} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {3C220F9F-3A9A-429A-99F3-2C746C2DBC02} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {4245CA09-E5A6-4567-9956-D4C5E8657C22} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1003Core => C:\Users\Ray-Home1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {51C50637-FC91-4D63-B7EB-EFD43127C09E} - System32\Tasks\{C2EA3F05-F614-4398-AE63-14DB5D914036} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {51E319BA-4CA2-4E00-A0A5-0424E22F9564} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6B67A659-3AFC-4976-9B8F-281CDDECCB1D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1003UA => C:\Users\Ray-Home1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {6BB7CE18-3E3E-442A-8F63-DD8141D2525B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6E536511-3D48-4B92-907B-4C697BE4F46A} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-16] (Google)
Task: {72CDF776-B79F-4ADF-88A4-33D3BC1E653D} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7C24E51D-E92B-43F2-9376-35BD409D58B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {7DB89DD1-19D6-4FCE-956A-C442E3D5C801} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-13] (Microsoft Corporation)
Task: {82091789-526B-4513-B8B6-01E413A0E180} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1004Core => C:\Users\Rachel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {8E631609-C4A7-4209-BBDE-2AB7D3CAFF15} - System32\Tasks\SDMsgUpdate (SD) => C:\Program Files\SmartDraw VP\Messages\SDNotify.exe [2010-04-06] ()
Task: {99FD7118-01C1-4A2F-B9FE-5DFD08051F56} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1004UA => C:\Users\Rachel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9DB8AD2A-B9FD-4839-86E4-6962D77265C5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {B21E59AD-7D03-454A-BB2C-71CB01D2971C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-17] (Google Inc.)
Task: {CC0DFB12-5C14-407D-96A7-54EC3D0B07B3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {F6828E09-9F2F-4595-A549-9B6687D85188} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf374bc8d5a0ed.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1003Core.job => C:\Users\Ray-Home1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1003UA.job => C:\Users\Ray-Home1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1004Core.job => C:\Users\Rachel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258004993-3407596818-3188613853-1004UA.job => C:\Users\Rachel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (SD).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe

==================== Loaded Modules (whitelisted) =============

2014-03-03 20:46 - 2014-02-12 19:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2014 09:41:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2014 09:36:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 09:40:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 06:32:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 06:24:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 05:39:23 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Silverlight -- Error 1704. An installation for Adobe Acrobat X Standard - English, Français, Deutsch is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (03/12/2014 05:35:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2014 09:17:37 PM) (Source: Wininit) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted.

Error: (03/11/2014 09:17:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: lsass.exe, version: 6.1.7601.18270, time stamp: 0x52423310
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x240
Faulting application start time: 0xlsass.exe0
Faulting application path: lsass.exe1
Faulting module path: lsass.exe2
Report Id: lsass.exe3

Error: (03/11/2014 08:51:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/13/2014 09:50:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2014 09:50:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2014 09:50:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2014 09:50:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2014 09:50:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2014 09:50:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2014 09:46:53 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2014 09:46:53 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2014 09:46:53 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2014 09:46:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (12/21/2010 08:53:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 785 seconds with 120 seconds of active time. This session ended with a crash.

Error: (12/07/2010 08:31:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1457 seconds with 60 seconds of active time. This session ended with a crash.

Error: (12/06/2010 07:39:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/06/2010 07:20:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/18/2010 00:33:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3616 seconds with 780 seconds of active time. This session ended with a crash.

Error: (11/17/2010 11:10:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12115 seconds with 1140 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2011-10-11 20:34:40.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:40.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:40.127
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.837
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.254
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 3325.92 MB
Available physical RAM: 2559.43 MB
Total Pagefile: 6650.13 MB
Available Pagefile: 5932.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:174.65 GB) NTFS
Drive d: () (Fixed) (Total:232.78 GB) (Free:230.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: EB275B50)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: B38EEE25)

Partition: GPT Partition Type.

==================== End Of Log ============================

Broni · Mar 13, 2014

Actually I don't see much there.

Download RogueKiller from one of the following links and save it to your Desktop:

Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

danbe · Mar 14, 2014

Should I do all of those steps while still in Safe Mode?

Broni · Mar 14, 2014

Only if running those tools in normal mode is giving you problems.

danbe · Mar 16, 2014

ROGUEKILLER LOG 1:

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : 2013-12 Guest [Admin rights]
Mode : Scan -- Date : 03/15/2014 19:39:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] t85oa6ed.default : AVG Security Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[84] : NtCreateSection @ 0x8323013D -> HOOKED (Unknown @ 0x91653076)
[Address] SSDT[299] : NtRequestWaitReplyPort @ 0x8324AB22 -> HOOKED (Unknown @ 0x91653080)
[Address] SSDT[316] : NtSetContextThread @ 0x832EA84F -> HOOKED (Unknown @ 0x9165307B)
[Address] SSDT[347] : NtSetSecurityObject @ 0x8320E805 -> HOOKED (Unknown @ 0x91653085)
[Address] SSDT[368] : NtSystemDebugControl @ 0x83292802 -> HOOKED (Unknown @ 0x9165308A)
[Address] SSDT[370] : NtTerminateProcess @ 0x83267D9A -> HOOKED (Unknown @ 0x91653017)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x9165309E)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x916530A3)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD2500JS-75NCB3 +++++
--- User ---
[MBR] 0962bc9e75882d986b1ccf7e6bed3aa0
[BSP] 742424819fe6f74e46c81eb48ac80b9b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 238362 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) WDC WD2500JS-75NCB3 +++++
--- User ---
[MBR] 57e54df97afd8b1ab81a49a599b123f6
[BSP] 8f9b2f99a9ac59f758c23c89b3e49c5e : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 238362 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03152014_193918.txt >>

LOG 2:

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : 2013-12 Guest [Admin rights]
Mode : Remove -- Date : 03/15/2014 19:40:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] t85oa6ed.default : AVG Security Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[84] : NtCreateSection @ 0x8323013D -> HOOKED (Unknown @ 0x91653076)
[Address] SSDT[299] : NtRequestWaitReplyPort @ 0x8324AB22 -> HOOKED (Unknown @ 0x91653080)
[Address] SSDT[316] : NtSetContextThread @ 0x832EA84F -> HOOKED (Unknown @ 0x9165307B)
[Address] SSDT[347] : NtSetSecurityObject @ 0x8320E805 -> HOOKED (Unknown @ 0x91653085)
[Address] SSDT[368] : NtSystemDebugControl @ 0x83292802 -> HOOKED (Unknown @ 0x9165308A)
[Address] SSDT[370] : NtTerminateProcess @ 0x83267D9A -> HOOKED (Unknown @ 0x91653017)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x9165309E)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x916530A3)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD2500JS-75NCB3 +++++
--- User ---
[MBR] 0962bc9e75882d986b1ccf7e6bed3aa0
[BSP] 742424819fe6f74e46c81eb48ac80b9b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 238362 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) WDC WD2500JS-75NCB3 +++++
--- User ---
[MBR] 57e54df97afd8b1ab81a49a599b123f6
[BSP] 8f9b2f99a9ac59f758c23c89b3e49c5e : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 238362 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03152014_194032.txt >>
RKreport[0]_S_03152014_193918.txt

danbe · Mar 16, 2014

MBAR: No malware was found.

MBAR LOG 1:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.15.06

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16521
2013-12 Guest :: RTW-HM2 [administrator]

3/15/2014 8:22:08 PM
mbar-log-2014-03-15 (20-22-08).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 300631
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

MBAR SYSTEM LOG:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.0.9600.16521

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 3487481856, free: 3037237248

Downloaded database version: v2014.03.15.06
Downloaded database version: v2014.02.20.01
Initializing...
=======================================
------------ Kernel report ------------
03/15/2014 20:22:03
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vsflt58.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\e1e6232.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStorV.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff869473e0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff86912ca8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff869217f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006b\
Lower Device Object: 0xffffffff8693c790
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8690a8c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006a\
Lower Device Object: 0xffffffff8693b8d0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff86925030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000069\
Lower Device Object: 0xffffffff8693c030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86307ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xffffffff84b81028
Lower Device Driver Name: \Driver\iaStorV\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86306030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff84b7d028
Lower Device Driver Name: \Driver\iaStorV\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86306030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86306d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86306030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86305990, DeviceName: Unknown, DriverName: \Driver\vidsflt58\
DevicePointer: 0xffffffff84b7d028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EB275B50

Partition information:

Partition 0 type is Other (0xde)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 112392
Partition is not bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 112640 Numsec = 488165376

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86307ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff863077a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86307ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86305cd8, DeviceName: Unknown, DriverName: \Driver\vidsflt58\
DevicePointer: 0xffffffff84b81028, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B38EEE25

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 112392

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 112640 Numsec = 488165376
Partition file system is NTFS
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250000000000 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff86925030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff869232f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86925030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86926020, DeviceName: Unknown, DriverName: \Driver\vidsflt58\
DevicePointer: 0xffffffff8693c030, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8690a8c0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8690a5a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8690a8c0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8692cbc8, DeviceName: Unknown, DriverName: \Driver\vidsflt58\
DevicePointer: 0xffffffff8693b8d0, DeviceName: \Device\0000006a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff869217f0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff869214d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff869217f0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86928ee8, DeviceName: Unknown, DriverName: \Driver\vidsflt58\
DevicePointer: 0xffffffff8693c790, DeviceName: \Device\0000006b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff869473e0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86946d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff869473e0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86947ee8, DeviceName: Unknown, DriverName: \Driver\vidsflt58\
DevicePointer: 0xffffffff86912ca8, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-112640-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

danbe · Mar 16, 2014

TDSSKiller: No threats found

Report part 1:

14:45:18.0801 0x128c TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
14:45:28.0707 0x128c ============================================================
14:45:28.0707 0x128c Current date / time: 2014/03/16 14:45:28.0707
14:45:28.0707 0x128c SystemInfo:
14:45:28.0707 0x128c
14:45:28.0707 0x128c OS Version: 6.1.7601 ServicePack: 1.0
14:45:28.0707 0x128c Product type: Workstation
14:45:28.0707 0x128c ComputerName: RTW-HM2
14:45:28.0707 0x128c UserName: 2013-12 Guest
14:45:28.0707 0x128c Windows directory: C:\Windows
14:45:28.0707 0x128c System windows directory: C:\Windows
14:45:28.0707 0x128c Processor architecture: Intel x86
14:45:28.0707 0x128c Number of processors: 4
14:45:28.0707 0x128c Page size: 0x1000
14:45:28.0707 0x128c Boot type: Normal boot
14:45:28.0707 0x128c ============================================================
14:45:33.0231 0x128c KLMD registered as C:\Windows\system32\drivers\85690741.sys
14:45:33.0355 0x128c System UUID: {781D8073-BEA8-E444-3B3D-BCE4200D145A}
14:45:33.0901 0x128c Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:45:33.0901 0x128c Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:45:33.0948 0x128c ============================================================
14:45:33.0948 0x128c \Device\Harddisk0\DR0:
14:45:33.0948 0x128c MBR partitions:
14:45:33.0948 0x128c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1D18D000
14:45:33.0948 0x128c \Device\Harddisk1\DR1:
14:45:33.0948 0x128c MBR partitions:
14:45:33.0948 0x128c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1D18D000
14:45:33.0948 0x128c ============================================================
14:45:34.0011 0x128c C: <-> \Device\Harddisk0\DR0\Partition1
14:45:34.0026 0x128c D: <-> \Device\Harddisk1\DR1\Partition1
14:45:34.0026 0x128c ============================================================
14:45:34.0026 0x128c Initialize success
14:45:34.0026 0x128c ============================================================
14:45:53.0355 0x13a4 ============================================================
14:45:53.0355 0x13a4 Scan started
14:45:53.0355 0x13a4 Mode: Manual;
14:45:53.0355 0x13a4 ============================================================
14:45:53.0355 0x13a4 KSN ping started
14:45:53.0464 0x13a4 KSN ping finished: false
14:45:53.0885 0x13a4 ================ Scan system memory ========================
14:45:53.0885 0x13a4 System memory - ok
14:45:53.0885 0x13a4 ================ Scan services =============================
14:45:54.0462 0x13a4 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:45:54.0478 0x13a4 1394ohci - ok
14:45:54.0540 0x13a4 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:45:54.0587 0x13a4 ACPI - ok
14:45:54.0618 0x13a4 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:45:54.0618 0x13a4 AcpiPmi - ok
14:45:54.0759 0x13a4 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:45:54.0774 0x13a4 AdobeARMservice - ok
14:45:54.0805 0x13a4 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:45:54.0837 0x13a4 adp94xx - ok
14:45:54.0868 0x13a4 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:45:54.0883 0x13a4 adpahci - ok
14:45:54.0915 0x13a4 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:45:54.0915 0x13a4 adpu320 - ok
14:45:54.0961 0x13a4 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:45:54.0961 0x13a4 AeLookupSvc - ok
14:45:55.0008 0x13a4 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
14:45:55.0039 0x13a4 AFD - ok
14:45:55.0086 0x13a4 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:45:55.0086 0x13a4 agp440 - ok
14:45:55.0149 0x13a4 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:45:55.0149 0x13a4 aic78xx - ok
14:45:55.0180 0x13a4 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
14:45:55.0195 0x13a4 ALG - ok
14:45:55.0211 0x13a4 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
14:45:55.0227 0x13a4 aliide - ok
14:45:55.0242 0x13a4 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:45:55.0242 0x13a4 amdagp - ok
14:45:55.0273 0x13a4 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
14:45:55.0273 0x13a4 amdide - ok
14:45:55.0289 0x13a4 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:45:55.0305 0x13a4 AmdK8 - ok
14:45:55.0320 0x13a4 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:45:55.0320 0x13a4 AmdPPM - ok
14:45:55.0351 0x13a4 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:45:55.0367 0x13a4 amdsata - ok
14:45:55.0398 0x13a4 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:45:55.0414 0x13a4 amdsbs - ok
14:45:55.0429 0x13a4 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:45:55.0429 0x13a4 amdxata - ok
14:45:55.0539 0x13a4 [ 4D282B9C5BB05DF92C9F3977DFB9F916, E6D49ED0D5FA26F2936FC97A0F1DFA38D1066AAF2EEFCE2931AF21B2CBE54CAD ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:45:55.0554 0x13a4 AntiVirSchedulerService - ok
14:45:55.0617 0x13a4 [ 65AF41A7A2C5B6693E1B4164E7632C3E, BA1DC45D7BB5307BD418D2BDFDBD1DD593439245A0A3F65FE6287F6F5198B999 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:45:55.0632 0x13a4 AntiVirService - ok
14:45:55.0710 0x13a4 [ DAB48CB546A895C3FC6219F298CC6DD7, 6E1B1402E4D63412C6FF47E9184636A7E7065089564C1A6C8BE0728D99F7FDBA ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
14:45:55.0788 0x13a4 AntiVirWebService - ok
14:45:55.0851 0x13a4 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
14:45:55.0851 0x13a4 AppID - ok
14:45:55.0897 0x13a4 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:45:55.0913 0x13a4 AppIDSvc - ok
14:45:55.0944 0x13a4 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
14:45:55.0960 0x13a4 Appinfo - ok
14:45:56.0007 0x13a4 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:45:56.0022 0x13a4 AppMgmt - ok
14:45:56.0038 0x13a4 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
14:45:56.0053 0x13a4 arc - ok
14:45:56.0069 0x13a4 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:45:56.0085 0x13a4 arcsas - ok
14:45:56.0241 0x13a4 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:45:56.0256 0x13a4 aspnet_state - ok
14:45:56.0287 0x13a4 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:45:56.0303 0x13a4 AsyncMac - ok
14:45:56.0334 0x13a4 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
14:45:56.0350 0x13a4 atapi - ok
14:45:56.0397 0x13a4 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:45:56.0443 0x13a4 AudioEndpointBuilder - ok
14:45:56.0459 0x13a4 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:45:56.0475 0x13a4 Audiosrv - ok
14:45:56.0506 0x13a4 [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:45:56.0506 0x13a4 avgntflt - ok
14:45:56.0537 0x13a4 [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:45:56.0553 0x13a4 avipbb - ok
14:45:56.0553 0x13a4 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:45:56.0568 0x13a4 avkmgr - ok
14:45:56.0615 0x13a4 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:45:56.0631 0x13a4 AxInstSV - ok
14:45:56.0677 0x13a4 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
14:45:56.0709 0x13a4 b06bdrv - ok
14:45:56.0740 0x13a4 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:45:56.0755 0x13a4 b57nd60x - ok
14:45:56.0787 0x13a4 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
14:45:56.0787 0x13a4 BDESVC - ok
14:45:56.0818 0x13a4 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
14:45:56.0818 0x13a4 Beep - ok
14:45:56.0849 0x13a4 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
14:45:56.0896 0x13a4 BFE - ok
14:45:56.0943 0x13a4 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
14:45:57.0005 0x13a4 BITS - ok
14:45:57.0021 0x13a4 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:45:57.0021 0x13a4 blbdrive - ok
14:45:57.0052 0x13a4 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:45:57.0067 0x13a4 bowser - ok
14:45:57.0067 0x13a4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:45:57.0083 0x13a4 BrFiltLo - ok
14:45:57.0099 0x13a4 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:45:57.0099 0x13a4 BrFiltUp - ok
14:45:57.0130 0x13a4 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
14:45:57.0145 0x13a4 Browser - ok
14:45:57.0177 0x13a4 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:45:57.0192 0x13a4 Brserid - ok
14:45:57.0208 0x13a4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:45:57.0223 0x13a4 BrSerWdm - ok
14:45:57.0239 0x13a4 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:45:57.0239 0x13a4 BrUsbMdm - ok
14:45:57.0255 0x13a4 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:45:57.0255 0x13a4 BrUsbSer - ok
14:45:57.0286 0x13a4 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:45:57.0301 0x13a4 BthEnum - ok
14:45:57.0301 0x13a4 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:45:57.0301 0x13a4 BTHMODEM - ok
14:45:57.0348 0x13a4 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:45:57.0364 0x13a4 BthPan - ok
14:45:57.0379 0x13a4 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:45:57.0411 0x13a4 BTHPORT - ok
14:45:57.0457 0x13a4 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
14:45:57.0473 0x13a4 bthserv - ok
14:45:57.0489 0x13a4 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:45:57.0489 0x13a4 BTHUSB - ok
14:45:57.0535 0x13a4 [ AA7E8990BD4762F3E0C3D21AA1655468, 88D97351253A45EAA603E414EC178D3F265C8C1993BD8FEEB0C326AACCD469EB ] cbfs3 C:\Windows\system32\drivers\cbfs3.sys
14:45:57.0551 0x13a4 cbfs3 - ok
14:45:57.0582 0x13a4 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:45:57.0582 0x13a4 cdfs - ok
14:45:57.0629 0x13a4 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:45:57.0645 0x13a4 cdrom - ok
14:45:57.0676 0x13a4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
14:45:57.0676 0x13a4 CertPropSvc - ok
14:45:57.0707 0x13a4 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
14:45:57.0707 0x13a4 circlass - ok
14:45:57.0754 0x13a4 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
14:45:57.0785 0x13a4 CLFS - ok
14:45:57.0816 0x13a4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:45:57.0832 0x13a4 clr_optimization_v2.0.50727_32 - ok
14:45:57.0847 0x13a4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:45:57.0925 0x13a4 clr_optimization_v4.0.30319_32 - ok
14:45:57.0941 0x13a4 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:45:57.0941 0x13a4 CmBatt - ok
14:45:57.0972 0x13a4 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:45:57.0972 0x13a4 cmdide - ok
14:45:58.0019 0x13a4 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
14:45:58.0050 0x13a4 CNG - ok
14:45:58.0066 0x13a4 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:45:58.0066 0x13a4 Compbatt - ok
14:45:58.0097 0x13a4 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:45:58.0097 0x13a4 CompositeBus - ok
14:45:58.0113 0x13a4 COMSysApp - ok
14:45:58.0159 0x13a4 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:45:58.0175 0x13a4 crcdisk - ok
14:45:58.0222 0x13a4 [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
14:45:58.0222 0x13a4 Creative ALchemy AL6 Licensing Service - ok
14:45:58.0269 0x13a4 [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:45:58.0284 0x13a4 Creative Audio Engine Licensing Service - ok
14:45:58.0331 0x13a4 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:45:58.0347 0x13a4 CryptSvc - ok
14:45:58.0393 0x13a4 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
14:45:58.0425 0x13a4 CSC - ok
14:45:58.0471 0x13a4 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
14:45:58.0487 0x13a4 CscService - ok
14:45:58.0518 0x13a4 [ 92EF3400636BD8E9CA6144B089A943F0, 9CCB1C10E89F6C30383531FBEB4D525B9A486E544812C2BCE7C8B0A551D2F451 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
14:45:58.0534 0x13a4 CT20XUT - ok
14:45:58.0549 0x13a4 [ 92EF3400636BD8E9CA6144B089A943F0, 9CCB1C10E89F6C30383531FBEB4D525B9A486E544812C2BCE7C8B0A551D2F451 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
14:45:58.0565 0x13a4 CT20XUT.SYS - ok
14:45:58.0581 0x13a4 [ 20F2E80701FDD71EDD8EAE474DB72BCC, DE2360791D5894F826EA93D498228641605577EF55C0221D35EDC6A6AD149A51 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
14:45:58.0596 0x13a4 ctac32k - ok
14:45:58.0627 0x13a4 [ 6DBE16DDF1EE79691443A0491308DD17, BD55F4D4122CFB115ADAE11A077B0D4B1C0EAF249A8B0A974353C53AFBCB4285 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
14:45:58.0659 0x13a4 ctaud2k - ok
14:45:58.0721 0x13a4 [ 07BA6D17E66879018B30B6C3F976EBED, 1759CE25519358A47E1B1FA02A415DB5D3F6B511AD3820D0AE8A1533B5DC83CD ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
14:45:58.0737 0x13a4 CTAudSvcService - ok
14:45:58.0799 0x13a4 [ 68ADFC2BF18CBDD7ACEE0EEEEB242D1E, EAD2B48249D5FC135C9D19418A10666E8602E1EC59BD6BB5C5D410EF15523D2D ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
14:45:58.0830 0x13a4 CTEXFIFX - ok
14:45:58.0877 0x13a4 [ 68ADFC2BF18CBDD7ACEE0EEEEB242D1E, EAD2B48249D5FC135C9D19418A10666E8602E1EC59BD6BB5C5D410EF15523D2D ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
14:45:58.0908 0x13a4 CTEXFIFX.SYS - ok
14:45:58.0924 0x13a4 [ 522F2A3DC88C8CA0C19A7D4BFDA38512, 64D0BFFE52DE39ECF0EDB297ECF6721A41D9DCBAE92609AA477FD317C0E45BB4 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
14:45:58.0939 0x13a4 CTHWIUT - ok
14:45:58.0939 0x13a4 [ 522F2A3DC88C8CA0C19A7D4BFDA38512, 64D0BFFE52DE39ECF0EDB297ECF6721A41D9DCBAE92609AA477FD317C0E45BB4 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
14:45:58.0939 0x13a4 CTHWIUT.SYS - ok
14:45:58.0955 0x13a4 [ 8895F03FF0F72D46F34212D0C545F17B, C8C537AEDC01955C65791EA0C304DF50C5DE53C423F98E760FA6C95AEC261530 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
14:45:58.0955 0x13a4 ctprxy2k - ok
14:45:58.0971 0x13a4 [ 17F772D7D1803956CA4C978634ACB977, 4C640F509934A4FB120096562E74B68A3E09A6B492C86914533768E24A4BE969 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
14:45:58.0971 0x13a4 ctsfm2k - ok
14:45:59.0033 0x13a4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
14:45:59.0049 0x13a4 DcomLaunch - ok
14:45:59.0080 0x13a4 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
14:45:59.0111 0x13a4 defragsvc - ok
14:45:59.0142 0x13a4 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:45:59.0142 0x13a4 DfsC - ok
14:45:59.0173 0x13a4 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:45:59.0205 0x13a4 Dhcp - ok
14:45:59.0251 0x13a4 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
14:45:59.0251 0x13a4 discache - ok
14:45:59.0283 0x13a4 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
14:45:59.0298 0x13a4 Disk - ok
14:45:59.0329 0x13a4 [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:45:59.0345 0x13a4 dmvsc - ok
14:45:59.0361 0x13a4 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:45:59.0376 0x13a4 Dnscache - ok
14:45:59.0423 0x13a4 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
14:45:59.0439 0x13a4 dot3svc - ok
14:45:59.0501 0x13a4 [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:45:59.0517 0x13a4 dot4 - ok
14:45:59.0548 0x13a4 [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:45:59.0548 0x13a4 Dot4Print - ok
14:45:59.0563 0x13a4 [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:45:59.0563 0x13a4 dot4usb - ok
14:45:59.0595 0x13a4 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
14:45:59.0595 0x13a4 DPS - ok
14:45:59.0626 0x13a4 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:45:59.0641 0x13a4 drmkaud - ok
14:45:59.0673 0x13a4 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:45:59.0704 0x13a4 DXGKrnl - ok
14:45:59.0735 0x13a4 [ 0535BFBEDB9378DDD15BDF9957D57D71, CA93DD66AF1DC8DFFE370C41EEDF57F6073B4859257BE35E30914F81C1478034 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
14:45:59.0735 0x13a4 e1express - ok
14:45:59.0782 0x13a4 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
14:45:59.0782 0x13a4 EapHost - ok
14:45:59.0907 0x13a4 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:46:00.0047 0x13a4 ebdrv - ok
14:46:00.0078 0x13a4 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS C:\Windows\System32\lsass.exe
14:46:00.0078 0x13a4 EFS - ok
14:46:00.0172 0x13a4 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:46:00.0219 0x13a4 ehRecvr - ok
14:46:00.0250 0x13a4 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
14:46:00.0250 0x13a4 ehSched - ok
14:46:00.0312 0x13a4 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:46:00.0343 0x13a4 elxstor - ok
14:46:00.0359 0x13a4 [ CE9BB4EABCD82293662C54713EDCAD1E, 76AE0FDA61F8E5FFF0E1E188125B8558764407A8BFA913997E2B2D6B406499CB ] emupia C:\Windows\system32\drivers\emupia2k.sys
14:46:00.0375 0x13a4 emupia - ok
14:46:00.0390 0x13a4 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:46:00.0390 0x13a4 ErrDev - ok
14:46:00.0437 0x13a4 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
14:46:00.0453 0x13a4 EventSystem - ok
14:46:00.0468 0x13a4 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
14:46:00.0484 0x13a4 exfat - ok
14:46:00.0484 0x13a4 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:46:00.0499 0x13a4 fastfat - ok
14:46:00.0562 0x13a4 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
14:46:00.0609 0x13a4 Fax - ok
14:46:00.0640 0x13a4 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys
14:46:00.0640 0x13a4 fdc - ok
14:46:00.0687 0x13a4 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
14:46:00.0687 0x13a4 fdPHost - ok
14:46:00.0702 0x13a4 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
14:46:00.0702 0x13a4 FDResPub - ok
14:46:00.0718 0x13a4 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:46:00.0718 0x13a4 FileInfo - ok
14:46:00.0733 0x13a4 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:46:00.0733 0x13a4 Filetrace - ok
14:46:00.0749 0x13a4 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:46:00.0765 0x13a4 flpydisk - ok
14:46:00.0780 0x13a4 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:46:00.0811 0x13a4 FltMgr - ok
14:46:00.0843 0x13a4 [ 27C75AC6D6FC808D8244D9C9CEA681D1, A68D79F64FF12769BE361BF3316909BB83E33772989EF3AA95613930B2B07C24 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
14:46:00.0858 0x13a4 fltsrv - ok
14:46:00.0921 0x13a4 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
14:46:00.0983 0x13a4 FontCache - ok
14:46:01.0045 0x13a4 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:46:01.0061 0x13a4 FontCache3.0.0.0 - ok
14:46:01.0077 0x13a4 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:46:01.0077 0x13a4 FsDepends - ok
14:46:01.0123 0x13a4 [ 491E9D9A26A745F6AE7D570849F4BD87, 9E0E0924C129DC82EAFCC74036A2F8DCAB969E38008312F2583CC00E082A5EA2 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
14:46:01.0123 0x13a4 fssfltr - ok
14:46:01.0233 0x13a4 [ 45B52394F9624237F33A8A3D73C0B221, AC3E26F9D0E8A91164C54E87C9C8BFCF824A14C80D4CEF3255C6127A482F25FE ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
14:46:01.0279 0x13a4 fsssvc - ok
14:46:01.0311 0x13a4 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:46:01.0311 0x13a4 Fs_Rec - ok
14:46:01.0357 0x13a4 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:46:01.0373 0x13a4 fvevol - ok
14:46:01.0420 0x13a4 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:46:01.0435 0x13a4 gagp30kx - ok
14:46:01.0467 0x13a4 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:46:01.0467 0x13a4 GEARAspiWDM - ok
14:46:01.0513 0x13a4 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
14:46:01.0560 0x13a4 gpsvc - ok
14:46:01.0654 0x13a4 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:46:01.0669 0x13a4 gupdate - ok

danbe · Mar 16, 2014

TDSS Report part 2:

14:46:01.0669 0x13a4 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:46:01.0669 0x13a4 gupdatem - ok
14:46:01.0716 0x13a4 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:46:01.0747 0x13a4 gusvc - ok
14:46:01.0794 0x13a4 [ F70DDCCC0B45CF9E08CA91B187526F43, E7853C5843B6F35F7FE7B20CA3EE0E5D52F7C2B7721A100B64AC22ACAAD088FE ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
14:46:01.0825 0x13a4 ha20x2k - ok
14:46:01.0841 0x13a4 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:46:01.0857 0x13a4 hcw85cir - ok
14:46:01.0872 0x13a4 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:46:01.0888 0x13a4 HDAudBus - ok
14:46:01.0903 0x13a4 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:46:01.0919 0x13a4 HidBatt - ok
14:46:01.0950 0x13a4 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:46:01.0950 0x13a4 HidBth - ok
14:46:01.0981 0x13a4 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
14:46:01.0997 0x13a4 HidIr - ok
14:46:02.0013 0x13a4 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
14:46:02.0013 0x13a4 hidserv - ok
14:46:02.0075 0x13a4 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:46:02.0075 0x13a4 HidUsb - ok
14:46:02.0122 0x13a4 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
14:46:02.0137 0x13a4 hkmsvc - ok
14:46:02.0169 0x13a4 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:46:02.0200 0x13a4 HomeGroupListener - ok
14:46:02.0247 0x13a4 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:46:02.0262 0x13a4 HomeGroupProvider - ok
14:46:02.0293 0x13a4 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:46:02.0309 0x13a4 HpSAMD - ok
14:46:02.0325 0x13a4 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:46:02.0371 0x13a4 HTTP - ok
14:46:02.0387 0x13a4 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:46:02.0387 0x13a4 hwpolicy - ok
14:46:02.0403 0x13a4 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:46:02.0418 0x13a4 i8042prt - ok
14:46:02.0434 0x13a4 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:46:02.0449 0x13a4 iaStorV - ok
14:46:02.0527 0x13a4 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:46:02.0543 0x13a4 IDriverT - ok
14:46:02.0605 0x13a4 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:46:02.0683 0x13a4 idsvc - ok
14:46:02.0715 0x13a4 IEEtwCollectorService - ok
14:46:02.0746 0x13a4 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:46:02.0746 0x13a4 iirsp - ok
14:46:02.0824 0x13a4 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
14:46:02.0886 0x13a4 IKEEXT - ok
14:46:02.0902 0x13a4 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
14:46:02.0917 0x13a4 intelide - ok
14:46:02.0933 0x13a4 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:46:02.0933 0x13a4 intelppm - ok
14:46:02.0980 0x13a4 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:46:02.0980 0x13a4 IPBusEnum - ok
14:46:03.0027 0x13a4 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:46:03.0027 0x13a4 IpFilterDriver - ok
14:46:03.0073 0x13a4 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:46:03.0089 0x13a4 iphlpsvc - ok
14:46:03.0105 0x13a4 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:46:03.0105 0x13a4 IPMIDRV - ok
14:46:03.0120 0x13a4 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:46:03.0136 0x13a4 IPNAT - ok
14:46:03.0183 0x13a4 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:46:03.0198 0x13a4 IRENUM - ok
14:46:03.0214 0x13a4 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:46:03.0214 0x13a4 isapnp - ok
14:46:03.0261 0x13a4 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:46:03.0292 0x13a4 iScsiPrt - ok
14:46:03.0323 0x13a4 [ E1599FDAE5BF62EF54AF7027AC4115B5, 98340A446B113D0600FC3F2153D1A435CDE025FAD80708DFC6B4F95D2BF76415 ] Jukebox C:\Windows\system32\DRIVERS\ctpdusb2.sys
14:46:03.0323 0x13a4 Jukebox - ok
14:46:03.0354 0x13a4 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:46:03.0354 0x13a4 kbdclass - ok
14:46:03.0385 0x13a4 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:46:03.0385 0x13a4 kbdhid - ok
14:46:03.0401 0x13a4 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso C:\Windows\system32\lsass.exe
14:46:03.0401 0x13a4 KeyIso - ok
14:46:03.0432 0x13a4 [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:46:03.0448 0x13a4 KSecDD - ok
14:46:03.0463 0x13a4 [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:46:03.0463 0x13a4 KSecPkg - ok
14:46:03.0510 0x13a4 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:46:03.0541 0x13a4 KtmRm - ok
14:46:03.0604 0x13a4 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:46:03.0619 0x13a4 LanmanServer - ok
14:46:03.0651 0x13a4 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:46:03.0666 0x13a4 LanmanWorkstation - ok
14:46:03.0869 0x13a4 [ 79EE557CD4BC3436FD4F41312BA8134B, B7012EC4D7C98E6D89F701F280532788BF7DBDED8D5F9233C2578038071C6ADB ] LazerUsb C:\Windows\system32\DRIVERS\LazerUsb.sys
14:46:04.0087 0x13a4 LazerUsb - ok
14:46:04.0181 0x13a4 [ D27DD0015DCECF445F229020D263392A, A279D5DC1845CF76B34017E3394C6DEA5C949A136C3588AC9220DCDDA49D60A9 ] LBTServ C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
14:46:04.0181 0x13a4 LBTServ - ok
14:46:04.0212 0x13a4 [ 597D79382C154CEDB638A65012925A23, C1D221935C4BD2160C2EE208E1A0596FDDD4BD52130EC15648EC8008073964D3 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:46:04.0228 0x13a4 LHidFilt - ok
14:46:04.0275 0x13a4 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:46:04.0290 0x13a4 lltdio - ok
14:46:04.0337 0x13a4 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:46:04.0337 0x13a4 lltdsvc - ok
14:46:04.0368 0x13a4 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:46:04.0368 0x13a4 lmhosts - ok
14:46:04.0368 0x13a4 [ 9EAD053D28182BD6ACB19D5F58202194, 2EEA861F7BD922F8FA249EA5AFB34140C605C5372060E01FC5C59ABD5258FFCF ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:46:04.0384 0x13a4 LMouFilt - ok
14:46:04.0399 0x13a4 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:46:04.0415 0x13a4 LSI_FC - ok
14:46:04.0431 0x13a4 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:46:04.0431 0x13a4 LSI_SAS - ok
14:46:04.0446 0x13a4 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:46:04.0446 0x13a4 LSI_SAS2 - ok
14:46:04.0477 0x13a4 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:46:04.0493 0x13a4 LSI_SCSI - ok
14:46:04.0509 0x13a4 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
14:46:04.0509 0x13a4 luafv - ok
14:46:04.0540 0x13a4 lxdi_device - ok
14:46:04.0587 0x13a4 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:46:04.0587 0x13a4 Mcx2Svc - ok
14:46:04.0602 0x13a4 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
14:46:04.0618 0x13a4 megasas - ok
14:46:04.0633 0x13a4 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:46:04.0665 0x13a4 MegaSR - ok
14:46:04.0743 0x13a4 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:46:04.0743 0x13a4 Microsoft Office Groove Audit Service - ok
14:46:04.0774 0x13a4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
14:46:04.0774 0x13a4 MMCSS - ok
14:46:04.0789 0x13a4 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
14:46:04.0789 0x13a4 Modem - ok
14:46:04.0821 0x13a4 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:46:04.0821 0x13a4 monitor - ok
14:46:04.0867 0x13a4 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:46:04.0883 0x13a4 mouclass - ok
14:46:04.0899 0x13a4 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:46:04.0899 0x13a4 mouhid - ok
14:46:04.0914 0x13a4 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:46:04.0930 0x13a4 mountmgr - ok
14:46:04.0945 0x13a4 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
14:46:04.0961 0x13a4 mpio - ok
14:46:04.0977 0x13a4 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:46:04.0992 0x13a4 mpsdrv - ok
14:46:05.0039 0x13a4 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:46:05.0086 0x13a4 MpsSvc - ok
14:46:05.0117 0x13a4 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:46:05.0133 0x13a4 MRxDAV - ok
14:46:05.0179 0x13a4 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:46:05.0179 0x13a4 mrxsmb - ok
14:46:05.0211 0x13a4 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:46:05.0226 0x13a4 mrxsmb10 - ok
14:46:05.0242 0x13a4 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:46:05.0257 0x13a4 mrxsmb20 - ok
14:46:05.0289 0x13a4 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
14:46:05.0289 0x13a4 msahci - ok
14:46:05.0367 0x13a4 [ B03E3F64B70F8031E65EB26DA23DE91A, 73184B4A75C1EA5D10B9D78A9E705432551DE15231F10C5A31021896D0938D80 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
14:46:05.0382 0x13a4 MSCamSvc - ok
14:46:05.0382 0x13a4 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:46:05.0398 0x13a4 msdsm - ok
14:46:05.0413 0x13a4 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
14:46:05.0429 0x13a4 MSDTC - ok
14:46:05.0445 0x13a4 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:46:05.0445 0x13a4 Msfs - ok
14:46:05.0491 0x13a4 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:46:05.0491 0x13a4 mshidkmdf - ok
14:46:05.0538 0x13a4 [ 956741C67ABAA78B19AADC5474936842, 8D0B04E0E03CFF5A004500C8587BDD3C4E7FFACA552CC90C193CAE16F36A96E3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
14:46:05.0538 0x13a4 MSHUSBVideo - ok
14:46:05.0554 0x13a4 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:46:05.0554 0x13a4 msisadrv - ok
14:46:05.0601 0x13a4 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:46:05.0616 0x13a4 MSiSCSI - ok
14:46:05.0616 0x13a4 msiserver - ok
14:46:05.0632 0x13a4 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:46:05.0647 0x13a4 MSKSSRV - ok
14:46:05.0647 0x13a4 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:46:05.0647 0x13a4 MSPCLOCK - ok
14:46:05.0647 0x13a4 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:46:05.0663 0x13a4 MSPQM - ok
14:46:05.0679 0x13a4 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:46:05.0694 0x13a4 MsRPC - ok
14:46:05.0710 0x13a4 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:46:05.0710 0x13a4 mssmbios - ok
14:46:05.0710 0x13a4 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:46:05.0725 0x13a4 MSTEE - ok
14:46:05.0741 0x13a4 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:46:05.0741 0x13a4 MTConfig - ok
14:46:05.0757 0x13a4 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
14:46:05.0757 0x13a4 Mup - ok
14:46:05.0803 0x13a4 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
14:46:05.0835 0x13a4 napagent - ok
14:46:05.0897 0x13a4 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:46:05.0928 0x13a4 NativeWifiP - ok
14:46:05.0975 0x13a4 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:46:05.0991 0x13a4 NDIS - ok
14:46:06.0006 0x13a4 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:46:06.0022 0x13a4 NdisCap - ok
14:46:06.0037 0x13a4 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:46:06.0053 0x13a4 NdisTapi - ok
14:46:06.0069 0x13a4 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:46:06.0069 0x13a4 Ndisuio - ok
14:46:06.0100 0x13a4 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:46:06.0115 0x13a4 NdisWan - ok
14:46:06.0147 0x13a4 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:46:06.0147 0x13a4 NDProxy - ok
14:46:06.0178 0x13a4 [ 2969D26EEE289BE7422AA46FC55F4E38, 0128C6C764C9BE01E9C5B272385524361C46C051D9D371D8E06B8493A49250AF ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:46:06.0178 0x13a4 Net Driver HPZ12 - ok
14:46:06.0209 0x13a4 [ 1352E1648213551923A0A822E441553C, F9BCA299249D8E1ADF88F54554F72428E267E39911143F4C99DFF562F0EE4E70 ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
14:46:06.0209 0x13a4 Netaapl - ok
14:46:06.0225 0x13a4 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:46:06.0240 0x13a4 NetBIOS - ok
14:46:06.0256 0x13a4 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:46:06.0271 0x13a4 NetBT - ok
14:46:06.0287 0x13a4 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon C:\Windows\system32\lsass.exe
14:46:06.0287 0x13a4 Netlogon - ok
14:46:06.0318 0x13a4 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
14:46:06.0334 0x13a4 Netman - ok
14:46:06.0396 0x13a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:46:06.0443 0x13a4 NetMsmqActivator - ok
14:46:06.0459 0x13a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:46:06.0459 0x13a4 NetPipeActivator - ok
14:46:06.0490 0x13a4 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
14:46:06.0521 0x13a4 netprofm - ok
14:46:06.0521 0x13a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:46:06.0537 0x13a4 NetTcpActivator - ok
14:46:06.0537 0x13a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:46:06.0537 0x13a4 NetTcpPortSharing - ok
14:46:06.0568 0x13a4 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:46:06.0568 0x13a4 nfrd960 - ok
14:46:06.0599 0x13a4 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:46:06.0630 0x13a4 NlaSvc - ok
14:46:06.0661 0x13a4 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:46:06.0677 0x13a4 Npfs - ok
14:46:06.0708 0x13a4 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
14:46:06.0708 0x13a4 nsi - ok
14:46:06.0724 0x13a4 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:46:06.0724 0x13a4 nsiproxy - ok
14:46:06.0786 0x13a4 [ C239093ED76EEB1A271C3C6BFE214E66, B9D58FFF1EAF05817B327842F3CB06977D3A1675E34C9F2FFD3F1B94BE3C346C ] NSTSECSvc C:\Program Files\NetSecure\SmartSwipe\NSTSECSvc_32.EXE
14:46:06.0786 0x13a4 NSTSECSvc - ok
14:46:06.0864 0x13a4 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:46:06.0958 0x13a4 Ntfs - ok
14:46:06.0973 0x13a4 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
14:46:06.0973 0x13a4 Null - ok
14:46:07.0332 0x13a4 [ 01B4619D89E535B572A9F28D97801712, 36DB951DE6B48F626BAB461E834F04C47ABE13AB03E98B643315EFB5A25524B2 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:46:07.0504 0x13a4 nvlddmkm - ok
14:46:07.0551 0x13a4 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:46:07.0566 0x13a4 nvraid - ok
14:46:07.0597 0x13a4 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:46:07.0597 0x13a4 nvstor - ok
14:46:07.0644 0x13a4 [ 16DAACD80A256077B671921D616CC2B7, 6FB35DDECDCB4F15B42FF7BF2A0F52EB14318D4136960652F11E777CD2F8CBE5 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:46:07.0675 0x13a4 nvsvc - ok
14:46:07.0769 0x13a4 [ 1E6B99CB8BB7B846F65AB4FEC97DAC61, 8B3944D94652DF43D5310F80E1169D0974FDA5826506837DF7A2960987899324 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:46:07.0878 0x13a4 nvUpdatusService - ok
14:46:07.0894 0x13a4 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:46:07.0909 0x13a4 nv_agp - ok
14:46:08.0019 0x13a4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:46:08.0065 0x13a4 odserv - ok
14:46:08.0112 0x13a4 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:46:08.0128 0x13a4 ohci1394 - ok
14:46:08.0175 0x13a4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:46:08.0190 0x13a4 ose - ok
14:46:08.0221 0x13a4 [ 09A0F62722BABA3B402B6604795EF976, C6E2F2E92FC350F1BAB7D29ABCF64411E6A95C20C60EF97FAD9676B731D5C457 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
14:46:08.0237 0x13a4 ossrv - ok
14:46:08.0284 0x13a4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:46:08.0299 0x13a4 p2pimsvc - ok
14:46:08.0362 0x13a4 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
14:46:08.0393 0x13a4 p2psvc - ok
14:46:08.0409 0x13a4 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
14:46:08.0409 0x13a4 Parport - ok
14:46:08.0440 0x13a4 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:46:08.0440 0x13a4 partmgr - ok
14:46:08.0455 0x13a4 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:46:08.0455 0x13a4 Parvdm - ok
14:46:08.0487 0x13a4 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:46:08.0487 0x13a4 PcaSvc - ok
14:46:08.0502 0x13a4 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
14:46:08.0502 0x13a4 pci - ok
14:46:08.0533 0x13a4 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
14:46:08.0533 0x13a4 pciide - ok
14:46:08.0549 0x13a4 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:46:08.0580 0x13a4 pcmcia - ok
14:46:08.0596 0x13a4 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
14:46:08.0596 0x13a4 pcw - ok
14:46:08.0643 0x13a4 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:46:08.0689 0x13a4 PEAUTH - ok
14:46:08.0752 0x13a4 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:46:08.0799 0x13a4 PeerDistSvc - ok
14:46:08.0892 0x13a4 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
14:46:08.0970 0x13a4 pla - ok
14:46:09.0017 0x13a4 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:46:09.0048 0x13a4 PlugPlay - ok
14:46:09.0079 0x13a4 [ BAFC9706BDF425A02B66468AB2605C59, 6F8F7982AD452F0E68D91CCAF05DF152F00FA3D885DCBBBC470199E74F17B1E0 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:46:09.0079 0x13a4 Pml Driver HPZ12 - ok
14:46:09.0095 0x13a4 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:46:09.0095 0x13a4 PNRPAutoReg - ok
14:46:09.0126 0x13a4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:46:09.0126 0x13a4 PNRPsvc - ok
14:46:09.0157 0x13a4 [ 56E08C5366865A8DE8D106BFC27490A4, 32DA00ADF32D1087988F3E87D273A2B559683BE626CD5C5FFC1702D28D8AF822 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
14:46:09.0173 0x13a4 Point32 - ok
14:46:09.0220 0x13a4 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:46:09.0235 0x13a4 PolicyAgent - ok
14:46:09.0282 0x13a4 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
14:46:09.0282 0x13a4 Power - ok
14:46:09.0345 0x13a4 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:46:09.0345 0x13a4 PptpMiniport - ok
14:46:09.0563 0x13a4 [ C5E38D8CACF357148BECFA9941B7F22C, B511BFF20FA1A96563A4385D00A80CB9BD0FC716F5A3FD7C3F9517974EC7EAD5 ] PrintNotify C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll
14:46:09.0688 0x13a4 PrintNotify - ok
14:46:09.0735 0x13a4 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
14:46:09.0750 0x13a4 Processor - ok
14:46:09.0781 0x13a4 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:46:09.0813 0x13a4 ProfSvc - ok
14:46:09.0828 0x13a4 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:46:09.0828 0x13a4 ProtectedStorage - ok
14:46:09.0844 0x13a4 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:46:09.0844 0x13a4 Psched - ok
14:46:09.0875 0x13a4 [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:46:09.0875 0x13a4 PxHelp20 - ok
14:46:09.0937 0x13a4 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:46:10.0015 0x13a4 ql2300 - ok
14:46:10.0047 0x13a4 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:46:10.0047 0x13a4 ql40xx - ok
14:46:10.0093 0x13a4 QuickBooksDB18 - ok
14:46:10.0140 0x13a4 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
14:46:10.0171 0x13a4 QWAVE - ok
14:46:10.0187 0x13a4 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:46:10.0187 0x13a4 QWAVEdrv - ok
14:46:10.0218 0x13a4 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:46:10.0218 0x13a4 RasAcd - ok

danbe · Mar 16, 2014

TDSS Report part 3:

14:46:10.0265 0x13a4 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:46:10.0281 0x13a4 RasAgileVpn - ok
14:46:10.0281 0x13a4 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
14:46:10.0296 0x13a4 RasAuto - ok
14:46:10.0312 0x13a4 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:46:10.0312 0x13a4 Rasl2tp - ok
14:46:10.0327 0x13a4 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
14:46:10.0359 0x13a4 RasMan - ok
14:46:10.0374 0x13a4 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:46:10.0390 0x13a4 RasPppoe - ok
14:46:10.0390 0x13a4 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:46:10.0405 0x13a4 RasSstp - ok
14:46:10.0437 0x13a4 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:46:10.0468 0x13a4 rdbss - ok
14:46:10.0483 0x13a4 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:46:10.0483 0x13a4 rdpbus - ok
14:46:10.0483 0x13a4 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:46:10.0499 0x13a4 RDPCDD - ok
14:46:10.0530 0x13a4 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:46:10.0546 0x13a4 RDPDR - ok
14:46:10.0593 0x13a4 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:46:10.0593 0x13a4 RDPENCDD - ok
14:46:10.0593 0x13a4 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:46:10.0608 0x13a4 RDPREFMP - ok
14:46:10.0639 0x13a4 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:46:10.0655 0x13a4 RdpVideoMiniport - ok
14:46:10.0686 0x13a4 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:46:10.0702 0x13a4 RDPWD - ok
14:46:10.0733 0x13a4 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:46:10.0749 0x13a4 rdyboost - ok
14:46:10.0795 0x13a4 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:46:10.0795 0x13a4 RemoteAccess - ok
14:46:10.0842 0x13a4 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:46:10.0858 0x13a4 RemoteRegistry - ok
14:46:10.0905 0x13a4 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:46:10.0920 0x13a4 RFCOMM - ok
14:46:10.0983 0x13a4 [ D4229D6FAAF160570EC77437910181F7, 8BB190E43956EFFC6653009CCBE29F63581305E7986CB06454A5D15FAFC36071 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
14:46:10.0998 0x13a4 RichVideo - ok
14:46:11.0029 0x13a4 [ D9B34325EE5DF78B8F28A3DE9F577C7D, 20E5655B79A252E012B6FB6DA5F4419DBF2577A9737D4A04BFE6A769D507E00B ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
14:46:11.0029 0x13a4 RimVSerPort - ok
14:46:11.0045 0x13a4 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:46:11.0061 0x13a4 RpcEptMapper - ok
14:46:11.0092 0x13a4 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
14:46:11.0092 0x13a4 RpcLocator - ok
14:46:11.0123 0x13a4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
14:46:11.0123 0x13a4 RpcSs - ok
14:46:11.0154 0x13a4 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:46:11.0170 0x13a4 rspndr - ok
14:46:11.0201 0x13a4 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:46:11.0201 0x13a4 s3cap - ok
14:46:11.0217 0x13a4 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs C:\Windows\system32\lsass.exe
14:46:11.0217 0x13a4 SamSs - ok
14:46:11.0263 0x13a4 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:46:11.0279 0x13a4 sbp2port - ok
14:46:11.0326 0x13a4 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:46:11.0341 0x13a4 SCardSvr - ok
14:46:11.0341 0x13a4 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:46:11.0357 0x13a4 scfilter - ok
14:46:11.0404 0x13a4 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
14:46:11.0482 0x13a4 Schedule - ok
14:46:11.0513 0x13a4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:46:11.0529 0x13a4 SCPolicySvc - ok
14:46:11.0529 0x13a4 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:46:11.0544 0x13a4 SDRSVC - ok
14:46:11.0560 0x13a4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:46:11.0575 0x13a4 secdrv - ok
14:46:11.0575 0x13a4 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
14:46:11.0591 0x13a4 seclogon - ok
14:46:11.0622 0x13a4 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
14:46:11.0638 0x13a4 SENS - ok
14:46:11.0653 0x13a4 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:46:11.0669 0x13a4 SensrSvc - ok
14:46:11.0685 0x13a4 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:46:11.0685 0x13a4 Serenum - ok
14:46:11.0700 0x13a4 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\drivers\serial.sys
14:46:11.0716 0x13a4 Serial - ok
14:46:11.0731 0x13a4 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:46:11.0731 0x13a4 sermouse - ok
14:46:11.0763 0x13a4 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
14:46:11.0778 0x13a4 SessionEnv - ok
14:46:11.0794 0x13a4 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:46:11.0794 0x13a4 sffdisk - ok
14:46:11.0809 0x13a4 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:46:11.0809 0x13a4 sffp_mmc - ok
14:46:11.0825 0x13a4 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:46:11.0825 0x13a4 sffp_sd - ok
14:46:11.0841 0x13a4 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:46:11.0856 0x13a4 sfloppy - ok
14:46:11.0903 0x13a4 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:46:11.0919 0x13a4 SharedAccess - ok
14:46:11.0981 0x13a4 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:46:11.0997 0x13a4 ShellHWDetection - ok
14:46:12.0012 0x13a4 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:46:12.0028 0x13a4 sisagp - ok
14:46:12.0075 0x13a4 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:46:12.0090 0x13a4 SiSRaid2 - ok
14:46:12.0106 0x13a4 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:46:12.0121 0x13a4 SiSRaid4 - ok
14:46:12.0215 0x13a4 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:46:12.0262 0x13a4 SkypeUpdate - ok
14:46:12.0293 0x13a4 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:46:12.0293 0x13a4 Smb - ok
14:46:12.0324 0x13a4 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:46:12.0324 0x13a4 SNMPTRAP - ok
14:46:12.0340 0x13a4 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
14:46:12.0340 0x13a4 spldr - ok
14:46:12.0371 0x13a4 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
14:46:12.0402 0x13a4 Spooler - ok
14:46:12.0527 0x13a4 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
14:46:12.0683 0x13a4 sppsvc - ok
14:46:12.0714 0x13a4 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:46:12.0730 0x13a4 sppuinotify - ok
14:46:12.0839 0x13a4 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:46:12.0979 0x13a4 srv - ok
14:46:13.0042 0x13a4 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:46:13.0073 0x13a4 srv2 - ok
14:46:13.0135 0x13a4 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:46:13.0213 0x13a4 srvnet - ok
14:46:13.0307 0x13a4 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:46:13.0338 0x13a4 SSDPSRV - ok
14:46:13.0416 0x13a4 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:46:13.0416 0x13a4 ssmdrv - ok
14:46:13.0463 0x13a4 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:46:13.0479 0x13a4 SstpSvc - ok
14:46:13.0681 0x13a4 [ 40356C93EB28C97111A63F4893CC7E3E, 75C82024B955ED82F0E20A6AF9524FD95A4A40D18DEF6FB6CC1C061FF0163421 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:46:13.0697 0x13a4 Stereo Service - ok
14:46:13.0759 0x13a4 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:46:13.0791 0x13a4 stexstor - ok
14:46:13.0915 0x13a4 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
14:46:13.0978 0x13a4 StiSvc - ok
14:46:14.0040 0x13a4 [ 51778FD315C9882F1CBD932743E62A72, 5127292970ABC2966723CC5535DD547C77AAC132AAA849BCBD90D0F00EDD08C0 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:46:14.0056 0x13a4 stllssvr - ok
14:46:14.0118 0x13a4 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:46:14.0118 0x13a4 storflt - ok
14:46:14.0165 0x13a4 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:46:14.0181 0x13a4 storvsc - ok
14:46:14.0196 0x13a4 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:46:14.0196 0x13a4 swenum - ok
14:46:14.0259 0x13a4 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
14:46:14.0305 0x13a4 swprv - ok
14:46:14.0337 0x13a4 [ F2AD8960812FD111E20E84659EF19D43, FAC91E940D3735738908447E58792C32E6F86427612114A624041B7213831105 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
14:46:14.0352 0x13a4 Synth3dVsc - ok
14:46:14.0461 0x13a4 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
14:46:14.0508 0x13a4 SysMain - ok
14:46:14.0555 0x13a4 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:46:14.0555 0x13a4 TabletInputService - ok
14:46:14.0586 0x13a4 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
14:46:14.0602 0x13a4 TapiSrv - ok
14:46:14.0617 0x13a4 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
14:46:14.0617 0x13a4 TBS - ok
14:46:14.0680 0x13a4 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:46:14.0820 0x13a4 Tcpip - ok
14:46:14.0867 0x13a4 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:46:14.0898 0x13a4 TCPIP6 - ok
14:46:14.0929 0x13a4 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:46:14.0945 0x13a4 tcpipreg - ok
14:46:14.0976 0x13a4 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:46:14.0976 0x13a4 TDPIPE - ok
14:46:15.0023 0x13a4 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:46:15.0039 0x13a4 TDTCP - ok
14:46:15.0085 0x13a4 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:46:15.0101 0x13a4 tdx - ok
14:46:15.0132 0x13a4 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:46:15.0132 0x13a4 TermDD - ok
14:46:15.0163 0x13a4 [ E951866BAC5A23403F62A349EDBB6EEB, BE6FB3C09D1CF8952B4D041F45B4DEE53D78EE7D27A5135012BC92B2F7CFBEA3 ] terminpt C:\Windows\system32\drivers\terminpt.sys
14:46:15.0179 0x13a4 terminpt - ok
14:46:15.0273 0x13a4 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
14:46:15.0319 0x13a4 TermService - ok
14:46:15.0335 0x13a4 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
14:46:15.0351 0x13a4 Themes - ok
14:46:15.0382 0x13a4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
14:46:15.0382 0x13a4 THREADORDER - ok
14:46:15.0444 0x13a4 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
14:46:15.0475 0x13a4 TrkWks - ok
14:46:15.0600 0x13a4 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:46:15.0616 0x13a4 TrustedInstaller - ok
14:46:15.0647 0x13a4 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:46:15.0663 0x13a4 tssecsrv - ok
14:46:15.0694 0x13a4 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:46:15.0709 0x13a4 TsUsbFlt - ok
14:46:15.0725 0x13a4 [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:46:15.0725 0x13a4 TsUsbGD - ok
14:46:15.0772 0x13a4 [ 045ACB987C650D8186C6B4A692223860, C1CDDF7DABAE531C53290C7C70F35DD65751B399D269711865AD65F9E4E43B0B ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
14:46:15.0787 0x13a4 tsusbhub - ok
14:46:15.0881 0x13a4 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:46:15.0897 0x13a4 tunnel - ok
14:46:15.0912 0x13a4 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:46:15.0928 0x13a4 uagp35 - ok
14:46:15.0959 0x13a4 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:46:16.0131 0x13a4 udfs - ok
14:46:16.0177 0x13a4 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:46:16.0240 0x13a4 UI0Detect - ok
14:46:16.0302 0x13a4 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:46:16.0302 0x13a4 uliagpkx - ok
14:46:16.0380 0x13a4 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:46:16.0396 0x13a4 umbus - ok
14:46:16.0474 0x13a4 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:46:16.0489 0x13a4 UmPass - ok
14:46:16.0552 0x13a4 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
14:46:16.0567 0x13a4 UmRdpService - ok
14:46:16.0599 0x13a4 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
14:46:16.0661 0x13a4 upnphost - ok
14:46:16.0755 0x13a4 [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:46:16.0786 0x13a4 USBAAPL - ok
14:46:16.0879 0x13a4 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:46:16.0911 0x13a4 usbaudio - ok
14:46:16.0957 0x13a4 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:46:16.0989 0x13a4 usbccgp - ok
14:46:17.0067 0x13a4 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:46:17.0098 0x13a4 usbcir - ok
14:46:17.0113 0x13a4 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:46:17.0129 0x13a4 usbehci - ok
14:46:17.0191 0x13a4 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:46:17.0207 0x13a4 usbhub - ok
14:46:17.0238 0x13a4 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:46:17.0238 0x13a4 usbohci - ok
14:46:17.0301 0x13a4 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:46:17.0316 0x13a4 usbprint - ok
14:46:17.0363 0x13a4 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:46:17.0379 0x13a4 usbscan - ok
14:46:17.0410 0x13a4 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:46:17.0410 0x13a4 USBSTOR - ok
14:46:17.0425 0x13a4 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:46:17.0457 0x13a4 usbuhci - ok
14:46:17.0519 0x13a4 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:46:17.0535 0x13a4 usbvideo - ok
14:46:17.0581 0x13a4 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
14:46:17.0597 0x13a4 UxSms - ok
14:46:17.0613 0x13a4 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc C:\Windows\system32\lsass.exe
14:46:17.0613 0x13a4 VaultSvc - ok
14:46:17.0659 0x13a4 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:46:17.0675 0x13a4 vdrvroot - ok
14:46:17.0737 0x13a4 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
14:46:17.0800 0x13a4 vds - ok
14:46:17.0847 0x13a4 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:46:17.0847 0x13a4 vga - ok
14:46:17.0862 0x13a4 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:46:17.0862 0x13a4 VgaSave - ok
14:46:17.0862 0x13a4 VGPU - ok
14:46:17.0893 0x13a4 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:46:17.0909 0x13a4 vhdmp - ok
14:46:17.0925 0x13a4 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:46:17.0940 0x13a4 viaagp - ok
14:46:17.0940 0x13a4 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:46:17.0971 0x13a4 ViaC7 - ok
14:46:17.0987 0x13a4 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
14:46:18.0003 0x13a4 viaide - ok
14:46:18.0049 0x13a4 [ 47AD209A231CA076E292AE207A61E2E3, F30ADE4FDD6FD7553E7DD705D39BA0C75CC8888A195912830D5C5FEE7970796B ] vidsflt58 C:\Windows\system32\DRIVERS\vsflt58.sys
14:46:18.0081 0x13a4 vidsflt58 - ok
14:46:18.0127 0x13a4 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:46:18.0174 0x13a4 vmbus - ok
14:46:18.0190 0x13a4 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:46:18.0190 0x13a4 VMBusHID - ok
14:46:18.0205 0x13a4 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:46:18.0221 0x13a4 volmgr - ok
14:46:18.0237 0x13a4 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:46:18.0299 0x13a4 volmgrx - ok
14:46:18.0315 0x13a4 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:46:18.0346 0x13a4 volsnap - ok
14:46:18.0408 0x13a4 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:46:18.0424 0x13a4 vsmraid - ok
14:46:18.0533 0x13a4 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
14:46:18.0642 0x13a4 VSS - ok
14:46:18.0736 0x13a4 [ 682FCF7D2EB5158CD30408E976562408, F54477B6A140E975CBF41DE853822F5F453FE7AF9F6A256335CD52A5ECC29423 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:46:18.0767 0x13a4 VSTHWBS2 - ok
14:46:18.0845 0x13a4 [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:46:18.0923 0x13a4 VST_DPV - ok
14:46:18.0939 0x13a4 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:46:18.0954 0x13a4 vwifibus - ok
14:46:19.0017 0x13a4 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
14:46:19.0063 0x13a4 W32Time - ok
14:46:19.0110 0x13a4 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:46:19.0141 0x13a4 WacomPen - ok
14:46:19.0173 0x13a4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:46:19.0188 0x13a4 WANARP - ok
14:46:19.0188 0x13a4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:46:19.0188 0x13a4 Wanarpv6 - ok
14:46:19.0344 0x13a4 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:46:19.0500 0x13a4 WatAdminSvc - ok
14:46:19.0672 0x13a4 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
14:46:19.0734 0x13a4 wbengine - ok
14:46:19.0906 0x13a4 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:46:19.0921 0x13a4 WbioSrvc - ok
14:46:19.0968 0x13a4 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:46:19.0999 0x13a4 wcncsvc - ok
14:46:20.0015 0x13a4 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:46:20.0031 0x13a4 WcsPlugInService - ok
14:46:20.0062 0x13a4 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
14:46:20.0062 0x13a4 Wd - ok
14:46:20.0171 0x13a4 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:46:20.0187 0x13a4 Wdf01000 - ok
14:46:20.0233 0x13a4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:46:20.0233 0x13a4 WdiServiceHost - ok
14:46:20.0249 0x13a4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:46:20.0249 0x13a4 WdiSystemHost - ok
14:46:20.0639 0x13a4 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
14:46:20.0655 0x13a4 WebClient - ok
14:46:20.0733 0x13a4 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:46:20.0795 0x13a4 Wecsvc - ok
14:46:20.0842 0x13a4 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:46:20.0857 0x13a4 wercplsupport - ok
14:46:20.0982 0x13a4 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
14:46:21.0013 0x13a4 WerSvc - ok
14:46:21.0060 0x13a4 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:46:21.0076 0x13a4 WfpLwf - ok
14:46:21.0091 0x13a4 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:46:21.0138 0x13a4 WIMMount - ok
14:46:21.0216 0x13a4 [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:46:21.0294 0x13a4 winachsf - ok
14:46:21.0419 0x13a4 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:46:21.0544 0x13a4 WinDefend - ok
14:46:21.0559 0x13a4 WinHttpAutoProxySvc - ok
14:46:21.0778 0x13a4 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:46:21.0825 0x13a4 Winmgmt - ok
14:46:22.0012 0x13a4 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
14:46:22.0090 0x13a4 WinRM - ok
14:46:22.0199 0x13a4 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.SYS
14:46:22.0199 0x13a4 WinUsb - ok
14:46:22.0402 0x13a4 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:46:22.0495 0x13a4 Wlansvc - ok
14:46:22.0542 0x13a4 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:46:22.0573 0x13a4 WmiAcpi - ok
14:46:22.0636 0x13a4 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:46:22.0636 0x13a4 wmiApSrv - ok
14:46:22.0792 0x13a4 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:46:22.0839 0x13a4 WMPNetworkSvc - ok
14:46:22.0870 0x13a4 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:46:22.0885 0x13a4 WPCSvc - ok
14:46:22.0901 0x13a4 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:46:22.0917 0x13a4 WPDBusEnum - ok
14:46:22.0932 0x13a4 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:46:22.0932 0x13a4 ws2ifsl - ok
14:46:23.0026 0x13a4 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
14:46:23.0041 0x13a4 wscsvc - ok
14:46:23.0041 0x13a4 WSearch - ok
14:46:23.0213 0x13a4 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
14:46:23.0307 0x13a4 wuauserv - ok
14:46:23.0338 0x13a4 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:46:23.0338 0x13a4 WudfPf - ok
14:46:23.0385 0x13a4 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:46:23.0400 0x13a4 WUDFRd - ok
14:46:23.0416 0x13a4 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:46:23.0431 0x13a4 wudfsvc - ok
14:46:23.0478 0x13a4 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
14:46:23.0509 0x13a4 WwanSvc - ok
14:46:23.0603 0x13a4 [ 4D840C6AF3C020ED3A35EFBA9025CF4A, 2B90872AA16FBDF05103EEE4C57167C2B99E9A75FB48D100D7D81C199186C079 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
14:46:23.0619 0x13a4 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
14:46:23.0681 0x13a4 ================ Scan global ===============================
14:46:23.0759 0x13a4 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:46:23.0821 0x13a4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:46:23.0931 0x13a4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:46:23.0962 0x13a4 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:46:24.0087 0x13a4 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:46:24.0102 0x13a4 [ Global ] - ok
14:46:24.0102 0x13a4 ================ Scan MBR ==================================
14:46:24.0133 0x13a4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:46:24.0867 0x13a4 \Device\Harddisk0\DR0 - ok
14:46:24.0882 0x13a4 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk1\DR1
14:46:25.0085 0x13a4 \Device\Harddisk1\DR1 - ok
14:46:25.0085 0x13a4 ================ Scan VBR ==================================
14:46:25.0085 0x13a4 [ 7DFEC18E5AC6C71DBA0681C5E98FED2F ] \Device\Harddisk0\DR0\Partition1
14:46:25.0132 0x13a4 \Device\Harddisk0\DR0\Partition1 - ok
14:46:25.0147 0x13a4 [ 109E071CE2AFA0DAA841895ECAE6F035 ] \Device\Harddisk1\DR1\Partition1
14:46:25.0194 0x13a4 \Device\Harddisk1\DR1\Partition1 - ok
14:46:25.0335 0x13a4 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.3.336 ), 0x40010 ( disabled : outofdate )
14:46:25.0335 0x13a4 Win FW state via NFP2: enabled
14:46:25.0350 0x13a4 ============================================================
14:46:25.0350 0x13a4 Scan finished

Broni · Mar 16, 2014

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

danbe · Mar 16, 2014

COMBOFIX LOG:

ComboFix 14-03-16.01 - 2013-12 Guest 03/16/2014 18:25:41.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.2232 [GMT -5:00]
Running from: c:\users\2013-12 Guest\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-16 to 2014-03-16 )))))))))))))))))))))))))))))))
.
.
2014-03-16 01:22 . 2014-03-16 01:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-16 01:22 . 2014-03-16 01:22 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-16 01:21 . 2014-03-16 01:21 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-13 02:41 . 2014-03-14 02:55 -------- d-----w- C:\FRST
2014-03-12 02:06 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 02:06 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 02:06 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-04 23:01 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-04 23:01 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-04 23:00 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-04 23:00 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-04 23:00 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-03-04 23:00 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-03-04 23:00 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-03-04 23:00 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-03-04 23:00 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-03-04 23:00 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-03-04 23:00 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-03-04 23:00 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-03-04 23:00 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-03-04 09:01 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-03-04 04:09 . 2014-03-04 04:09 -------- d-----w- c:\users\2013-12 Guest\AppData\Roaming\Avira
2014-03-04 04:05 . 2014-02-14 17:00 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-03-04 04:05 . 2014-02-14 17:00 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-04 04:05 . 2014-02-14 17:00 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-03-04 04:05 . 2014-03-04 04:05 -------- d-----w- c:\programdata\Avira
2014-03-04 04:05 . 2014-03-04 04:05 -------- d-----w- c:\program files\Avira
2014-03-04 03:12 . 2014-03-04 03:12 -------- d-----w- c:\users\2013-12 Guest\AppData\Local\MFAData
2014-03-04 03:12 . 2014-03-04 03:12 -------- d-----w- c:\users\2013-12 Guest\AppData\Local\Avg2014
2014-03-04 01:46 . 2014-03-04 01:46 -------- d-----w- c:\users\2013-12 Guest\AppData\Local\Mozilla
2014-03-04 01:36 . 2014-03-04 01:36 -------- d-----w- c:\users\2013-12 Guest\AppData\Roaming\Malwarebytes
2014-03-04 01:36 . 2014-03-04 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-04 01:36 . 2014-03-04 01:36 -------- d-----w- c:\programdata\Malwarebytes
2014-03-04 01:36 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-04 01:36 . 2014-03-04 01:36 -------- d-----w- c:\users\2013-12 Guest\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 15:59 . 2009-10-03 04:22 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 16:03 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-09-03 840568]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-09-03 41336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-07 91432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-09 87336]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-14 689744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-05-05 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-6-24 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 QuickBooksDB18;QuickBooksDB18;c:\program files\Intuit\QuickBooks 2008\QBDBMgrN.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-13 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-13 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 171096]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1324120]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 72792]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-03 25600]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-13 1343400]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-02-14 1017424]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2011-10-16 76768]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [2011-10-16 84512]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-02-14 37352]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-11-30 273552]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-14 440400]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S2 NSTSECSvc;NSTSECSvc;c:\program files\NetSecure\SmartSwipe\NSTSECSvc_32.EXE [2012-01-31 142040]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-08-09 413472]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 171096]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1324120]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 72792]
S3 LazerUsb;Lumanate Lazer USB;c:\windows\system32\DRIVERS\LazerUsb.sys [2007-10-17 5739520]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - AVGIDSShim
*Deregistered* - Avgrkx86
*Deregistered* - Avgtdix
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
print REG_MULTI_SZ PrintNotify
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-08 11:02]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf374bc8d5a0ed.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 05:18]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 05:18]
.
2014-03-16 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-12-28 17:29]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\2013-12 Guest\AppData\Roaming\Mozilla\Firefox\Profiles\t85oa6ed.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\NSTSECProxy_32.dll
c:\windows\system32\NSTSGL_32.dll
.
- - - - - - - > 'Explorer.exe'(5968)
c:\program files\SetPoint\lgscroll.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\btmmhook.dll
.
Completion time: 2014-03-16 18:36:28
ComboFix-quarantined-files.txt 2014-03-16 23:36
.
Pre-Run: 190,858,076,160 bytes free
Post-Run: 190,778,441,728 bytes free
.
- - End Of File - - BD1B20F010756BB1FFEF4E97B53B03B2
A36C5E4F47E84449FF07ED3517B43A31

Broni · Mar 16, 2014

I don't see anything malicious on your computer.

How are the issues?

danbe · Mar 17, 2014

I haven't tried to go online in Normal mode yet. Trying now.

danbe · Mar 17, 2014

The same thing happened. Also after connecting to the internet a popup from the toolbar said the antivirus and firewall are turned off. CCleaner and Avira could not be opened. When Avira was already opened and after connecting online, Firewall protection turned off. When I tried to turn it back on I got an error window that said "The service cannot accept control messages at this time." The heading was a filepath that lead to ccuac.exe

Broni · Mar 18, 2014

Please post fresh FRST logs.
Make sure you checkmark Addition.txt box so two logs are produced.

danbe · Mar 18, 2014

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-03-2014 01
Ran by 2013-12 Guest (administrator) on RTW-HM2 on 18-03-2014 18:50:52
Running from C:\Users\2013-12 Guest\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [101136 2007-01-11] (Logitech Inc.)
HKLM\...\Run: [Bluetooth HCI Monitor] - C:\Windows\system32\HCIMNTR.DLL [9728 2006-12-07] (Logitech Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BDRegion] - C:\Program Files\Cyberlink\Shared Files\brs.exe [91432 2008-05-07] (cyberlink)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2008-02-22] ()
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE [101136 2007-01-11] (Logitech Inc.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [87336 2008-04-09] (Cyberlink Corp.)
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8BEA2C70C226CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - FB51BF31761D41E49FB20C9B45D1B11B URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: SmartSwipe - {9EA1D653-4A77-4FF0-A3CE-C83466E835B1} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - SmartSwipe - {9EA1D653-4A77-4FF0-A3CE-C83466E835B1} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\2013-12 Guest\AppData\Roaming\Mozilla\Firefox\Profiles\t85oa6ed.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\2013-12 Guest\AppData\Roaming\Mozilla\Firefox\Profiles\t85oa6ed.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-03-04]
FF Extension: NoScript - C:\Users\2013-12 Guest\AppData\Roaming\Mozilla\Firefox\Profiles\t85oa6ed.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-04]
FF Extension: Adblock Plus - C:\Users\2013-12 Guest\AppData\Roaming\Mozilla\Firefox\Profiles\t85oa6ed.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-04]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010-12-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\9.0.0.18\
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\9.0.0.18\ []
FF HKLM\...\Firefox\Extensions: [smartswipe@netsecuretechnologies.com] - C:\Program Files\NetSecure\SmartSwipe\Firefox
FF Extension: SmartSwipe - C:\Program Files\NetSecure\SmartSwipe\Firefox [2012-02-07]

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-12] (Creative Labs)
S2 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [110592 2007-02-20] (Logitech Inc.)
S2 lxdi_device; C:\Windows\system32\lxdicoms.exe [517040 2007-06-11] ( )
S2 NSTSECSvc; C:\Program Files\NetSecure\SmartSwipe\NSTSECSvc_32.EXE [142040 2012-01-31] (NetSecure Technologies Ltd.)
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-02-14] ()
S2 QuickBooksDB18; C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [X]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-14] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-14] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
S1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [273552 2010-11-30] (EldoS Corporation)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
S3 Jukebox; C:\Windows\System32\DRIVERS\ctpdusb2.sys [16752 2004-09-29] (Creative Technology Ltd.)
S3 LazerUsb; C:\Windows\System32\DRIVERS\LazerUsb.sys [5739520 2007-10-16] (Lumanate Inc.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [84512 2011-10-16] (Acronis)
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [61424 2008-05-07] (Cyberlink Corp.)
S3 catchme; \??\C:\Users\2013-1~1\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-18 18:50 - 2014-03-18 18:51 - 00013202 _____ () C:\Users\2013-12 Guest\Desktop\FRST.txt
2014-03-17 21:11 - 2014-03-17 21:11 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-03-17 21:09 - 2014-03-17 21:08 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-16 18:36 - 2014-03-16 18:36 - 00013039 _____ () C:\ComboFix.txt
2014-03-16 18:22 - 2014-03-16 18:36 - 00000000 ____D () C:\Qoobox
2014-03-16 18:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-16 18:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-16 18:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-16 18:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-16 18:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-16 18:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-16 18:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-16 18:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-16 18:21 - 2014-03-16 18:35 - 00000000 ____D () C:\Windows\erdnt
2014-03-16 18:07 - 2014-03-16 18:08 - 05190594 ____R (Swearware) C:\Users\2013-12 Guest\Desktop\ComboFix.exe
2014-03-15 20:58 - 2014-03-15 20:58 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\2013-12 Guest\Desktop\tdsskiller.exe
2014-03-15 20:22 - 2014-03-15 20:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-15 20:22 - 2014-03-15 20:22 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-15 20:21 - 2014-03-15 20:52 - 00000000 ____D () C:\Users\2013-12 Guest\Desktop\mbar
2014-03-15 20:21 - 2014-03-15 20:21 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-15 20:13 - 2014-03-15 20:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\2013-12 Guest\Downloads\mbar-1.07.0.1009.exe
2014-03-15 19:41 - 2014-03-16 14:47 - 00127030 _____ () C:\Users\2013-12 Guest\Desktop\Techspot Second Reply.txt
2014-03-15 19:40 - 2014-03-15 19:40 - 00002814 _____ () C:\Users\2013-12 Guest\Desktop\RKreport[0]_D_03152014_194032.txt
2014-03-15 19:39 - 2014-03-15 19:39 - 00002765 _____ () C:\Users\2013-12 Guest\Desktop\RKreport[0]_S_03152014_193918.txt
2014-03-15 19:35 - 2014-03-15 19:47 - 00000000 ____D () C:\Users\2013-12 Guest\Desktop\RK_Quarantine
2014-03-14 15:58 - 2014-03-14 15:58 - 03901952 _____ () C:\Users\2013-12 Guest\Desktop\RogueKiller.exe
2014-03-12 21:42 - 2014-03-13 21:55 - 00038433 _____ () C:\Users\2013-12 Guest\Downloads\Addition.txt
2014-03-12 21:41 - 2014-03-18 18:50 - 00000000 ____D () C:\FRST
2014-03-12 21:41 - 2014-03-13 21:55 - 00032536 _____ () C:\Users\2013-12 Guest\Downloads\FRST.txt
2014-03-12 21:36 - 2014-03-15 15:32 - 00004936 _____ () C:\Users\2013-12 Guest\Desktop\techdirect.txt
2014-03-12 20:58 - 2014-03-12 20:58 - 01145856 _____ (Farbar) C:\Users\2013-12 Guest\Desktop\FRST.exe
2014-03-12 19:47 - 2014-03-12 19:47 - 03469871 _____ (LIGHTNING UK!) C:\Users\2013-12 Guest\Downloads\SetupImgBurn_2.5.8.0.exe
2014-03-12 19:38 - 2014-03-12 19:38 - 00000072 _____ () C:\Users\2013-12 Guest\Downloads\setup-x86.exe.sig
2014-03-12 19:37 - 2014-03-12 19:37 - 00742912 _____ () C:\Users\2013-12 Guest\Downloads\setup-x86.exe
2014-03-12 19:36 - 2014-03-12 19:36 - 00184707 _____ () C:\Users\2013-12 Guest\Downloads\Install-winMd5Sum.exe
2014-03-12 18:44 - 2014-03-18 18:19 - 00000000 ____D () C:\Users\2013-12 Guest\Downloads\Intret
2014-03-12 18:33 - 2014-03-12 19:10 - 729808896 _____ () C:\Users\2013-12 Guest\Downloads\lubuntu-13.10-desktop-i386.iso
2014-03-11 21:08 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 21:08 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 21:08 - 2014-02-28 23:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 21:08 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 21:08 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 21:08 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 21:08 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 21:08 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 21:08 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 21:08 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 21:08 - 2014-02-28 22:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 21:08 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 21:08 - 2014-02-28 22:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 21:08 - 2014-02-28 22:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 21:08 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 21:08 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 21:08 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 21:08 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 21:08 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 21:08 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 21:08 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 21:08 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 21:08 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 21:08 - 2014-01-27 21:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 21:06 - 2014-02-06 20:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 21:06 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 21:06 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-04 18:02 - 2014-03-04 18:02 - 04765152 _____ (Piriform Ltd) C:\Users\2013-12 Guest\Downloads\ccsetup411.exe
2014-03-04 18:01 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-04 18:01 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-04 18:01 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-04 18:00 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-04 18:00 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-04 18:00 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-04 18:00 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-04 18:00 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-04 18:00 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-04 18:00 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-04 18:00 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-04 18:00 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-04 18:00 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-04 18:00 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-04 04:23 - 2014-03-17 21:10 - 00194123 _____ () C:\Windows\setupact.log
2014-03-04 04:23 - 2014-03-04 04:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 04:22 - 2014-03-16 18:39 - 00102512 _____ () C:\Windows\PFRO.log
2014-03-04 04:01 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-03 23:09 - 2014-03-03 23:09 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Avira
2014-03-03 23:05 - 2014-03-03 23:05 - 00000000 ____D () C:\ProgramData\Avira
2014-03-03 23:05 - 2014-03-03 23:05 - 00000000 ____D () C:\Program Files\Avira
2014-03-03 23:05 - 2014-02-14 12:00 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-03 23:05 - 2014-02-14 12:00 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-03 23:05 - 2014-02-14 12:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-03 23:05 - 2014-02-14 12:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-03-03 22:39 - 2014-03-03 22:45 - 137044488 _____ () C:\Users\2013-12 Guest\Downloads\avira_free_antivirus_en.exe
2014-03-03 22:12 - 2014-03-03 22:12 - 04462384 _____ (AVG Technologies) C:\Users\2013-12 Guest\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-03 22:12 - 2014-03-03 22:12 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\MFAData
2014-03-03 22:12 - 2014-03-03 22:12 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Avg2014
2014-03-03 20:48 - 2014-03-03 20:48 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf374bc8d5a0ed.job
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Mozilla
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Mozilla
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Malwarebytes
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 20:36 - 2013-04-04 15:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2014-03-18 18:51 - 2014-03-18 18:50 - 00013202 _____ () C:\Users\2013-12 Guest\Desktop\FRST.txt
2014-03-18 18:50 - 2014-03-12 21:41 - 00000000 ____D () C:\FRST
2014-03-18 18:19 - 2014-03-12 18:44 - 00000000 ____D () C:\Users\2013-12 Guest\Downloads\Intret
2014-03-18 17:52 - 2010-11-20 16:01 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-17 21:15 - 2011-10-11 23:14 - 01337939 _____ () C:\Windows\WindowsUpdate.log
2014-03-17 21:11 - 2014-03-17 21:11 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-03-17 21:10 - 2014-03-04 04:23 - 00194123 _____ () C:\Windows\setupact.log
2014-03-17 21:10 - 2010-12-28 13:45 - 00000480 _____ () C:\Windows\Tasks\SDMsgUpdate (SD).job
2014-03-17 21:10 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 21:10 - 2008-06-16 20:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-17 21:08 - 2014-03-17 21:09 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-16 18:39 - 2014-03-04 04:22 - 00102512 _____ () C:\Windows\PFRO.log
2014-03-16 18:36 - 2014-03-16 18:36 - 00013039 _____ () C:\ComboFix.txt
2014-03-16 18:36 - 2014-03-16 18:22 - 00000000 ____D () C:\Qoobox
2014-03-16 18:36 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-03-16 18:35 - 2014-03-16 18:21 - 00000000 ____D () C:\Windows\erdnt
2014-03-16 18:33 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-03-16 18:27 - 2011-10-11 22:01 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 18:27 - 2011-10-11 22:01 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 18:08 - 2014-03-16 18:07 - 05190594 ____R (Swearware) C:\Users\2013-12 Guest\Desktop\ComboFix.exe
2014-03-16 14:47 - 2014-03-15 19:41 - 00127030 _____ () C:\Users\2013-12 Guest\Desktop\Techspot Second Reply.txt
2014-03-15 20:58 - 2014-03-15 20:58 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\2013-12 Guest\Desktop\tdsskiller.exe
2014-03-15 20:52 - 2014-03-15 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-15 20:52 - 2014-03-15 20:21 - 00000000 ____D () C:\Users\2013-12 Guest\Desktop\mbar
2014-03-15 20:22 - 2014-03-15 20:22 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-15 20:21 - 2014-03-15 20:21 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-15 20:13 - 2014-03-15 20:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\2013-12 Guest\Downloads\mbar-1.07.0.1009.exe
2014-03-15 19:47 - 2014-03-15 19:35 - 00000000 ____D () C:\Users\2013-12 Guest\Desktop\RK_Quarantine
2014-03-15 19:40 - 2014-03-15 19:40 - 00002814 _____ () C:\Users\2013-12 Guest\Desktop\RKreport[0]_D_03152014_194032.txt
2014-03-15 19:40 - 2010-11-17 00:18 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 19:39 - 2014-03-15 19:39 - 00002765 _____ () C:\Users\2013-12 Guest\Desktop\RKreport[0]_S_03152014_193918.txt
2014-03-15 15:32 - 2014-03-12 21:36 - 00004936 _____ () C:\Users\2013-12 Guest\Desktop\techdirect.txt
2014-03-14 15:58 - 2014-03-14 15:58 - 03901952 _____ () C:\Users\2013-12 Guest\Desktop\RogueKiller.exe
2014-03-13 21:55 - 2014-03-12 21:42 - 00038433 _____ () C:\Users\2013-12 Guest\Downloads\Addition.txt
2014-03-13 21:55 - 2014-03-12 21:41 - 00032536 _____ () C:\Users\2013-12 Guest\Downloads\FRST.txt
2014-03-12 20:58 - 2014-03-12 20:58 - 01145856 _____ (Farbar) C:\Users\2013-12 Guest\Desktop\FRST.exe
2014-03-12 19:47 - 2014-03-12 19:47 - 03469871 _____ (LIGHTNING UK!) C:\Users\2013-12 Guest\Downloads\SetupImgBurn_2.5.8.0.exe
2014-03-12 19:38 - 2014-03-12 19:38 - 00000072 _____ () C:\Users\2013-12 Guest\Downloads\setup-x86.exe.sig
2014-03-12 19:37 - 2014-03-12 19:37 - 00742912 _____ () C:\Users\2013-12 Guest\Downloads\setup-x86.exe
2014-03-12 19:36 - 2014-03-12 19:36 - 00184707 _____ () C:\Users\2013-12 Guest\Downloads\Install-winMd5Sum.exe
2014-03-12 19:10 - 2014-03-12 18:33 - 729808896 _____ () C:\Users\2013-12 Guest\Downloads\lubuntu-13.10-desktop-i386.iso
2014-03-12 18:29 - 2011-10-30 09:28 - 00000000 ____D () C:\Windows\pss
2014-03-12 18:23 - 2009-07-13 23:33 - 00725504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 18:22 - 2008-06-16 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 05:40 - 2008-06-16 20:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-04 18:57 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-04 18:24 - 2011-10-18 15:36 - 00000000 ___RD () C:\Program Files\Skype
2014-03-04 18:24 - 2008-08-22 11:20 - 00000000 ____D () C:\ProgramData\Skype
2014-03-04 18:02 - 2014-03-04 18:02 - 04765152 _____ (Piriform Ltd) C:\Users\2013-12 Guest\Downloads\ccsetup411.exe
2014-03-04 04:23 - 2014-03-04 04:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 04:21 - 2011-10-12 22:02 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-03-04 04:21 - 2011-10-12 22:02 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-03-04 04:05 - 2013-07-13 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-04 04:03 - 2011-10-12 21:38 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-03 23:09 - 2014-03-03 23:09 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Avira
2014-03-03 23:05 - 2014-03-03 23:05 - 00000000 ____D () C:\ProgramData\Avira
2014-03-03 23:05 - 2014-03-03 23:05 - 00000000 ____D () C:\Program Files\Avira
2014-03-03 23:02 - 2011-12-11 17:54 - 00000000 ____D () C:\Program Files\Avanquest
2014-03-03 23:02 - 2008-06-16 20:05 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-03 23:01 - 2013-12-11 20:04 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Apple Computer
2014-03-03 23:01 - 2011-10-17 14:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-03 23:00 - 2011-01-09 19:54 - 00000000 ____D () C:\Program Files\Garmin
2014-03-03 22:58 - 2013-06-24 20:47 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-03 22:56 - 2012-09-23 10:59 - 00000000 ____D () C:\Program Files\NCH Software
2014-03-03 22:55 - 2011-10-11 22:04 - 00000000 ____D () C:\ProgramData\Creative
2014-03-03 22:45 - 2014-03-03 22:39 - 137044488 _____ () C:\Users\2013-12 Guest\Downloads\avira_free_antivirus_en.exe
2014-03-03 22:38 - 2010-11-16 15:27 - 00000000 ____D () C:\Program Files\Allway Sync
2014-03-03 22:25 - 2011-10-16 11:22 - 00000000 ____D () C:\Program Files\Common Files\Acronis
2014-03-03 22:19 - 2008-06-16 21:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-03 22:13 - 2010-12-12 13:48 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-03 22:12 - 2014-03-03 22:12 - 04462384 _____ (AVG Technologies) C:\Users\2013-12 Guest\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-03 22:12 - 2014-03-03 22:12 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\MFAData
2014-03-03 22:12 - 2014-03-03 22:12 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Avg2014
2014-03-03 20:48 - 2014-03-03 20:48 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf374bc8d5a0ed.job
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Mozilla
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Mozilla
2014-03-03 20:46 - 2014-03-03 20:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Malwarebytes
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 20:36 - 2014-03-03 20:36 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-28 23:30 - 2014-03-11 21:08 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 23:11 - 2014-03-11 21:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 23:10 - 2014-03-11 21:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 22:52 - 2014-03-11 21:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 22:51 - 2014-03-11 21:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-11 21:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 22:43 - 2014-03-11 21:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 22:43 - 2014-03-11 21:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 22:40 - 2014-03-11 21:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 22:38 - 2014-03-11 21:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 22:38 - 2014-03-11 21:08 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 22:37 - 2014-03-11 21:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 22:31 - 2014-03-11 21:08 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 22:25 - 2014-03-11 21:08 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 22:16 - 2014-03-11 21:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:14 - 2014-03-11 21:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:03 - 2014-03-11 21:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:00 - 2014-03-11 21:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 21:57 - 2014-03-11 21:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 21:32 - 2014-03-11 21:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 21:27 - 2014-03-11 21:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:25 - 2014-03-11 21:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-19 18:17 - 2013-12-11 20:03 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Roaming\Adobe
2014-02-19 18:16 - 2013-12-11 20:04 - 00000000 ____D () C:\Users\2013-12 Guest\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\2013-12 Guest\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!

LastRegBack: 2014-03-04 01:15

==================== End Of Log ============================

danbe · Mar 18, 2014

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-03-2014 01
Ran by 2013-12 Guest at 2014-03-18 18:51:51
Running from C:\Users\2013-12 Guest\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.6 - Hewlett-Packard) Hidden
32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
3ivx MPEG-4 5.0.2 (remove only) (HKLM\...\3ivx MPEG-4 5.0.2) (Version: 5.0.2 - 3ivx Technologies, Pty. Ltd.)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDDRV_Installer (Version: 1.00.0000 - Logitech Inc.) Hidden
Creative ALchemy (HKLM\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
DVD Architect Studio 5.0 (HKLM\...\{8292F88E-2DB7-456B-A8F1-9079B7432A1E}) (Version: 5.0.128 - Sony)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HP LaserJet P3010 Series PCL 6 (HKLM\...\HP LaserJet P3010 Series PCL 6) (Version: 10/09/2008 61.083.41.03 - HP)
HP LaserJet P3010 Series Screen Fonts (HKLM\...\{CB71331A-9DCE-4A0D-B527-FD96BD5CFC4A}) (Version: 2.0.0.0 - Hewlett Packard, Co.)
HP LaserJet P3010 Series User Guide (HKLM\...\{06C4BA69-5210-4707-B5BE-E26D487E1854}) (Version: 1.0.0.0 - Hewlett Packard, Co.)
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
iolo technologies' System Mechanic 5 Professional (HKLM\...\iolo technologies' System Mechanic 5 Professional) (Version: - iolo technologies, LLC)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Java(TM) 6 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.)
Java(TM) 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KhalSetup (Version: 3.21.29 - Logitech) Hidden
Learn to Use Excel 2010 (HKLM\...\{5746D17A-0D04-4EA2-9036-70E69BFCB5D9}) (Version: 1.00 - Avanquest)
Learn to Use Powerpoint 2010 (HKLM\...\{548ACC30-4392-4DE3-A9D9-52C1484AD005}) (Version: 1.00 - Avanquest)
Learn to Use Windows 7 (HKLM\...\{482DEE41-EC3D-461A-AF86-3C113AE84FB4}) (Version: 1.00 - Avanquest)
Learn to Use Word 2010 (HKLM\...\{7B8B7D94-FD67-46EC-A509-8D9D49D99D4B}) (Version: 1.00 - Avanquest)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NewBlue Cartoonr for Vegas (HKLM\...\NewBlue Cartoonr for Vegas) (Version: - )
NewBlue VideoFX for Sony Vegas MSPS (HKLM\...\NewBlue VideoFX for Sony Vegas MSPS) (Version: - )
NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Control Panel 320.78 (Version: 320.78 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2078 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 2.4 (HKLM\...\{2CD2C0DB-81C3-416B-9FA6-589B9235359B}) (Version: 2.4.9310 - OpenOffice.org)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (Version: 7.3.2830.0 - CyberLink Corporation) Hidden
PowerDVD Ultra (HKLM\...\InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.2830.0 - CyberLink Corporation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Serif DrawPlus X4 (HKLM\...\{EEA1BB90-CF27-449E-B269-0C5A660AC4C1}) (Version: 11.0.3.023 - Serif (Europe) Ltd)
Serif PagePlus X4 (HKLM\...\{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}) (Version: 14.0.5.027 - Serif (Europe) Ltd)
Serif PagePlus X4 Resources (HKLM\...\{A93EC091-461F-46EE-BAE1-327EB608AA60}) (Version: 14.0.1.010 - Serif (Europe) Ltd)
Serif Premium Template Pack 1 for WebPlus (HKLM\...\{0A1CAF84-CDC8-477F-997F-800AB090EA46}) (Version: 12.0.0.012 - Serif (Europe) Ltd)
Serif WebPlus X4 (HKLM\...\{9ADA45A0-8043-470A-8E8B-02EA7D95F896}) (Version: 12.0.5.033 - Serif (Europe) Ltd)
Serif WebPlus X4 Resources (HKLM\...\{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}) (Version: 12.0.0.008 - Serif (Europe) Ltd)
SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 3.2 - Logitech)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartDraw VP (HKLM\...\SmartDraw VP) (Version: - SmartDraw.com)
SmartFTP Client (HKLM\...\{A19B28F0-CA25-4180-A782-D4EDD758B708}) (Version: 4.0.1123.0 - SmartSoft Ltd.)
SmartFTP Client 4.0 Setup Files (remove only) (HKLM\...\SmartFTP Client 4.0 Setup Files) (Version: 4.0 - SmartSoft Ltd)
SmartSwipe (HKLM\...\SmartSwipe) (Version: 7.219.1718.0 - NetSecure Technologies)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sony Vocal Eraser (HKLM\...\Sony Vocal Eraser_is1) (Version: 1.00 - iZotope, Inc.)
Sound Forge Audio Studio 10.0 (HKLM\...\{6473C0E9-9763-4D94-808A-B250540AA750}) (Version: 10.0.152 - Sony)
SRM Evaluation Software V 6.32.57 (HKLM\...\{AABCAF42-285D-4702-BD25-BAFE963C7A40}) (Version: 6.32.57 - SRM)
SRM Software 6.41.01 (HKLM\...\{DB124147-DDBA-4DDB-9434-FA76AB796648}) (Version: 6.41.01 - SRM)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Logitech HIDClass (10/16/2006 1.0) (HKLM\...\1EC636D2DBA2D9924E02E10DA797DEC16306C1A9) (Version: 10/16/2006 1.0 - Logitech)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))

==================== Restore Points =========================

11-02-2014 00:43:57 Windows Update
11-02-2014 00:52:17 Windows Update
19-02-2014 22:53:22 Windows Update
04-03-2014 03:23:42 Removed Apple Software Update
04-03-2014 03:24:48 Removed Acronis Sync Agent
04-03-2014 03:31:48 Removed Apple Application Support
04-03-2014 03:38:52 Removed Apple Mobile Device Support
04-03-2014 03:42:05 Removed Bonjour
04-03-2014 03:56:26 Removed Garmin Aviation Checklist Editor
04-03-2014 03:56:41 Removed Garmin Communicator Plugin
04-03-2014 03:57:02 Removed iTunes
04-03-2014 04:00:40 Removed Garmin USB Drivers
04-03-2014 04:00:58 Removed iCloud
04-03-2014 04:02:08 Removed Learn to Use Outlook 2010
04-03-2014 09:00:13 Windows Update
04-03-2014 23:22:28 Windows Update
12-03-2014 10:38:25 Windows Update
16-03-2014 00:53:52 Before MWB AntiRootkit Install

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1BD532D9-DCE2-468E-9D82-B31AC13107D6} - System32\Tasks\{20365247-CC4C-4A0E-93CD-19FE2AEDC3FB} => C:\Program Files\Advanced System Optimizer\ffInfo.exe
Task: {2AC02D4A-105E-432D-A5CE-8DB6A51FA7EF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {37401BB5-BA76-4FED-8E4F-ACA717A38146} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {3C220F9F-3A9A-429A-99F3-2C746C2DBC02} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {51C50637-FC91-4D63-B7EB-EFD43127C09E} - System32\Tasks\{C2EA3F05-F614-4398-AE63-14DB5D914036} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {51E319BA-4CA2-4E00-A0A5-0424E22F9564} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6BB7CE18-3E3E-442A-8F63-DD8141D2525B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6E536511-3D48-4B92-907B-4C697BE4F46A} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-16] (Google)
Task: {72CDF776-B79F-4ADF-88A4-33D3BC1E653D} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7C24E51D-E92B-43F2-9376-35BD409D58B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {7DB89DD1-19D6-4FCE-956A-C442E3D5C801} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-13] (Microsoft Corporation)
Task: {8E631609-C4A7-4209-BBDE-2AB7D3CAFF15} - System32\Tasks\SDMsgUpdate (SD) => C:\Program Files\SmartDraw VP\Messages\SDNotify.exe [2010-04-06] ()
Task: {B21E59AD-7D03-454A-BB2C-71CB01D2971C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-17] (Google Inc.)
Task: {CC0DFB12-5C14-407D-96A7-54EC3D0B07B3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf374bc8d5a0ed.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (SD).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2014 05:49:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 09:19:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 09:16:05 PM) (Source: Wininit) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted.

Error: (03/17/2014 09:16:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: lsass.exe, version: 6.1.7601.18270, time stamp: 0x52423310
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x244
Faulting application start time: 0xlsass.exe0
Faulting application path: lsass.exe1
Faulting module path: lsass.exe2
Report Id: lsass.exe3

Error: (03/17/2014 09:12:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 09:08:44 PM) (Source: Wininit) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted.

Error: (03/17/2014 09:08:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: lsass.exe, version: 6.1.7601.18270, time stamp: 0x52423310
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x26c
Faulting application start time: 0xlsass.exe0
Faulting application path: lsass.exe1
Faulting module path: lsass.exe2
Report Id: lsass.exe3

Error: (03/17/2014 09:04:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 08:13:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2014 06:40:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/18/2014 06:50:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/18/2014 06:50:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/18/2014 06:50:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/18/2014 06:50:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/18/2014 06:50:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/18/2014 06:50:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/18/2014 06:48:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/18/2014 06:48:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/18/2014 06:48:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/18/2014 06:48:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (12/21/2010 08:53:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 785 seconds with 120 seconds of active time. This session ended with a crash.

Error: (12/07/2010 08:31:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1457 seconds with 60 seconds of active time. This session ended with a crash.

Error: (12/06/2010 07:39:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/06/2010 07:20:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/18/2010 00:33:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3616 seconds with 780 seconds of active time. This session ended with a crash.

Error: (11/17/2010 11:10:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12115 seconds with 1140 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2011-10-11 20:34:40.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:40.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:40.127
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.837
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.254
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 20:34:39.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3325.92 MB
Available physical RAM: 2844.52 MB
Total Pagefile: 6650.13 MB
Available Pagefile: 6199.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:177.5 GB) NTFS
Drive d: () (Fixed) (Total:232.78 GB) (Free:229.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: EB275B50)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: B38EEE25)

Partition: GPT Partition Type.

==================== End Of Log ============================

Broni · Mar 18, 2014

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

danbe · Mar 18, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-03-2014 01
Ran by 2013-12 Guest at 2014-03-18 20:29:41 Run:1
Running from C:\Users\2013-12 Guest\Desktop
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
S3 catchme; \??\C:\Users\2013-1~1\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\2013-12 Guest\AppData\Local\Temp\avgnt.exe
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!

*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
catchme => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\2013-12 Guest\AppData\Local\Temp\avgnt.exe => Moved successfully.

The operation completed successfully.

==== End of Fixlog ====

Broni · Mar 18, 2014

Any positive changes?

danbe · Mar 18, 2014

Tried again, no. Started up in normal mode disconnected from internet. Everything seemed fine, opened Avira which said protection is on. Opened Windows Firewall which said protection is on. However Windows Action Center reported that Avira and WF were turned off, and that I need a spyware program. Anyway I plugged in online while the Avira Window was still open. Not only did I get the same Restart message but Avira's GUI settings changed from on to off right in front of me.

Broni · Mar 18, 2014

There is definitely nothing malicious there.

In this forum, we make sure, your computer is free of malware and your computer is clean

Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Inactive Forced Restart upon Internet Connection "You are about to be logged off"

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Attachments

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Similar threads