TechSpot

Trojan Sirefef needs eliminating

Solved
By NathanC
Apr 16, 2012
  1. Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.04.15.07
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Cheung :: CHEUNG-DESKTOP [limited]
    Protection: Disabled
    16/04/2012 5:24:14 PM
    mbam-log-2012-04-16 (17-24-14).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 288445
    Time elapsed: 14 minute(s), 28 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 4
    C:\Users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ypzaov.exe (Trojan.Zbot.IPGen) -> Quarantined and deleted successfully.
    C:\Users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nuirek.exe (Trojan.Zbot.IPGen) -> Quarantined and deleted successfully.
    C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\hogio.exe (Trojan.Zbot.IPGen) -> Quarantined and deleted successfully.
    C:\Users\Cheung\AppData\Local\Temp\jZip\jZip15225\jZip185C\iepv.exe (PUP.PSW.Passview) -> Quarantined and deleted successfully.
    (end)
     
  2. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-17 09:35:09
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 rev.
    Running: gmer.exe; Driver: C:\Users\Cheung\AppData\Local\Temp\kwlyyfog.sys

    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
    AttachedDevice \Driver\tdx \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
    ---- EOF - GMER 1.0.15 ----
     
  3. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Cheung at 9:36:22 on 2012-04-17
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.597 [GMT 8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\IDSync\IDSyncService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Megacloud\VSSService.exe
    C:\IDSync\IDSyncCDBManager.exe
    C:\Windows\system32\conhost.exe
    C:\IDSync\IDSyncSDBManager.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\theSkyNet\wrapper-windows-x86-32.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
    C:\IDSync\IDSyncClient.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\java.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Program Files\Zune1\ZuneLauncher.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\IntelAppUp\IntelAppStore\bin\serviceManager.exe
    C:\Program Files\CyberLink\TV Enhance\TVEService.exe
    C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
    C:\Program Files\CyberLink\PlayMovie\PMVService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\OpenDrive\OpenDrive_Tray.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\SugarSync\SugarSyncManager.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Business-in-a-Box\BIBLauncher.exe
    C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    C:\Program Files\Windows Live\Mesh\WLSync.exe
    C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\IDSync\IDSyncTray.exe
    C:\Program Files\Windows Live\Mesh\MOE.exe
    C:\Program Files\Megacloud\Livedrive.exe
    C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\FileHippo.com\UpdateChecker.exe
    C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\IDSync\IDSNotifier.exe
    C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Evernote\Evernote\EvernoteTray.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    C:\Program Files\GoBox\gobox_desktop.exe
    C:\Program Files\Evernote\Evernote\Evernote.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe
    \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
    C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Qlock\qlock.exe
    C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
    C:\Portable Apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
    C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
    C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
    C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
    C:\Users\Cheung\AppData\Roaming\Wuala\Wuala.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
    C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\DropboxPortableAHK.exe
    C:\Portable Apps\PortableApps\DropboxPortableAHK-HR\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\Cheung\Desktop\gmer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\getmac.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dreamerz.biz/home.htm
    uInternet Settings,ProxyOverride = *.local;192.168.*.*;127.0.0.1:9421;<local>
    uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
    mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: IEToolbarBHO Class: {1a1dac8c-074d-440f-8707-7009a672d7d1} - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: DealScout: {467013bb-d67e-45be-a7d7-c29e3cca8aad} - c:\program files\dealscout\dealscout.dll
    BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: PrimaDesk Login Helper: {7aec5d7c-9ba0-4a13-ab5d-244e4276fc09} - c:\windows\downloaded program files\conflict.3\npPrimaDeskPlugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
    BHO: BrowserHelper Class: {edf48a39-1442-463f-9f4e-f376a78d034a} - c:\program files\megacloud\LivedriveExplorerExtensions.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: LinkedIn Toolbar: {bb670d0b-5c46-40c7-b38b-40dd26987723} - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll
    TB: PrimadeskToolbar: {1b5498a8-c09c-43dd-89fc-67803840387e} - c:\windows\downloaded program files\conflict.3\npPrimaDeskPlugin.dll
    TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
    TB: GoBox: {6a719530-8443-4898-9bc4-69e76b5f1c89} - c:\program files\gobox\gobox.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: GoBox Sidebar: {3bc832b5-d7af-4718-98ac-7f1269404929} - c:\program files\gobox\gobox.dll
    EB: LinkedIn Toolbar: {85e0b171-04fa-11d1-b7da-00a0c90348d6} - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll
    uRun: [<NO NAME>]
    uRun: [AdobeBridge]
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [Google Update] "c:\users\cheung\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [BIBLauncher] c:\program files\business-in-a-box\BIBLauncher.exe
    uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
    uRun: [Akamai NetSession Interface] "c:\users\cheung\appdata\local\akamai\netsession_win.exe"
    uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [IDSyncStartup] "c:\idsync\IDSyncStartup.exe" Hide
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
    uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
    uRun: [Livedrive] "c:\program files\megacloud\Livedrive.exe"
    uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
    uRunOnce: [Application Restart #7] c:\program files\google\chrome frame\application\chrome.exe --automation-channel=chrometestinginterface:8528.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --user-data-dir="c:\users\cheung\appdata\local\google\chrome frame\user data\iexplore" --chrome-version=17.0.963.79 --lang=en-US --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session
    mRun: [TrayServer] c:\progra~1\magix\movie_~1\TrayServer_en.exe
    mRun: [Zune Launcher] "c:\program files\zune1\ZuneLauncher.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Intel AppUp(SM) center] "c:\program files\intelappup\intelappstore\bin\serviceManager.lnk"
    mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
    mRun: [PCMAgent] "c:\program files\cyberlink\powercinema\PCMAgent.exe"
    mRun: [PlayMovie] "c:\program files\cyberlink\playmovie\PMVService.exe"
    mRun: [CLMLServer] "c:\program files\cyberlink\powercinema\kernel\clml\CLMLSvc.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [<NO NAME>]
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Fiabee] c:\program files\tuso\fiabee sync\Fiabee.exe hack
    mRun: [OpenDrive Tray] c:\program files\opendrive\OpenDrive_Tray.exe
    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SBRegRebootCleaner] "c:\program files\ad-aware antivirus\engine\SBRC.exe"
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dropbox1\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteTray.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\gobox.lnk - c:\program files\gobox\gobox_desktop.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\idrive~1.lnk - c:\idsync\IDSyncTray.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\mangoa~1.lnk - c:\program files\mangoapps desktop\MangoApps Desktop.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\megacl~1.lnk - c:\users\cheung\appdata\roaming\megacloud\MegaCloud.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office14\GROOVE.EXE
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\portab~1.lnk - c:\portable apps\Start.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\qlock.lnk - c:\program files\qlock\qlock.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\program files\windows live\mesh\WLSync.exe
    StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\wuala.lnk - c:\users\cheung\appdata\roaming\wuala\Wuala.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Add to Evernote 4 - c:\portable apps\portableapps\evernoteportable\app\evernote\EvernoteIE.dll/204
    IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Linked&In Search - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll/ContextMenu.htm
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {1FAEED48-6C46-4AE6-9686-499858131F2E} - hxxps://www.primadesk.com/primadesk/plugin/npPrimaDeskPlugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{8B75A3DC-33D2-42E6-9440-7A1BECF6D031} : DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{BB33D5F5-D7EF-41F9-A0C1-0A3064D53BD4} : NameServer = 208.67.222.222,208.67.220.220
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
    STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2011-9-10 13440]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-4-14 15672]
    R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2012-4-4 146904]
    R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-3-2 296336]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-16 242240]
    R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2011-10-13 9600]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-14 221784]
    R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-14 78936]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
    R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-2-16 87368]
    R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-7-2 298824]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 IDSyncService;IDSyncService;c:\idsync\IDSyncService.exe [2012-3-2 144856]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-15 654408]
    R2 MegacloudVSSService;Megacloud VSS Service;c:\program files\megacloud\VSSService.exe [2012-3-16 157920]
    R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2012-2-2 214896]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
    R2 SZASSIST;SecretZone Assist Service;c:\program files\clarus\samsung secretzone\SZAssistSVC.exe [2012-3-20 90112]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
    R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2011-8-29 464224]
    R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2011-8-29 189792]
    R2 wrapper;theSkyNet;c:\program files\theskynet\wrapper-windows-x86-32.exe [2011-5-26 431896]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-15 22344]
    R3 mdf16;mdf16;c:\program files\clarus\samsung secretzone\mdf16.sys [2012-3-20 18288]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-13 30576]
    R3 mvd22;mvd22;c:\program files\clarus\samsung secretzone\mvd22.sys [2012-3-20 70512]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S1 eanhcosu;eanhcosu;c:\windows\system32\drivers\eanhcosu.sys [2012-4-17 42960]
    S1 qbgpwvsl;qbgpwvsl;c:\windows\system32\drivers\qbgpwvsl.sys [2012-4-17 42960]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\fabs.exe /disableui --> c:\program files\common files\magix services\database\bin\FABS.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
    S2 LRMINIPORT;ISAMSvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-1 2214504]
    S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
    S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-10-13 49152]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;"c:\program files\common files\magix services\database\bin\fbserver.exe" --> c:\program files\common files\magix services\database\bin\fbserver.exe [?]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-25 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-1-25 23808]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-8 11008]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-25 15872]
    S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-14 94040]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-25 52224]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune1\WMZuneComm.exe [2011-8-5 268512]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-04-17 01:08:57 -------- d-----w- c:\users\cheung\appdata\local\{C930C657-C4D5-419A-BDCE-CCDE68B3A091}
    2012-04-17 01:06:21 42960 ----a-w- c:\windows\system32\drivers\eanhcosu.sys
    2012-04-17 00:55:58 42960 ----a-w- c:\windows\system32\drivers\qbgpwvsl.sys
    2012-04-17 00:41:14 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f0fe51ab-033b-4c45-ac20-9938fd6a1f4d}\offreg.dll
    2012-04-17 00:33:03 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f0fe51ab-033b-4c45-ac20-9938fd6a1f4d}\mpengine.dll
    2012-04-16 13:48:32 -------- d-----w- c:\users\cheung\appdata\local\{1B72F4AF-DAFA-47C1-B040-23068B05EC36}
    2012-04-16 09:23:20 -------- d-----w- c:\users\cheung\appdata\local\{48D69A34-2EEC-4C24-A449-A56634FB87D6}
    2012-04-16 08:00:30 -------- d-----w- c:\program files\FileHippo.com
    2012-04-16 05:31:33 -------- d-----w- c:\users\cheung\appdata\local\{D2D99226-CC43-4594-957D-0B2643789272}
    2012-04-16 02:29:05 -------- d-----w- c:\users\cheung\appdata\local\{BF4A0660-038F-4325-BD0C-301A2B0796D6}
    2012-04-15 12:23:02 -------- d-----w- c:\users\cheung\appdata\local\{C79FA9A6-6601-4446-BFC2-B73ABCA802FD}
    2012-04-15 10:02:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-15 10:02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-15 09:53:53 -------- d-----w- c:\users\cheung\appdata\local\{3F0BF5B6-C2C6-468D-A253-B5F897315C2E}
    2012-04-14 10:40:03 -------- d-----w- c:\users\cheung\appdata\local\{A5B6A3D7-C0BB-402D-A787-D607CEED761C}
    2012-04-14 10:08:06 -------- d-----w- c:\users\cheung\appdata\local\adaware
    2012-04-14 10:08:05 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2012-04-14 10:07:52 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2012-04-14 10:07:39 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
    2012-04-14 10:07:21 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
    2012-04-14 10:07:21 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
    2012-04-14 10:07:16 -------- d-----w- c:\program files\Ad-Aware Antivirus
    2012-04-14 10:04:34 -------- d-----w- c:\users\cheung\appdata\roaming\Ad-Aware Antivirus
    2012-04-14 09:21:32 -------- d-----w- c:\users\cheung\appdata\local\{1E392024-CDA3-49EC-93EB-B0DE7AF0972C}
    2012-04-13 16:34:12 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2012-04-13 16:34:12 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2012-04-13 16:34:06 -------- d-----w- c:\program files\IObit
    2012-04-13 16:29:38 -------- d-----w- c:\program files\OpenDrive
    2012-04-13 16:25:40 -------- d-----w- c:\users\cheung\appdata\local\{D6112BD0-2AF7-4B0C-8E20-FAE1BB86F637}
    2012-04-13 01:36:23 -------- d-----w- c:\users\cheung\appdata\roaming\Cocylu
    2012-04-13 01:26:04 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-04-12 12:42:16 -------- d-----w- c:\users\cheung\appdata\local\{92DA621C-FF95-4BA4-ABA2-E7B205A5D782}
    2012-04-12 09:08:12 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-12 09:08:12 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 09:08:12 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-12 09:08:12 159232 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-12 09:05:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-12 09:05:40 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 08:04:38 -------- d--h--w- c:\windows\AxInstSV
    2012-04-10 06:47:33 -------- d-sh--w- C:\~LD
    2012-04-10 06:41:25 -------- d-----w- c:\users\cheung\appdata\local\{60169B06-6F8A-498A-A7B9-643FFF6D2957}
    2012-04-09 12:47:08 -------- d-----w- c:\users\cheung\appdata\local\{D6EAA220-7A43-4177-A20E-7C8254733C84}
    2012-04-08 07:46:52 -------- d-----w- c:\users\cheung\appdata\local\{6629C97C-6288-42A9-8761-BB259B2D4764}
    2012-04-08 07:44:15 -------- d-----w- c:\users\cheung\appdata\local\{DF38BF77-5464-466A-9BAE-D5CE7F1B42DE}
    2012-04-08 06:19:44 -------- d-----w- c:\users\cheung\appdata\local\PCM4Everio
    2012-04-08 06:07:07 -------- d-----w- c:\users\cheung\appdata\local\{EC6D206D-3F26-43D4-AFD5-2218779EC910}
    2012-04-08 06:04:15 -------- d-----w- c:\users\cheung\appdata\local\{1185EBEB-4016-40FB-AA88-495E84239EB3}
    2012-04-04 08:37:06 -------- d-----w- C:\xampp
    2012-04-04 05:26:30 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-04 04:17:30 146904 ----a-w- c:\windows\system32\drivers\cbfs.sys
    2012-04-04 04:16:34 -------- d-----w- c:\users\cheung\appdata\local\Megacloud
    2012-04-04 04:16:32 -------- d-----w- c:\program files\Megacloud
    2012-04-04 04:08:42 -------- d-----w- c:\program files\Spectromancer
    2012-04-04 03:29:13 -------- d-----w- c:\users\cheung\appdata\local\OpenDrive
    2012-04-03 09:20:15 -------- d-----w- c:\users\cheung\appdata\roaming\Fiabee
    2012-04-03 09:19:53 -------- d-----w- c:\program files\Tuso
    2012-03-28 03:45:27 -------- d-----w- c:\program files\Evernote
    2012-03-27 14:25:40 -------- d-----w- c:\users\cheung\appdata\local\{BCAA9F1D-1F32-4204-958A-78CE64E21FCF}
    2012-03-26 08:13:15 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
    2012-03-26 07:56:44 -------- d-----w- c:\users\cheung\.gstreamer-0.10
    2012-03-26 07:48:50 -------- d-----w- c:\programdata\Motorola Media Link
    2012-03-26 07:48:48 -------- d-----w- c:\program files\Motorola Mobility
    2012-03-26 07:45:56 -------- d-----w- c:\users\cheung\appdata\roaming\MotoCast
    2012-03-22 15:10:04 -------- d-----w- c:\users\cheung\appdata\local\{B11F8463-3B3C-4EFA-922C-AD55657175C5}
    2012-03-22 15:06:59 97280 --sha-r- c:\windows\system32\FLACDX.ax
    2012-03-22 15:06:59 81920 --sha-r- c:\windows\system32\aac_parser.ax
    2012-03-22 15:06:59 227328 --sha-r- c:\windows\system32\ac3DX.ax
    2012-03-22 15:06:59 179200 --sha-r- c:\windows\system32\DiracSplitter.ax
    2012-03-22 15:06:59 175104 --sha-r- c:\windows\system32\CoreAAC.ax
    2012-03-22 15:06:59 123904 --sha-r- c:\windows\system32\AVCDX.ax
    2012-03-22 14:30:17 -------- d-----w- c:\users\cheung\appdata\local\{367D2617-E872-4FEA-8773-9F8476790042}
    .
    ==================== Find3M ====================
    .
    2012-04-14 10:20:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-16 01:48:42 1734368 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
    2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-16 01:58:29 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-02-14 04:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-09 14:43:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-09 14:43:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-09 14:43:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-09 14:43:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-09 14:43:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-09 14:43:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-09 14:43:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-09 14:43:00 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-02-09 14:43:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-09 14:43:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-09 14:43:00 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-09 14:43:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-25 05:58:00 23808 ----a-w- c:\windows\system32\drivers\Motousbnet.sys
    2012-01-25 05:57:48 24192 ----a-w- c:\windows\system32\drivers\motmodem.sys
    2012-01-25 05:57:44 8448 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
    2012-01-25 05:57:36 20864 ----a-w- c:\windows\system32\drivers\motccgp.sys
    2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2006-05-03 03:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 04:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 06:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
    2010-01-06 16:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8709BFD0]<<
    _asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
    1 ntkrnlpa!IofCallDriver[0x82E4C52A] -> \Device\Harddisk0\DR0[0x8681E530]
    3 CLASSPNP[0x8BC0459E] -> ntkrnlpa!IofCallDriver[0x82E4C52A] -> [0x86EBCEF8]
    \Driver\00000944[0x86EA3E90] -> IRP_MJ_CREATE -> 0x8709BFD0
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 9:38:26.36 ===============
     
  4. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/06/2011 2:39:00 PM
    System Uptime: 17/04/2012 8:40:36 AM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5KC
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2394/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 420 GiB total, 107.201 GiB free.
    D: is FIXED (NTFS) - 512 GiB total, 134.981 GiB free.
    E: is FIXED (NTFS) - 466 GiB total, 71.265 GiB free.
    F: is CDROM ()
    H: is CDROM ()
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&20D7719E&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&20D7719E&0
    Service: i8042prt
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
    Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&18BA0AA4&0&00E5
    Manufacturer: Atheros
    Name: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
    PNP Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&18BA0AA4&0&00E5
    Service: AtcL001
    .
    ==== System Restore Points ===================
    .
    RP303: 15/04/2012 7:31:01 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    AC3Filter 1.63b
    Acrobat X Suite
    Ad-Aware Antivirus
    Ad-Aware Browsing Protection
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Captivate Quiz Results Analyzer
    Adobe Captivate Reviewer
    Adobe Community Help
    Adobe Content Viewer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player Plugin
    Adobe InDesign CS5.5
    Adobe Media Player
    Adobe Presenter 7
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AUSkey software 1.4.0.3
    AUSkey software 1.4.0.6
    Avi2Dvd 0.6.1
    AviSynth 2.5
    Bing Bar
    Bing Bar Platform
    blinkx beat
    Bonjour
    Box for Office
    Bubble Ball Lite
    Bubble Breaker
    Bubblins 2
    Bulk Rename Utility 2, 6, 1, 0
    BurnAware Free 4.2
    Business-in-a-Box
    Canon Easy-WebPrint EX
    Cool Remote Server
    CoreAAC Audio Decoder (remove only)
    CyberLink PowerCinema
    D3DX10
    DAEMON Tools Lite
    DealScout for Internet Explorer
    Deathrace
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DeVeDe
    doPDF 7.2 printer
    Dropbox
    Dulux MyColour4
    DVD Decrypter (Remove Only)
    DVD Flick 1.3.0.7
    DVD Shrink 3.2
    DVDFab 8.1.1.2 (08/08/2011) Qt
    e-Sword
    e-tax 2011
    Ekiga (remove only)
    Evernote v. 4.5.4
    ffdshow [rev 3299] [2010-03-03]
    Fiabee Sync
    FileHippo.com Update Checker
    Firebird SQL Server - MAGIX Edition
    Foxit Reader 5.1
    Free ISO Create Wizard 4.3.9
    FreeOnlineRadioPlayerRecorder Toolbar
    GoBox
    Google Calendar Sync
    Google Chrome
    Google Chrome Frame
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Google Video Uploader
    GTK2-Runtime
    Haali Media Splitter
    Hotspot Shield 2.06
    HP Photosmart Essential
    IDriveSync version 1.0.1 November 18, 2011
    IHF Handball Challenge 12
    ImgBurn
    Intel AppUp(SM) center
    ISO Recorder
    ISODisk 1.1
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Jello.Dashboard 5.25 beta (Astral)
    Joukuu Lite
    Junk Mail filter update
    jZip
    LAME v3.98.3 for Audacity
    LCP 5.04
    LinkedIn Internet Explorer Toolbar
    Lyrics Plugin for iTunes
    MAGIX Movie Edit Pro 17 Plus Download Version
    MAGIX Screenshare
    MAGIX Speed burnR (MSI)
    Malwarebytes Anti-Malware version 1.61.0.1400
    MangoApps Desktop
    MegaCloud
    Mesh Runtime
    Messenger Companion
    MFG Trader
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Advertising SDK for Windows Phone - ENU
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft Expression Blend 3 SDK
    Microsoft Expression Blend 4
    Microsoft Expression Blend 4 Add-in for Adobe FXG Import
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Expression Blend SDK for Windows Phone 7
    Microsoft Expression Blend SDK for Windows Phone OS 7.1
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Help Viewer 1.1
    Microsoft IntelliPoint 8.2
    Microsoft IntelliType Pro 8.2
    Microsoft LifeCam
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Project 2010 Service Pack 1 (SP1)
    Microsoft Project Professional 2010
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Premium 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft XNA Framework Redistributable 4.0 Refresh
    Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
    Microsoft XNA Game Studio 4.0 Refresh
    Microsoft XNA Game Studio 4.0 Refresh (ARP entry)
    Microsoft XNA Game Studio 4.0 Refresh (Redists)
    Microsoft XNA Game Studio 4.0 Refresh (Shared Components)
    Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)
    Microsoft XNA Game Studio Platform Tools
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MotoCast
    MotoHelper 2.1.40 Driver 5.5.0
    MotoHelper MergeModules
    MOTOROLA MEDIA LINK
    Motorola Mobile Drivers Installation 5.2.0
    Motorola Mobile Drivers Installation 5.5.0
    MP3 Repair Tool v1.5.2
    Mp3tag v2.49
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Little Artist
    Nokia Connectivity Cable Driver
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    Nokia PC Suite
    NoteBurner 2.35
    NVIDIA Control Panel 275.33
    NVIDIA Graphics Driver 275.33
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA Update 1.3.5
    NVIDIA Update Components
    OpenAL
    OpenDNS Updater 2.2.1
    OpenDrive
    Orbit Downloader
    Ovi Desktop Sync Engine
    OviMPlatform
    PC Connectivity Solution
    PFPortChecker 1.0.39
    Picasa 3
    Portforward Static IP Address 1.0.47
    Poxxle
    Qlock Lite
    QuickTime
    RAR Password Recovery Magic v6.1.1.386
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    RocketDock 1.3.5
    Samsung Auto Backup
    Samsung SecretZone
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Shufflr
    Skype Click to Call
    Skype™ 5.8
    Smart Defrag 2
    Spectromancer: Truth and Beauty
    SugarSync for Outlook
    SugarSync Manager
    SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
    SyncToy 2.1 (x86)
    theSkyNet
    TomTom HOME 2.8.3.2499
    TomTom HOME Visual Studio Merge Modules
    TuneUp Companion 2.1.1
    TwInbox (remove only)
    Unlocker 1.9.1
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    WCF Data Services SDK for Windows Phone
    WebM Media Foundation Components
    Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
    Windows Driver Package - Nokia Modem (10/07/2010 4.6)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile Device Updater Component
    Windows Phone Emulator - ENU
    Windows Phone SDK 7.1 - ENU
    Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU
    Windows Phone SDK 7.1 Assemblies
    Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0
    WinHTTrack Website Copier 3.44-1
    WinRAR 4.01 (32-bit)
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    Wuala
    Wuala CBFS
    Wuala OverlayIcons
    X-Lite 3.0
    XAMPP 1.7.7
    Xvid Video Codec
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    Zune Lyrics
    .
     
  5. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    ==== Event Viewer Messages From Past Week ========
    .
    17/04/2012 9:35:36 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
    17/04/2012 9:35:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    17/04/2012 9:33:25 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    17/04/2012 9:13:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.
    17/04/2012 9:13:39 AM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    17/04/2012 9:11:32 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    17/04/2012 9:10:24 AM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Hang Exception code: Resource: file:C:\Windows\System32\rdnaoflsvc.dll
    17/04/2012 9:08:42 AM, Error: Service Control Manager [7023] - The Ssoftservice service terminated with the following error: Access is denied.
    17/04/2012 9:07:10 AM, Error: Service Control Manager [7023] - The Cbidf service terminated with the following error: Access is denied.
    17/04/2012 9:06:10 AM, Error: Service Control Manager [7023] - The Awservice service terminated with the following error: Access is denied.
    17/04/2012 9:05:10 AM, Error: Service Control Manager [7023] - The Slntamr service terminated with the following error: Access is denied.
    17/04/2012 9:04:10 AM, Error: Service Control Manager [7023] - The Zpcache service terminated with the following error: Access is denied.
    17/04/2012 9:03:10 AM, Error: Service Control Manager [7023] - The .netframework service terminated with the following error: Access is denied.
    17/04/2012 9:02:10 AM, Error: Service Control Manager [7023] - The Bdss service terminated with the following error: Access is denied.
    17/04/2012 9:01:10 AM, Error: Service Control Manager [7023] - The Cnxtdiag service terminated with the following error: Access is denied.
    17/04/2012 9:00:10 AM, Error: Service Control Manager [7023] - The Akshhl service terminated with the following error: Access is denied.
    17/04/2012 8:59:10 AM, Error: Service Control Manager [7023] - The Https-admserv61 service terminated with the following error: Access is denied.
    17/04/2012 8:58:10 AM, Error: Service Control Manager [7023] - The CX23880 service terminated with the following error: Access is denied.
    17/04/2012 8:57:10 AM, Error: Service Control Manager [7023] - The Anio service terminated with the following error: Access is denied.
    17/04/2012 8:56:10 AM, Error: Service Control Manager [7023] - The S117nd5 service terminated with the following error: Access is denied.
    17/04/2012 8:55:10 AM, Error: Service Control Manager [7023] - The Bcftdi service terminated with the following error: Access is denied.
    17/04/2012 8:54:10 AM, Error: Service Control Manager [7023] - The Oracledbconsoleorcl service terminated with the following error: Access is denied.
    17/04/2012 8:53:10 AM, Error: Service Control Manager [7023] - The Ma_cmidi_installerservice service terminated with the following error: Access is denied.
    17/04/2012 8:52:10 AM, Error: Service Control Manager [7023] - The CYGF32X service terminated with the following error: Access is denied.
    17/04/2012 8:51:10 AM, Error: Service Control Manager [7023] - The Nsynas32 service terminated with the following error: Access is denied.
    17/04/2012 8:50:10 AM, Error: Service Control Manager [7023] - The Utscsi service terminated with the following error: Access is denied.
    17/04/2012 8:49:10 AM, Error: Service Control Manager [7023] - The Cmdmon service terminated with the following error: Access is denied.
    17/04/2012 8:48:10 AM, Error: Service Control Manager [7023] - The Protectionservice service terminated with the following error: Access is denied.
    17/04/2012 8:47:10 AM, Error: Service Control Manager [7023] - The NEOFLTR_600_13319 service terminated with the following error: Access is denied.
    17/04/2012 8:46:10 AM, Error: Service Control Manager [7023] - The Hibernation service terminated with the following error: Access is denied.
    17/04/2012 8:45:10 AM, Error: Service Control Manager [7023] - The Picturetaker service terminated with the following error: Access is denied.
    17/04/2012 8:44:10 AM, Error: Service Control Manager [7023] - The Pelusblf service terminated with the following error: Access is denied.
    17/04/2012 8:43:47 AM, Error: Service Control Manager [7041] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the user has not been granted the requested logon type at this computer. Service: nvUpdatusService Domain and account: .\UpdatusUser This service account does not have the required user right "Log on as a service." User Action Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster. If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
    17/04/2012 8:43:47 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    17/04/2012 8:43:10 AM, Error: Service Control Manager [7023] - The Appn service terminated with the following error: Access is denied.
    17/04/2012 8:42:10 AM, Error: Service Control Manager [7023] - The Ovepstatusengine service terminated with the following error: Access is denied.
    17/04/2012 8:42:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    17/04/2012 8:41:28 AM, Error: Service Control Manager [7023] - The ZDPSp50 service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:28 AM, Error: Service Control Manager [7023] - The Psdistributionagent service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:28 AM, Error: Service Control Manager [7023] - The A016mdfl service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Symc8xx service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The SMTPSVC service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The ROB_V service terminated with the following error: The system cannot find the file specified.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Rca service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Pop3d32 service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Oracleorahome92pagingserver service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Mdmxsdk service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Hpzius12 service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Gearsecurity service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The CTEXFIFX.DLL service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Cmdagent service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    17/04/2012 8:41:27 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    17/04/2012 8:41:09 AM, Error: Service Control Manager [7023] - The Neokdss service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:09 AM, Error: Service Control Manager [7023] - The Mnsframework service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:09 AM, Error: Service Control Manager [7023] - The ISAMSvc service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:09 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    17/04/2012 8:41:08 AM, Error: Service Control Manager [7023] - The Fallback service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:08 AM, Error: Service Control Manager [7023] - The Arhidfltr service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Zpnodecollector service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Sscdserd service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Pinger service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The PBADRV service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Nvidesm service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The NETw4v32 service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The MSW_USB service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The EACSys service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The CnxtHdAudService service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Captureservice service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Bt3cser service terminated with the following error: The specified module could not be found.
    17/04/2012 8:41:03 AM, Error: Service Control Manager [7000] - The FABS - Helping agent for MAGIX media database service failed to start due to the following error: The system cannot find the file specified.
    17/04/2012 8:41:01 AM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
    17/04/2012 8:34:38 AM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    17/04/2012 8:34:21 AM, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
    17/04/2012 8:33:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    17/04/2012 8:33:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    17/04/2012 8:23:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    17/04/2012 8:23:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    16/04/2012 9:54:34 PM, Error: Service Control Manager [7023] - The Cmdagent service terminated with the following error: Access is denied.
    16/04/2012 9:53:33 PM, Error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: Access is denied.
    16/04/2012 9:52:33 PM, Error: Service Control Manager [7023] - The Gearsecurity service terminated with the following error: Access is denied.
    16/04/2012 9:51:34 PM, Error: Service Control Manager [7023] - The ISAMSvc service terminated with the following error: Access is denied.
    16/04/2012 9:50:37 PM, Error: Service Control Manager [7023] - The MSW_USB service terminated with the following error: Access is denied.
    16/04/2012 9:49:49 PM, Error: Service Control Manager [7023] - The A016mdfl service terminated with the following error: Access is denied.
    16/04/2012 9:48:51 PM, Error: Service Control Manager [7023] - The Oracleorahome92pagingserver service terminated with the following error: Access is denied.
    16/04/2012 9:47:21 PM, Error: Service Control Manager [7023] - The Pop3d32 service terminated with the following error: The process cannot access the file because it is being used by another process.
    16/04/2012 9:45:32 PM, Error: Service Control Manager [7023] - The NETw4v32 service terminated with the following error: Access is denied.
    16/04/2012 9:45:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    16/04/2012 9:44:59 PM, Error: Service Control Manager [7034] - The TVEnhance Background Capture Service (TBCS) service terminated unexpectedly. It has done this 1 time(s).
    16/04/2012 5:24:22 PM, Error: Service Control Manager [7023] - The Hpdj service terminated with the following error: Access is denied.
    16/04/2012 5:23:38 PM, Error: Service Control Manager [7023] - The Https-nassry service terminated with the following error: Access is denied.
    16/04/2012 5:22:31 PM, Error: Service Control Manager [7023] - The SWUMX51 service terminated with the following error: Access is denied.
    16/04/2012 5:21:29 PM, Error: Service Control Manager [7023] - The Db2ntsecserver service terminated with the following error: Access is denied.
    16/04/2012 5:20:29 PM, Error: Service Control Manager [7023] - The Bwsvc service terminated with the following error: Access is denied.
    16/04/2012 5:19:29 PM, Error: Service Control Manager [7023] - The SE2Dmdfl service terminated with the following error: Access is denied.
    16/04/2012 5:18:31 PM, Error: Service Control Manager [7023] - The Dvd_2K service terminated with the following error: Access is denied.
    16/04/2012 5:17:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    16/04/2012 5:17:41 PM, Error: Service Control Manager [7023] - The Pacsptisvr service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The W800obex service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The TMHIDSRV service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The TcpipBM service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Service service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Savrt service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The S125obex service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The PTproct service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Lp6nds35 service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Jsdaemon service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Bltrust service terminated with the following error: Access is denied.
    16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The AVerBDA service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Z800mdm service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Tb2RCAssist service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The S116mdm service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Rvscc service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The NWDNS service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The NETw5x32 service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Mqdmserd service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Ipcsvc service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Int15.sys service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Iftpsvc service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Idisw2km service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Hpn service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Genregistrar service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Fs_rec service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Foldersize service terminated with the following error: Access is denied.
    16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Atitool service terminated with the following error: Access is denied.
    16/04/2012 5:16:54 PM, Error: Service Control Manager [7023] - The Qbfcservice service terminated with the following error: Access is denied.
    16/04/2012 5:16:54 PM, Error: Service Control Manager [7023] - The Epson_pm_rpcv4_01 service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Zntport service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The V124 service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The TryAndDecideService service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Symlcbrd service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Svcwmu service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Om518p service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Nwlnknb service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The MREMP50a64 service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Logmein service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The ICM10USB service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The E100b service terminated with the following error: Access is denied.
    16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Admjoy service terminated with the following error: Access is denied.
    16/04/2012 5:16:50 PM, Error: Service Control Manager [7023] - The Vproeventmonitor service terminated with the following error: Access is denied.
    16/04/2012 5:16:50 PM, Error: Service Control Manager [7023] - The Mdvrmng service terminated with the following error: Access is denied.
    16/04/2012 5:16:50 PM, Error: Service Control Manager [7023] - The Flutilssvc service terminated with the following error: Access is denied.
    16/04/2012 5:16:50 PM, Error: Service Control Manager [7023] - The DynDNS_Updater_Service service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Vzcdbsvc service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Vci service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Tunnelguardservice service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Trufos service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Timounter service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The S24eventmonitor service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Rt2500usb service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The P1110vid service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Mfesmfk service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Lvpopflt service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Iisadmin service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The I81x service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Hsf_msft service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Flashcomadmin service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The El90xbc service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Dac960nt service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Cdvp service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Ati service terminated with the following error: Access is denied.
    16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The AF15BDA service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Upsentry_smart service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Resourcemanagermail service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Pshost service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Pdlndlpb service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Lvsrvlauncher service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The LVPrcMon service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The JGOGO service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Imountsrv service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Enodpl service terminated with the following error: Access is denied.
    16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Avpnnic service terminated with the following error: Access is denied.
    16/04/2012 5:16:36 PM, Error: Service Control Manager [7023] - The Gpc service terminated with the following error: Access is denied.
    16/04/2012 5:16:36 PM, Error: Service Control Manager [7023] - The Dmload service terminated with the following error: Access is denied.
    16/04/2012 5:16:36 PM, Error: Service Control Manager [7023] - The Dlaudf_m service terminated with the following error: Access is denied.
    16/04/2012 5:16:36 PM, Error: Service Control Manager [7023] - The CTERFXFX.DLL service terminated with the following error: Access is denied.
    16/04/2012 4:41:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    16/04/2012 4:27:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\clisvc.dll;containerfile:_C:\Windows\system32\delldmi.dll;containerfile:_C:\Windows\System32\g400.dll;containerfile:_C:\Windows\System32\hpzid412.dll;containerfile:_C:\Windows\System32\LVVI500A.dll;containerfile:_C:\Windows\System32\MailService.dll;containerfile:_C:\Windows\System32\mksupdateint.dll;containerfile:_C:\Windows\System32\parport.dll;containerfile:_C:\Windows\System32\sf.dll;containerfile:_C:\Windows\system32\vmkbd.dll;file:_C:\Windows\System32\clisvc.dll->EWS->1.cod;file:_C:\Windows\system32\delldmi.dll->EWS->1.cod;file:_C:\Windows\System32\g400.dll->EWS->1.cod;file:_C:\Windows\System32\hpzid412.dll->EWS->1.cod;file:_C:\Windows\System32\LVVI500A.dll->EWS->1.cod;file:_C:\Windows\System32\MailService.dll->EWS->1.cod;file:_C:\Windows\System32\mksupdateint.dll->EWS->1.cod;file:_C:\Windows\System32\parport.dll->EWS->1.cod;file:_C:\Windows\System32\sf.dll->EWS->1.cod;file:_C:\Windows\system32\vmkbd.dll->EWS->1.cod;service:_drvmcdb;service:_firesvc;service:_iastor;ser Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.123.1823.0, AS: 1.123.1823.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8202.0, NIS: 0.0.0.0
    16/04/2012 4:18:29 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    16/04/2012 4:17:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    16/04/2012 4:17:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    16/04/2012 4:16:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    16/04/2012 4:16:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    16/04/2012 4:16:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    16/04/2012 4:16:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    16/04/2012 4:16:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    16/04/2012 4:16:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CbFs cbfs3 discache ISODisk MpFilter spldr vmm Wanarpv6
    16/04/2012 4:16:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    16/04/2012 4:02:59 PM, Error: Service Control Manager [7023] - The Iksyssec service terminated with the following error: Access is denied.
    16/04/2012 3:50:19 PM, Error: Service Control Manager [7023] - The Ati service terminated with the following error: The specified procedure could not be found.
    16/04/2012 3:36:00 PM, Error: Service Control Manager [7023] - The WmaCVideo32 service terminated with the following error: Access is denied.
    16/04/2012 3:32:59 PM, Error: Service Control Manager [7023] - The Blueservice service terminated with the following error: Access is denied.
    16/04/2012 3:25:59 PM, Error: Service Control Manager [7023] - The Fallback service terminated with the following error: Access is denied.
    16/04/2012 3:21:02 PM, Error: Service Control Manager [7023] - The Pdagent service terminated with the following error: Access is denied.
    16/04/2012 3:19:06 PM, Error: Service Control Manager [7023] - The Nwlnknb service terminated with the following error: The specified procedure could not be found.
    16/04/2012 2:16:09 PM, Error: Service Control Manager [7023] - The Wmconnectcds service terminated with the following error: Access is denied.
     
  6. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    16/04/2012 2:14:59 PM, Error: Service Control Manager [7023] - The Iomdisk service terminated with the following error: Access is denied.
    16/04/2012 2:13:59 PM, Error: Service Control Manager [7023] - The AsusACPI service terminated with the following error: Access is denied.
    16/04/2012 2:13:00 PM, Error: Service Control Manager [7023] - The AVCSTRM service terminated with the following error: Access is denied.
    16/04/2012 2:12:00 PM, Error: Service Control Manager [7023] - The Tfsndrct service terminated with the following error: Access is denied.
    16/04/2012 2:11:00 PM, Error: Service Control Manager [7023] - The Se44mdfl service terminated with the following error: Access is denied.
    16/04/2012 2:10:00 PM, Error: Service Control Manager [7023] - The MRESP50a64 service terminated with the following error: Access is denied.
    16/04/2012 2:08:59 PM, Error: Service Control Manager [7023] - The SE26obex service terminated with the following error: Access is denied.
    16/04/2012 2:07:59 PM, Error: Service Control Manager [7023] - The Tfsncofs service terminated with the following error: Access is denied.
    16/04/2012 2:06:59 PM, Error: Service Control Manager [7023] - The Toside service terminated with the following error: Access is denied.
    16/04/2012 2:06:00 PM, Error: Service Control Manager [7023] - The Ql1280 service terminated with the following error: Access is denied.
    16/04/2012 2:04:59 PM, Error: Service Control Manager [7023] - The Penclass service terminated with the following error: Access is denied.
    16/04/2012 2:04:00 PM, Error: Service Control Manager [7023] - The Dlcq_device service terminated with the following error: Access is denied.
    16/04/2012 2:02:59 PM, Error: Service Control Manager [7023] - The TMMEmu service terminated with the following error: Access is denied.
    16/04/2012 2:01:59 PM, Error: Service Control Manager [7023] - The Arcltsrv service terminated with the following error: Access is denied.
    16/04/2012 2:00:59 PM, Error: Service Control Manager [7023] - The I2omgmt service terminated with the following error: Access is denied.
    16/04/2012 10:54:47 AM, Error: Service Control Manager [7023] - The ZD1211BU(ZyDAS) service terminated with the following error: Access is denied.
    16/04/2012 10:39:47 AM, Error: Service Control Manager [7023] - The Ftrtsvc service terminated with the following error: Access is denied.
    16/04/2012 10:32:40 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address B4-07-F9-04-2D-39. Network operations on this system may be disrupted as a result.
    16/04/2012 10:29:57 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    16/04/2012 10:28:59 AM, Error: Service Control Manager [7023] - The HSFHWALI service terminated with the following error: Access is denied.
    16/04/2012 10:28:48 AM, Error: Service Control Manager [7023] - The Mpfp service terminated with the following error: Access is denied.
    16/04/2012 10:26:46 AM, Error: Service Control Manager [7023] - The Xpagentserver service terminated with the following error: Access is denied.
    16/04/2012 10:25:46 AM, Error: Service Control Manager [7023] - The ADIDTSFiltService service terminated with the following error: Access is denied.
    16/04/2012 10:24:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    16/04/2012 10:24:46 AM, Error: Service Control Manager [7023] - The Atinrvxx service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Websenselogserver service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Uim_IM service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Uclauncherservice service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Tfsnpool service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The TcUsb service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Sglfb service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The PSDNServ service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Procdd service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Perfnet service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Penrendezvous service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The P3 service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The NICM service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Mps9 service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The MKEMUSB service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Mfebopk service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Bridgemp service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Beatjamupnpmusicserver service terminated with the following error: Access is denied.
    16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Aamqdispatcher service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Wwsecsvc service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Wpshelper service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Vncmirror service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Vmkbd service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The VAIOMediaPlatform-VideoServer-HTTP service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Symantecantibotagent service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The SQLAgent$LG_LP2 service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The SE2Emgmt service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Prfldsvc service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Pgsql-8.0 service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The PCISys service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Nvstor32 service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Ntrtscan service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The N558 service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The MS1000 service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Kmixer service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Intcazaudaddservice service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The EmAudio service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Eliservice service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The CTSYN service terminated with the following error: Access is denied.
    16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Cpuz132 service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The ZuneBusEnum service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Zpaction service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The VSP1284D service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The U81xbus service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Tosrfcom service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Tmlisten service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The SGHIDI service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Rnadirmultiplexor service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Ptserial service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Pdlncbas service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Nscirda service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Netwg311 service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Lxcccustomerconnect service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Lwwlicenseservice service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The ICAM3NT5 service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The FiltUSBEMPIA service terminated with the following error: Access is denied.
    16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Bdfsdrv service terminated with the following error: Access is denied.
    16/04/2012 10:24:15 AM, Error: Service Control Manager [7023] - The S3savagemx service terminated with the following error: Access is denied.
    16/04/2012 10:24:15 AM, Error: Service Control Manager [7023] - The Mvwebserver service terminated with the following error: Access is denied.
    16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Wg111nd5 service terminated with the following error: Access is denied.
    16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Prtg4service service terminated with the following error: Access is denied.
    16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Pgpsdkservice service terminated with the following error: Access is denied.
    16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Padfsvr service terminated with the following error: Access is denied.
    16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Lightscribeservice service terminated with the following error: Access is denied.
    16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Enecbpth service terminated with the following error: Access is denied.
    16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The AMDPCI service terminated with the following error: Access is denied.
    16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Aawservice service terminated with the following error: Access is denied.
    16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The A8djavs service terminated with the following error: Access is denied.
    16/04/2012 10:23:56 AM, Error: Service Control Manager [7023] - The Z800bus service terminated with the following error: Access is denied.
    16/04/2012 10:23:56 AM, Error: Service Control Manager [7023] - The FGDSCSI service terminated with the following error: Access is denied.
    16/04/2012 10:23:56 AM, Error: Service Control Manager [7023] - The Amusbprt service terminated with the following error: Access is denied.
    16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The Vaiomediaplatform-integratedserver-upnp service terminated with the following error: Access is denied.
    16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The P16X service terminated with the following error: Access is denied.
    16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The Ngdbserv service terminated with the following error: Access is denied.
    16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The Mssql$microsoftsmlbiz service terminated with the following error: Access is denied.
    16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The Dktknsrv service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Ypcservice service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The XTrapD12 service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Wpsnuio service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Wmp54gsvc service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Vpcnfltr service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Ultra66 service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Toscosrv service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Thpsrv service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Ss_mdfl service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Slservice service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Sleepy service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Si3114r5 service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Sgectl service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Rvsinst service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Rt2500 service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The RalinkRegistryWriter service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Mohfilt service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The IPassPeriodicUpdateApp service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Idrivert service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Hardlock service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Etoksrv service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The D-link_st3402 service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Automate6 service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Apfiltrservice service terminated with the following error: Access is denied.
    16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Adsservice service terminated with the following error: Access is denied.
    16/04/2012 10:23:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000008, 0x00000002, 0x00000000, 0x8c2f45b8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041612-27066-01.
    16/04/2012 1:59:59 PM, Error: Service Control Manager [7023] - The Usbmate service terminated with the following error: Access is denied.
    16/04/2012 1:58:59 PM, Error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: Access is denied.
    16/04/2012 1:57:59 PM, Error: Service Control Manager [7023] - The Antivirservice service terminated with the following error: Access is denied.
    16/04/2012 1:56:59 PM, Error: Service Control Manager [7023] - The Savrtpel service terminated with the following error: Access is denied.
    16/04/2012 1:55:59 PM, Error: Service Control Manager [7023] - The IAimTV6 service terminated with the following error: Access is denied.
    16/04/2012 1:55:00 PM, Error: Service Control Manager [7023] - The USB28xxBGA service terminated with the following error: Access is denied.
    16/04/2012 1:53:59 PM, Error: Service Control Manager [7023] - The Tvs service terminated with the following error: Access is denied.
    16/04/2012 1:51:59 PM, Error: Service Control Manager [7023] - The Protexislicensing service terminated with the following error: Access is denied.
    16/04/2012 1:51:03 PM, Error: Service Control Manager [7023] - The Ispwdsvc service terminated with the following error: Access is denied.
    16/04/2012 1:49:59 PM, Error: Service Control Manager [7023] - The USB11LDR service terminated with the following error: Access is denied.
    16/04/2012 1:49:04 PM, Error: Service Control Manager [7023] - The Rpcnet service terminated with the following error: Access is denied.
    16/04/2012 1:48:00 PM, Error: Service Control Manager [7023] - The StkScan service terminated with the following error: Access is denied.
    16/04/2012 1:47:00 PM, Error: Service Control Manager [7023] - The Pcdrndisuio service terminated with the following error: Access is denied.
    16/04/2012 1:45:59 PM, Error: Service Control Manager [7023] - The Hprfdev service terminated with the following error: Access is denied.
    16/04/2012 1:44:59 PM, Error: Service Control Manager [7023] - The Sympxsvc service terminated with the following error: Access is denied.
    16/04/2012 1:43:59 PM, Error: Service Control Manager [7023] - The DCamUSBSQTECH service terminated with the following error: Access is denied.
    16/04/2012 1:41:59 PM, Error: Service Control Manager [7023] - The Smbusp service terminated with the following error: Access is denied.
    16/04/2012 1:40:59 PM, Error: Service Control Manager [7023] - The Ldap service terminated with the following error: Access is denied.
    16/04/2012 1:39:59 PM, Error: Service Control Manager [7023] - The Svcwrsssdk service terminated with the following error: Access is denied.
    16/04/2012 1:39:01 PM, Error: Service Control Manager [7023] - The ZTEusbnmea service terminated with the following error: Access is denied.
    16/04/2012 1:37:03 PM, Error: Service Control Manager [7023] - The Anbmservice service terminated with the following error: Access is denied.
    16/04/2012 1:36:08 PM, Error: Service Control Manager [7023] - The Se45mdfl service terminated with the following error: Access is denied.
    16/04/2012 1:35:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    16/04/2012 1:34:59 PM, Error: Service Control Manager [7023] - The Netmdsb service terminated with the following error: Access is denied.
    16/04/2012 1:34:01 PM, Error: Service Control Manager [7023] - The Ftpds service terminated with the following error: Access is denied.
    16/04/2012 1:33:03 PM, Error: Service Control Manager [7023] - The Rp_fws service terminated with the following error: Access is denied.
    16/04/2012 1:32:07 PM, Error: Service Control Manager [7023] - The Usprserv service terminated with the following error: Access is denied.
    16/04/2012 1:31:34 PM, Error: Service Control Manager [7023] - The RSAFAL service terminated with the following error: Access is denied.
    16/04/2012 1:31:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
    16/04/2012 1:31:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
    16/04/2012 1:31:09 PM, Error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    16/04/2012 1:30:00 PM, Error: Service Control Manager [7023] - The Sansaservice service terminated with the following error: Access is denied.
    16/04/2012 1:28:59 PM, Error: Service Control Manager [7023] - The Qcmerced service terminated with the following error: Access is denied.
    16/04/2012 1:28:03 PM, Error: Service Control Manager [7023] - The Vmx86 service terminated with the following error: Access is denied.
    16/04/2012 1:26:59 PM, Error: Service Control Manager [7023] - The Qbposdbservices service terminated with the following error: Access is denied.
    16/04/2012 1:26:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    16/04/2012 1:26:16 PM, Error: Service Control Manager [7023] - The Dmisrv service terminated with the following error: Access is denied.
    16/04/2012 1:26:11 PM, Error: Service Control Manager [7023] - The AVerBDA service terminated with the following error: The specified module could not be found.
    16/04/2012 1:26:09 PM, Error: Service Control Manager [7023] - The Uphclean service terminated with the following error: Access is denied.
    16/04/2012 1:26:09 PM, Error: Service Control Manager [7023] - The SE2Bmgmt service terminated with the following error: Access is denied.
    16/04/2012 1:26:09 PM, Error: Service Control Manager [7023] - The LEX_AS_NIC_SERVICE_YNOS service terminated with the following error: Access is denied.
    16/04/2012 1:26:09 PM, Error: Service Control Manager [7023] - The Agentsrv service terminated with the following error: Access is denied.
    16/04/2012 1:26:04 PM, Error: Service Control Manager [7023] - The NVNET service terminated with the following error: Access is denied.
    16/04/2012 1:26:04 PM, Error: Service Control Manager [7023] - The NetwareWorkstation service terminated with the following error: Access is denied.
    16/04/2012 1:26:04 PM, Error: Service Control Manager [7023] - The AlteraByteBlaster service terminated with the following error: Access is denied.
    16/04/2012 1:26:03 PM, Error: Service Control Manager [7023] - The Cdrbsvsd service terminated with the following error: Access is denied.
    15/04/2012 9:26:33 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    15/04/2012 8:21:25 PM, Error: Service Control Manager [7023] - The Atmeltpm service terminated with the following error: Access is denied.
    15/04/2012 8:19:19 PM, Error: Service Control Manager [7023] - The S616mdfl service terminated with the following error: Access is denied.
    15/04/2012 8:18:19 PM, Error: Service Control Manager [7023] - The Ibmsmbus service terminated with the following error: Access is denied.
    15/04/2012 8:17:19 PM, Error: Service Control Manager [7023] - The ATIBTCAP service terminated with the following error: Access is denied.
    15/04/2012 8:15:19 PM, Error: Service Control Manager [7023] - The Enum1394 service terminated with the following error: Access is denied.
    15/04/2012 8:14:19 PM, Error: Service Control Manager [7023] - The Websensepolicyserver service terminated with the following error: Access is denied.
    15/04/2012 8:13:19 PM, Error: Service Control Manager [7023] - The Cvslock service terminated with the following error: Access is denied.
    15/04/2012 8:12:19 PM, Error: Service Control Manager [7023] - The FireTDI service terminated with the following error: Access is denied.
    15/04/2012 8:11:19 PM, Error: Service Control Manager [7023] - The StickyMesger service terminated with the following error: Access is denied.
    15/04/2012 8:10:19 PM, Error: Service Control Manager [7023] - The Datasvr2 service terminated with the following error: Access is denied.
    15/04/2012 8:09:19 PM, Error: Service Control Manager [7023] - The Matlabserver service terminated with the following error: Access is denied.
    15/04/2012 8:08:19 PM, Error: Service Control Manager [7023] - The Avgascln service terminated with the following error: Access is denied.
    15/04/2012 8:07:19 PM, Error: Service Control Manager [7023] - The Uscbs108 service terminated with the following error: Access is denied.
    15/04/2012 8:05:19 PM, Error: Service Control Manager [7023] - The Battc service terminated with the following error: Access is denied.
    15/04/2012 8:04:19 PM, Error: Service Control Manager [7023] - The Vaiomediaplatform-photoserver-appserver service terminated with the following error: Access is denied.
    15/04/2012 8:03:19 PM, Error: Service Control Manager [7023] - The Ibmfilter service terminated with the following error: Access is denied.
    15/04/2012 8:02:19 PM, Error: Service Control Manager [7023] - The Ifxspmgtsrv service terminated with the following error: Access is denied.
    15/04/2012 8:01:19 PM, Error: Service Control Manager [7023] - The Tng-doba service terminated with the following error: Access is denied.
    15/04/2012 8:00:19 PM, Error: Service Control Manager [7023] - The Marvinbus service terminated with the following error: Access is denied.
    15/04/2012 7:59:19 PM, Error: Service Control Manager [7023] - The Vaiomediaplatform-mobile-gateway service terminated with the following error: Access is denied.
    15/04/2012 7:58:19 PM, Error: Service Control Manager [7023] - The LMS service terminated with the following error: Access is denied.
    15/04/2012 7:57:19 PM, Error: Service Control Manager [7023] - The Nvstor64 service terminated with the following error: Access is denied.
    15/04/2012 7:56:19 PM, Error: Service Control Manager [7023] - The SIODRV service terminated with the following error: Access is denied.
    15/04/2012 7:55:19 PM, Error: Service Control Manager [7023] - The Se44obex service terminated with the following error: Access is denied.
    15/04/2012 7:54:19 PM, Error: Service Control Manager [7023] - The MREMP50 service terminated with the following error: Access is denied.
    15/04/2012 7:53:19 PM, Error: Service Control Manager [7023] - The Nmsaccess service terminated with the following error: Access is denied.
    15/04/2012 7:52:19 PM, Error: Service Control Manager [7023] - The Freebsd service terminated with the following error: Access is denied.
    15/04/2012 7:51:19 PM, Error: Service Control Manager [7023] - The S7oppitx service terminated with the following error: Access is denied.
    15/04/2012 7:50:19 PM, Error: Service Control Manager [7023] - The Logonsvcid service terminated with the following error: Access is denied.
    15/04/2012 7:49:19 PM, Error: Service Control Manager [7023] - The Avfilter service terminated with the following error: Access is denied.
    15/04/2012 7:48:19 PM, Error: Service Control Manager [7023] - The SlWdmSup service terminated with the following error: Access is denied.
    15/04/2012 7:47:19 PM, Error: Service Control Manager [7023] - The SrvcEPIOMngr service terminated with the following error: Access is denied.
    15/04/2012 7:46:19 PM, Error: Service Control Manager [7023] - The Contentindex service terminated with the following error: Access is denied.
    15/04/2012 7:45:19 PM, Error: Service Control Manager [7023] - The Snoopfree service terminated with the following error: Access is denied.
    15/04/2012 7:44:19 PM, Error: Service Control Manager [7023] - The W700mgmt service terminated with the following error: Access is denied.
    15/04/2012 7:43:19 PM, Error: Service Control Manager [7023] - The Traprcvr service terminated with the following error: Access is denied.
    15/04/2012 7:42:19 PM, Error: Service Control Manager [7023] - The Queuemgr service terminated with the following error: Access is denied.
    15/04/2012 7:41:19 PM, Error: Service Control Manager [7023] - The EMATCORE service terminated with the following error: Access is denied.
    15/04/2012 7:40:19 PM, Error: Service Control Manager [7023] - The STV680m service terminated with the following error: Access is denied.
    15/04/2012 7:39:19 PM, Error: Service Control Manager [7023] - The Ifp800 service terminated with the following error: Access is denied.
    15/04/2012 7:38:19 PM, Error: Service Control Manager [7023] - The NVTCP service terminated with the following error: Access is denied.
    15/04/2012 7:37:19 PM, Error: Service Control Manager [7023] - The MRENDIS5 service terminated with the following error: Access is denied.
    15/04/2012 7:36:19 PM, Error: Service Control Manager [7023] - The IASJet service terminated with the following error: Access is denied.
    15/04/2012 7:35:20 PM, Error: Service Control Manager [7023] - The Lxbu_device service terminated with the following error: Access is denied.
    15/04/2012 7:34:19 PM, Error: Service Control Manager [7023] - The Backuplauncher service terminated with the following error: Access is denied.
    15/04/2012 7:33:19 PM, Error: Service Control Manager [7023] - The Amdk77 service terminated with the following error: Access is denied.
    15/04/2012 7:32:19 PM, Error: Service Control Manager [7023] - The Wacommousefilter service terminated with the following error: Access is denied.
     
  7. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    15/04/2012 7:31:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    15/04/2012 7:31:19 PM, Error: Service Control Manager [7023] - The RVIEG01 service terminated with the following error: Access is denied.
    15/04/2012 7:30:19 PM, Error: Service Control Manager [7023] - The V0080Dev service terminated with the following error: Access is denied.
    15/04/2012 7:29:19 PM, Error: Service Control Manager [7023] - The DKbFltr service terminated with the following error: Access is denied.
    15/04/2012 7:28:19 PM, Error: Service Control Manager [7023] - The Dell1100_FUService service terminated with the following error: Access is denied.
    15/04/2012 7:27:19 PM, Error: Service Control Manager [7023] - The Hpqddsvc service terminated with the following error: Access is denied.
    15/04/2012 7:26:19 PM, Error: Service Control Manager [7023] - The SWUMX20 service terminated with the following error: Access is denied.
    15/04/2012 7:25:19 PM, Error: Service Control Manager [7023] - The Centennialclientagent service terminated with the following error: Access is denied.
    15/04/2012 7:24:19 PM, Error: Service Control Manager [7023] - The A016mdm service terminated with the following error: Access is denied.
    15/04/2012 7:23:19 PM, Error: Service Control Manager [7023] - The Vulfnths service terminated with the following error: Access is denied.
    15/04/2012 7:22:19 PM, Error: Service Control Manager [7023] - The Pavsrv service terminated with the following error: Access is denied.
    15/04/2012 7:21:19 PM, Error: Service Control Manager [7023] - The IAimFP7 service terminated with the following error: Access is denied.
    15/04/2012 7:20:19 PM, Error: Service Control Manager [7023] - The Bt3cusb service terminated with the following error: Access is denied.
    15/04/2012 7:19:19 PM, Error: Service Control Manager [7023] - The Crystaloutputfileserver service terminated with the following error: Access is denied.
    15/04/2012 7:15:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    15/04/2012 7:14:40 PM, Error: Service Control Manager [7023] - The FireHook service terminated with the following error: Access is denied.
    15/04/2012 7:14:37 PM, Error: Service Control Manager [7023] - The Nvstor32 service terminated with the following error: The specified module could not be found.
    15/04/2012 7:14:37 PM, Error: Service Control Manager [7023] - The HWSCtrl service terminated with the following error: Access is denied.
    15/04/2012 7:14:31 PM, Error: Service Control Manager [7023] - The Houdiniserver service terminated with the following error: Access is denied.
    15/04/2012 7:14:30 PM, Error: Service Control Manager [7023] - The Sqlserveragent service terminated with the following error: Access is denied.
    15/04/2012 7:06:02 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    15/04/2012 7:05:51 PM, Error: Service Control Manager [7023] - The XAudio service terminated with the following error: Access is denied.
    15/04/2012 5:53:16 PM, Error: Service Control Manager [7023] - The Ac97intc service terminated with the following error: Access is denied.
    15/04/2012 5:53:07 PM, Error: Service Control Manager [7023] - The Sbservice service terminated with the following error: Access is denied.
    15/04/2012 5:50:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    15/04/2012 5:50:51 PM, Error: Service Control Manager [7023] - The Cpqdfw service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Webrootspysweeperservice service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The W810mdm service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Vsapint service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Usbscan service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Tomcatcws3 service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Tfsnifs service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The SNTIE service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Slapd-config52 service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Sisnic service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The SECYPUSB service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Se58bus service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Se27nd5 service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The SABProcEnum service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Regservice service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Pctoolsfirewallplus service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The NWSNS service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The NWADI service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The MRV6X32P service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Meraksmtp service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The M2500 service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Lxbs_device service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Ctxcpuusync service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Ctmmfilt service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The C-Dilla service terminated with the following error: Access is denied.
    15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Adobeversioncue service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Webcompserver service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The VirtualFD service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The VIAPFD service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The SE2Eobex service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The S616mgmt service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Rtport service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The RivaTuner32 service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Pserve service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The PDExchange service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Pcidump service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Nvnetbus service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The MTC0001_ESB service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Lxdm_device service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Ibmcicstransactiongateway service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The F700imd service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Elbycdio service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Cwcwdm service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The CdaD10BA service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Bb-run service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Avsinc service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Avg7alrt service terminated with the following error: Access is denied.
    15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The ATNT40K service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Zebrmdmc service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Wlluc48b service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The W550mdm service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The SMCB000 service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Slabser service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Service1 service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The S716mgmt service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Raysat3_4_6_18server service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Oracle_load_balancer_60_server-forms6i service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Msgsrvservice service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Mgactrl service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The LHidUsbK service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Knobserv service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Ifxtcs service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Enethusb service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Bgmainsvc service terminated with the following error: Access is denied.
    15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The 3combootp service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Wanminiportservice service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Vpn5000service service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Usnjsvc service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Uleadburninghelper service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Stllssvr service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Sfman service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The SE2Bobex service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The S125mdfl service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Qbreminderflash service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Qbposdbextservices service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Mssql$sqlexpress service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Mssql$microsoftbcm service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The LXARScan service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Lvmvdrv service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Isapisearch service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The IPFilter service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The GetPlusHelper service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Eamon service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The DLH5X service terminated with the following error: Access is denied.
    15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The BCM43XV service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The VX1000 service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Vhidmini service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The S217mdm service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The RAPIProtocol service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Pctspk service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Olregcap service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Lhidflt2 service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Iviregmgr service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Irda service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The HabuFltr service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The CTAudSvcService service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Cpqfcalm service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Cics.region1 service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Bridge service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Arrayssl_vpn_service3,0,1,9 service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Alim1541 service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Alcaudsl service terminated with the following error: Access is denied.
    15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Adobeactivefilemonitor5.0 service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The WimFltr service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Vcommmgr service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Tossmbnt service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Symevent service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Suservice service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Sscdserd service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Se58obex service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The S7otranx service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Rt61 service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The RESMGR service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Pdlnctdl service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The NOWMEMDF service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Msfwsvc service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Lvprcsrv service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Icraplus service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The GTWModem service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Cdralw2k service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Backupexecjobengine service terminated with the following error: Access is denied.
    15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Atitunep service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Vcsw service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Spcsutilityservice service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Se45obex service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The S716bus service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The S616unic service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Racsvc service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Mcupdmgr.exe service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Mclogmanagerservice service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Iwebmsg service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The HPSLPSVC service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Hdthermal service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Deltafw service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Cis1284 service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Besclient service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Beatjammusicstreamingserver service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Bc_filter service terminated with the following error: Access is denied.
    15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Aksusb service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Zpsc service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The XilinxPC4Driver service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The SrvcTPIOMngr service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Serialkeys service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Pdlnecfg service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Nwlnkfwd service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Nod32krn service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Nmindexingservice service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Naimagent32 service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Mcnasvc service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Mcdbus service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Mbmiodrvr service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The IPassP service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Fsaua service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Elosystemservice service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The CTDevice_Srv service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Cfosspeeds service terminated with the following error: Access is denied.
    15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The BCMModem service terminated with the following error: Access is denied.
    15/04/2012 10:07:20 PM, Error: Service Control Manager [7023] - The ROB_V service terminated with the following error: Access is denied.
    15/04/2012 10:00:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    14/04/2012 8:30:05 PM, Error: Service Control Manager [7023] - The Pinger service terminated with the following error: Access is denied.
    14/04/2012 8:29:08 PM, Error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: Access is denied.
    14/04/2012 8:26:05 PM, Error: Service Control Manager [7023] - The Mnsframework service terminated with the following error: Access is denied.
    14/04/2012 8:25:06 PM, Error: Service Control Manager [7023] - The Relational service terminated with the following error: Access is denied.
    14/04/2012 8:24:07 PM, Error: Service Control Manager [7023] - The Arhidfltr service terminated with the following error: Access is denied.
    14/04/2012 8:23:05 PM, Error: Service Control Manager [7023] - The Captureservice service terminated with the following error: Access is denied.
    14/04/2012 8:22:05 PM, Error: Service Control Manager [7023] - The Mdmxsdk service terminated with the following error: Access is denied.
    14/04/2012 8:19:06 PM, Error: Service Control Manager [7023] - The Neokdss service terminated with the following error: Access is denied.
    14/04/2012 8:15:06 PM, Error: Service Control Manager [7023] - The Vetmsgnt service terminated with the following error: Access is denied.
    14/04/2012 8:14:05 PM, Error: Service Control Manager [7023] - The Psdistributionagent service terminated with the following error: Access is denied.
    14/04/2012 8:13:05 PM, Error: Service Control Manager [7023] - The CnxtHdAudService service terminated with the following error: Access is denied.
    14/04/2012 8:11:05 PM, Error: Service Control Manager [7023] - The Rca service terminated with the following error: Access is denied.
    14/04/2012 8:09:05 PM, Error: Service Control Manager [7023] - The CTEXFIFX.DLL service terminated with the following error: Access is denied.
    14/04/2012 8:06:06 PM, Error: Service Control Manager [7023] - The Digirefresh service terminated with the following error: Access is denied.
    14/04/2012 8:04:06 PM, Error: Service Control Manager [7023] - The Vrfwsvc service terminated with the following error: Access is denied.
    14/04/2012 8:03:05 PM, Error: Service Control Manager [7023] - The Mail2ec service terminated with the following error: Access is denied.
    14/04/2012 8:02:05 PM, Error: Service Control Manager [7023] - The De_serv service terminated with the following error: Access is denied.
    14/04/2012 8:01:06 PM, Error: Service Control Manager [7023] - The Digisptiservice service terminated with the following error: Access is denied.
    14/04/2012 8:00:05 PM, Error: Service Control Manager [7023] - The Vusbbus service terminated with the following error: Access is denied.
    14/04/2012 7:59:06 PM, Error: Service Control Manager [7023] - The Netmnt service terminated with the following error: Access is denied.
    14/04/2012 7:57:05 PM, Error: Service Control Manager [7023] - The ESDCR service terminated with the following error: Access is denied.
    14/04/2012 7:56:15 PM, Error: Service Control Manager [7023] - The Lexbces service terminated with the following error: Access is denied.
    14/04/2012 7:55:05 PM, Error: Service Control Manager [7023] - The Si3132r5 service terminated with the following error: Access is denied.
    14/04/2012 7:54:06 PM, Error: Service Control Manager [7023] - The Bcm4sbxp service terminated with the following error: Access is denied.
    14/04/2012 7:53:05 PM, Error: Service Control Manager [7023] - The Ql2100 service terminated with the following error: Access is denied.
    14/04/2012 7:51:07 PM, Error: Service Control Manager [7023] - The Hsxhwazl service terminated with the following error: Access is denied.
    14/04/2012 7:50:05 PM, Error: Service Control Manager [7023] - The Ghostsec service terminated with the following error: Access is denied.
    14/04/2012 7:49:06 PM, Error: Service Control Manager [7023] - The Winvnc service terminated with the following error: Access is denied.
    14/04/2012 7:48:05 PM, Error: Service Control Manager [7023] - The Ssscsisv service terminated with the following error: Access is denied.
    14/04/2012 7:47:05 PM, Error: Service Control Manager [7023] - The NeroMediaHomeService.4 service terminated with the following error: Access is denied.
    14/04/2012 7:46:06 PM, Error: Service Control Manager [7023] - The Ezplay service terminated with the following error: Access is denied.
    14/04/2012 7:45:05 PM, Error: Service Control Manager [7023] - The DevUpper service terminated with the following error: Access is denied.
    14/04/2012 7:43:06 PM, Error: Service Control Manager [7023] - The SED133x service terminated with the following error: Access is denied.
    14/04/2012 7:41:06 PM, Error: Service Control Manager [7023] - The NETGEAR_MA111 service terminated with the following error: Access is denied.
    14/04/2012 7:40:09 PM, Error: Service Control Manager [7023] - The Amsmpu4p service terminated with the following error: Access is denied.
    14/04/2012 7:39:05 PM, Error: Service Control Manager [7023] - The Z525mdm service terminated with the following error: Access is denied.
    14/04/2012 7:38:05 PM, Error: Service Control Manager [7023] - The Mpe service terminated with the following error: Access is denied.
    14/04/2012 7:37:05 PM, Error: Service Control Manager [7023] - The DcPTP service terminated with the following error: Access is denied.
    14/04/2012 7:36:05 PM, Error: Service Control Manager [7023] - The 6to4 service terminated with the following error: Access is denied.
    14/04/2012 7:35:05 PM, Error: Service Control Manager [7023] - The Gdrv service terminated with the following error: Access is denied.
    14/04/2012 7:34:05 PM, Error: Service Control Manager [7023] - The Enxpsvc service terminated with the following error: Access is denied.
    14/04/2012 7:33:05 PM, Error: Service Control Manager [7023] - The Wmp54gv4svc service terminated with the following error: Access is denied.
    14/04/2012 7:32:05 PM, Error: Service Control Manager [7023] - The Mwstick service terminated with the following error: Access is denied.
    14/04/2012 7:31:05 PM, Error: Service Control Manager [7023] - The MR97310_USB_DUAL_CAMERA service terminated with the following error: Access is denied.
    14/04/2012 7:30:05 PM, Error: Service Control Manager [7023] - The SE27obex service terminated with the following error: Access is denied.
    14/04/2012 7:29:06 PM, Error: Service Control Manager [7023] - The Hamachi service terminated with the following error: Access is denied.
    14/04/2012 7:28:05 PM, Error: Service Control Manager [7023] - The Driverhardwarev2 service terminated with the following error: Access is denied.
    14/04/2012 7:27:06 PM, Error: Service Control Manager [7023] - The PdiPorts service terminated with the following error: Access is denied.
    14/04/2012 7:26:05 PM, Error: Service Control Manager [7023] - The Pimsgss service terminated with the following error: Access is denied.
    14/04/2012 7:25:05 PM, Error: Service Control Manager [7023] - The CAMFLT service terminated with the following error: Access is denied.
    14/04/2012 7:24:06 PM, Error: Service Control Manager [7023] - The VRcore service terminated with the following error: Access is denied.
    14/04/2012 7:23:05 PM, Error: Service Control Manager [7023] - The Spcflt service terminated with the following error: Access is denied.
    14/04/2012 7:21:06 PM, Error: Service Control Manager [7023] - The Lxbt_device service terminated with the following error: Access is denied.
    14/04/2012 7:20:06 PM, Error: Service Control Manager [7023] - The Cq_mem service terminated with the following error: Access is denied.
    14/04/2012 7:19:06 PM, Error: Service Control Manager [7023] - The Dpc_srv_webcast service terminated with the following error: Access is denied.
    14/04/2012 7:18:05 PM, Error: Service Control Manager [7023] - The Amsint service terminated with the following error: Access is denied.
    14/04/2012 7:17:06 PM, Error: Service Control Manager [7023] - The VRADFIL service terminated with the following error: Access is denied.
    14/04/2012 7:15:06 PM, Error: Service Control Manager [7023] - The SNPSTD3 service terminated with the following error: Access is denied.
    14/04/2012 7:14:05 PM, Error: Service Control Manager [7023] - The Ulcdrhlp service terminated with the following error: Access is denied.
    14/04/2012 7:12:05 PM, Error: Service Control Manager [7023] - The Sagefserver service terminated with the following error: Access is denied.
    14/04/2012 7:11:06 PM, Error: Service Control Manager [7023] - The Z800mgmt service terminated with the following error: Access is denied.
    14/04/2012 7:10:05 PM, Error: Service Control Manager [7023] - The Ar5211 service terminated with the following error: Access is denied.
    14/04/2012 7:09:14 PM, Error: Service Control Manager [7023] - The CX88ENC service terminated with the following error: Access is denied.
    14/04/2012 7:08:05 PM, Error: Service Control Manager [7023] - The Symc810 service terminated with the following error: Access is denied.
    14/04/2012 7:07:06 PM, Error: Service Control Manager [7023] - The Ipassconnectengine service terminated with the following error: Access is denied.
    14/04/2012 7:06:05 PM, Error: Service Control Manager [7023] - The Olapserver service terminated with the following error: Access is denied.
    14/04/2012 7:04:06 PM, Error: Service Control Manager [7023] - The SE2Bmdfl service terminated with the following error: Access is denied.
    14/04/2012 7:03:05 PM, Error: Service Control Manager [7023] - The Lvtuner service terminated with the following error: Access is denied.
    14/04/2012 7:01:06 PM, Error: Service Control Manager [7023] - The Emu10k1 service terminated with the following error: Access is denied.
    14/04/2012 6:59:06 PM, Error: Service Control Manager [7023] - The W200mdfl service terminated with the following error: Access is denied.
    14/04/2012 6:58:06 PM, Error: Service Control Manager [7023] - The Rtl8185 service terminated with the following error: Access is denied.
    14/04/2012 6:57:05 PM, Error: Service Control Manager [7023] - The Nmraapache service terminated with the following error: Access is denied.
    14/04/2012 6:56:06 PM, Error: Service Control Manager [7023] - The Winvnc4 service terminated with the following error: Access is denied.
    14/04/2012 6:55:05 PM, Error: Service Control Manager [7023] - The Hotkey service terminated with the following error: Access is denied.
    14/04/2012 6:54:05 PM, Error: Service Control Manager [7023] - The UWProSys service terminated with the following error: Access is denied.
    14/04/2012 6:53:06 PM, Error: Service Control Manager [7023] - The Steamdvr service terminated with the following error: Access is denied.
    14/04/2012 6:52:05 PM, Error: Service Control Manager [7023] - The Lxcr_device service terminated with the following error: Access is denied.
    14/04/2012 6:51:06 PM, Error: Service Control Manager [7023] - The CVPND service terminated with the following error: Access is denied.
    14/04/2012 6:49:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    14/04/2012 6:48:06 PM, Error: Service Control Manager [7023] - The Emupia service terminated with the following error: Access is denied.
    14/04/2012 6:46:06 PM, Error: Service Control Manager [7023] - The Mtlstrm service terminated with the following error: Access is denied.
    14/04/2012 6:45:05 PM, Error: Service Control Manager [7023] - The Icepack service terminated with the following error: Access is denied.
    14/04/2012 6:44:06 PM, Error: Service Control Manager [7023] - The Axskbus service terminated with the following error: Access is denied.
    14/04/2012 6:42:06 PM, Error: Service Control Manager [7023] - The LKbdFlt2 service terminated with the following error: Access is denied.
    14/04/2012 6:41:23 PM, Error: Service Control Manager [7023] - The Ceepwrsvc service terminated with the following error: Access is denied.
    14/04/2012 6:38:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    14/04/2012 6:37:21 PM, Error: Service Control Manager [7023] - The Mqdmserd service terminated with the following error: The specified module could not be found.
    14/04/2012 6:11:27 PM, Error: Service Control Manager [7023] - The PBADRV service terminated with the following error: Access is denied.
    14/04/2012 5:56:27 PM, Error: Service Control Manager [7023] - The Sshrmd service terminated with the following error: Access is denied.
    14/04/2012 5:41:27 PM, Error: Service Control Manager [7023] - The Symc8xx service terminated with the following error: Access is denied.
    14/04/2012 5:26:27 PM, Error: Service Control Manager [7023] - The Zpnodecollector service terminated with the following error: Access is denied.
    14/04/2012 5:19:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    14/04/2012 5:11:27 PM, Error: Service Control Manager [7023] - The Regmanserv service terminated with the following error: Access is denied.
    14/04/2012 5:11:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    14/04/2012 5:10:51 PM, Error: Service Control Manager [7023] - The Thinkpadmodemservice service terminated with the following error: Access is denied.
    14/04/2012 2:23:49 AM, Error: Service Control Manager [7023] - The Rimmptsk service terminated with the following error: Access is denied.
    14/04/2012 2:08:49 AM, Error: Service Control Manager [7023] - The Hpzius12 service terminated with the following error: Access is denied.
    14/04/2012 12:53:49 AM, Error: Service Control Manager [7023] - The Ksthunk service terminated with the following error: Access is denied.
    14/04/2012 12:38:49 AM, Error: Service Control Manager [7023] - The Nvidesm service terminated with the following error: Access is denied.
    14/04/2012 12:29:16 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    14/04/2012 12:23:49 AM, Error: Service Control Manager [7023] - The EACSys service terminated with the following error: Access is denied.
    14/04/2012 12:23:26 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    14/04/2012 11:14:05 PM, Error: Service Control Manager [7023] - The Rtl8029 service terminated with the following error: Access is denied.
    14/04/2012 10:50:06 PM, Error: Service Control Manager [7023] - The Ntsecure service terminated with the following error: Access is denied.
    14/04/2012 10:37:06 PM, Error: Service Control Manager [7023] - The Oraclewebassistant service terminated with the following error: Access is denied.
    14/04/2012 1:53:49 AM, Error: Service Control Manager [7023] - The Bufserv service terminated with the following error: Access is denied.
    14/04/2012 1:48:41 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    14/04/2012 1:38:49 AM, Error: Service Control Manager [7023] - The ZDPSp50 service terminated with the following error: Access is denied.
    13/04/2012 9:31:05 AM, Error: Service Control Manager [7023] - The Maxbackserviceint service terminated with the following error: Access is denied.
    13/04/2012 9:27:05 AM, Error: Service Control Manager [7023] - The A4S2600 service terminated with the following error: Access is denied.
    13/04/2012 9:26:05 AM, Error: Service Control Manager [7023] - The Bt3cser service terminated with the following error: Access is denied.
    13/04/2012 6:02:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    13/04/2012 4:30:21 PM, Error: Schannel [36887] - The following fatal alert was received: 48.
    12/04/2012 8:34:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/04/2012 8:15:45 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    11:03:01.0748 9336 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    11:03:02.0750 9336 ============================================================
    11:03:02.0750 9336 Current date / time: 2012/04/17 11:03:02.0750
    11:03:02.0750 9336 SystemInfo:
    11:03:02.0750 9336
    11:03:02.0750 9336 OS Version: 6.1.7601 ServicePack: 1.0
    11:03:02.0750 9336 Product type: Workstation
    11:03:02.0750 9336 ComputerName: CHEUNG-DESKTOP
    11:03:02.0751 9336 UserName: Cheung
    11:03:02.0751 9336 Windows directory: C:\Windows
    11:03:02.0751 9336 System windows directory: C:\Windows
    11:03:02.0751 9336 Processor architecture: Intel x86
    11:03:02.0751 9336 Number of processors: 4
    11:03:02.0751 9336 Page size: 0x1000
    11:03:02.0751 9336 Boot type: Normal boot
    11:03:02.0751 9336 ============================================================
    11:03:05.0201 9336 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    11:03:11.0725 9336 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    11:03:11.0775 9336 \Device\Harddisk0\DR0:
    11:03:11.0818 9336 MBR used
    11:03:11.0818 9336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3FF0B7D8
    11:03:11.0818 9336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3FF0B817, BlocksNum 0x347FA1AA
    11:03:11.0818 9336 \Device\Harddisk1\DR1:
    11:03:11.0818 9336 MBR used
    11:03:11.0818 9336 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    11:03:12.0071 9336 Initialize success
    11:03:12.0071 9336 ============================================================
    11:03:16.0583 10868 ============================================================
    11:03:16.0583 10868 Scan started
    11:03:16.0584 10868 Mode: Manual;
    11:03:16.0584 10868 ============================================================
    11:03:18.0665 10868 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    11:03:18.0714 10868 1394ohci - ok
    11:03:18.0958 10868 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    11:03:18.0972 10868 ACPI - ok
    11:03:19.0243 10868 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    11:03:19.0258 10868 AcpiPmi - ok
    11:03:19.0433 10868 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    11:03:19.0442 10868 Ad-Aware Service - ok
    11:03:19.0590 10868 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:03:19.0590 10868 AdobeARMservice - ok
    11:03:19.0759 10868 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    11:03:19.0762 10868 AdobeFlashPlayerUpdateSvc - ok
    11:03:19.0820 10868 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:03:19.0825 10868 adp94xx - ok
    11:03:19.0894 10868 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    11:03:19.0918 10868 adpahci - ok
    11:03:20.0005 10868 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    11:03:20.0008 10868 adpu320 - ok
    11:03:20.0129 10868 ADSMService - ok
    11:03:20.0179 10868 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    11:03:20.0207 10868 AeLookupSvc - ok
    11:03:20.0440 10868 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    11:03:20.0444 10868 AFD - ok
    11:03:20.0495 10868 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    11:03:20.0497 10868 agp440 - ok
    11:03:20.0545 10868 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    11:03:20.0548 10868 aic78xx - ok
    11:03:20.0727 10868 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
    11:03:20.0728 10868 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
    11:03:20.0739 10868 Akamai ( HiddenFile.Multi.Generic ) - warning
    11:03:20.0739 10868 Akamai - detected HiddenFile.Multi.Generic (1)
    11:03:20.0945 10868 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    11:03:20.0974 10868 ALG - ok
    11:03:21.0088 10868 algpxihc - ok
    11:03:21.0174 10868 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    11:03:21.0184 10868 aliide - ok
    11:03:21.0287 10868 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    11:03:21.0289 10868 amdagp - ok
    11:03:21.0317 10868 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    11:03:21.0319 10868 amdide - ok
    11:03:21.0387 10868 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    11:03:21.0388 10868 AmdK8 - ok
    11:03:21.0405 10868 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    11:03:21.0407 10868 AmdPPM - ok
    11:03:21.0462 10868 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    11:03:21.0464 10868 amdsata - ok
    11:03:21.0484 10868 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:03:21.0487 10868 amdsbs - ok
    11:03:21.0507 10868 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    11:03:21.0508 10868 amdxata - ok
    11:03:21.0527 10868 anfrxscr - ok
    11:03:21.0553 10868 anrxzaes - ok
    11:03:21.0594 10868 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    11:03:21.0595 10868 AppID - ok
    11:03:21.0678 10868 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    11:03:21.0679 10868 AppIDSvc - ok
    11:03:21.0792 10868 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    11:03:21.0795 10868 Appinfo - ok
    11:03:21.0907 10868 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    11:03:21.0908 10868 Apple Mobile Device - ok
    11:03:21.0940 10868 application - ok
    11:03:21.0974 10868 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    11:03:21.0989 10868 AppMgmt - ok
    11:03:22.0112 10868 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    11:03:22.0113 10868 arc - ok
    11:03:22.0123 10868 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    11:03:22.0125 10868 arcsas - ok
    11:03:22.0217 10868 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    11:03:22.0257 10868 aspnet_state - ok
    11:03:22.0289 10868 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:03:22.0290 10868 AsyncMac - ok
    11:03:22.0402 10868 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    11:03:22.0403 10868 atapi - ok
    11:03:22.0435 10868 AtcL001 (20b956a7d7484915b647fa13569ab557) C:\Windows\system32\DRIVERS\l160x86.sys
    11:03:22.0437 10868 AtcL001 - ok
    11:03:22.0492 10868 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
    11:03:22.0504 10868 athr - ok
    11:03:22.0640 10868 atierecord (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\mxnic.dll
    11:03:22.0797 10868 Suspicious file (NoAccess): C:\Windows\system32\mxnic.dll. md5: 11028c6a84a967070cb1286550f2058f
    11:03:22.0797 10868 atierecord ( Backdoor.Multi.ZAccess.gen ) - infected
    11:03:22.0797 10868 atierecord - detected Backdoor.Multi.ZAccess.gen (0)
    11:03:23.0224 10868 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    11:03:23.0260 10868 AudioEndpointBuilder - ok
    11:03:23.0318 10868 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    11:03:23.0320 10868 Audiosrv - ok
    11:03:23.0482 10868 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    11:03:23.0492 10868 AxInstSV - ok
    11:03:23.0582 10868 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    11:03:23.0588 10868 b06bdrv - ok
    11:03:23.0629 10868 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    11:03:23.0633 10868 b57nd60x - ok
    11:03:23.0747 10868 Bcim - ok
    11:03:23.0787 10868 bcykqxnd - ok
    11:03:23.0830 10868 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    11:03:23.0839 10868 BDESVC - ok
    11:03:23.0922 10868 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    11:03:23.0934 10868 Beep - ok
    11:03:23.0974 10868 bfeazglf - ok
    11:03:24.0018 10868 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    11:03:24.0058 10868 BITS - ok
    11:03:24.0179 10868 bkasepal - ok
    11:03:24.0225 10868 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:03:24.0227 10868 blbdrive - ok
    11:03:24.0320 10868 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
    11:03:24.0323 10868 Bonjour Service - ok
    11:03:24.0489 10868 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    11:03:24.0508 10868 bowser - ok
    11:03:24.0639 10868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:03:24.0640 10868 BrFiltLo - ok
    11:03:24.0664 10868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:03:24.0665 10868 BrFiltUp - ok
    11:03:24.0770 10868 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    11:03:24.0773 10868 Browser - ok
    11:03:24.0815 10868 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    11:03:24.0819 10868 Brserid - ok
    11:03:24.0855 10868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:03:24.0857 10868 BrSerWdm - ok
    11:03:24.0878 10868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:03:24.0878 10868 BrUsbMdm - ok
    11:03:24.0899 10868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:03:24.0900 10868 BrUsbSer - ok
    11:03:24.0957 10868 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
    11:03:24.0968 10868 BTCFilterService - ok
    11:03:25.0108 10868 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
    11:03:25.0119 10868 BthEnum - ok
    11:03:25.0282 10868 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:03:25.0308 10868 BTHMODEM - ok
    11:03:25.0619 10868 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    11:03:25.0648 10868 BthPan - ok
    11:03:25.0845 10868 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
    11:03:25.0867 10868 BTHPORT - ok
    11:03:25.0964 10868 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    11:03:25.0982 10868 bthserv - ok
    11:03:26.0142 10868 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
    11:03:26.0143 10868 BTHUSB - ok
    11:03:26.0194 10868 btkrnl - ok
    11:03:26.0272 10868 CbFs (a975187f3c8867f8d00a698a5282672b) C:\Windows\system32\drivers\cbfs.sys
    11:03:26.0304 10868 CbFs - ok
    11:03:26.0410 10868 cbfs3 (ee04be5ff8bf34aff89c2df9bc94f173) C:\Windows\system32\drivers\cbfs3.sys
    11:03:26.0430 10868 cbfs3 - ok
    11:03:26.0598 10868 ccevtmgr - ok
    11:03:26.0775 10868 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    11:03:26.0777 10868 cdfs - ok
    11:03:26.0835 10868 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    11:03:26.0838 10868 cdrom - ok
    11:03:26.0890 10868 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    11:03:26.0897 10868 CertPropSvc - ok
    11:03:27.0009 10868 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    11:03:27.0022 10868 circlass - ok
    11:03:27.0147 10868 cisvc - ok
    11:03:27.0222 10868 cleqxnfr - ok
    11:03:27.0279 10868 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    11:03:27.0283 10868 CLFS - ok
    11:03:27.0343 10868 clrpisck - ok
    11:03:27.0542 10868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:03:27.0600 10868 clr_optimization_v2.0.50727_32 - ok
    11:03:27.0814 10868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:03:28.0049 10868 clr_optimization_v4.0.30319_32 - ok
    11:03:28.0169 10868 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:03:28.0170 10868 CmBatt - ok
    11:03:28.0245 10868 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    11:03:28.0247 10868 cmdide - ok
    11:03:28.0292 10868 cmfxxesp - ok
    11:03:28.0384 10868 cnbqyxod - ok
    11:03:28.0504 10868 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    11:03:28.0529 10868 CNG - ok
    11:03:28.0588 10868 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    11:03:28.0589 10868 Compbatt - ok
    11:03:28.0827 10868 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    11:03:28.0839 10868 CompositeBus - ok
    11:03:28.0957 10868 COMSysApp - ok
    11:03:29.0014 10868 cqumwyqr - ok
    11:03:29.0169 10868 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:03:29.0180 10868 crcdisk - ok
    11:03:29.0427 10868 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    11:03:29.0433 10868 CryptSvc - ok
    11:03:29.0618 10868 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    11:03:29.0640 10868 CscService - ok
    11:03:29.0707 10868 ctdvda2k - ok
    11:03:29.0814 10868 cvoosfih - ok
    11:03:29.0932 10868 dc3d (90f8539fa0de4aafe4fdbe7f95d6a512) C:\Windows\system32\DRIVERS\dc3d.sys
    11:03:29.0948 10868 dc3d - ok
    11:03:30.0115 10868 DCamUSBMke - ok
    11:03:30.0174 10868 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    11:03:30.0181 10868 DcomLaunch - ok
    11:03:30.0234 10868 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    11:03:30.0237 10868 defragsvc - ok
    11:03:30.0374 10868 DeviceMonitorService (6824007c0ecec46edd64d7a9d86eba84) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
    11:03:30.0376 10868 DeviceMonitorService - ok
    11:03:30.0422 10868 dfjlravi - ok
    11:03:30.0512 10868 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    11:03:30.0513 10868 DfsC - ok
    11:03:30.0526 10868 dgxwxhoi - ok
    11:03:30.0652 10868 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    11:03:30.0669 10868 Dhcp - ok
    11:03:30.0749 10868 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    11:03:30.0751 10868 discache - ok
    11:03:30.0853 10868 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    11:03:30.0854 10868 Disk - ok
    11:03:30.0871 10868 dlacdbhm - ok
    11:03:30.0902 10868 dmboot - ok
    11:03:30.0946 10868 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    11:03:30.0958 10868 Dnscache - ok
    11:03:30.0992 10868 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    11:03:30.0996 10868 dot3svc - ok
    11:03:31.0023 10868 dot4scan - ok
    11:03:31.0167 10868 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    11:03:31.0197 10868 DPS - ok
    11:03:31.0496 10868 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    11:03:31.0497 10868 drmkaud - ok
    11:03:31.0617 10868 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    11:03:31.0628 10868 dtsoftbus01 - ok
    11:03:31.0746 10868 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    11:03:31.0753 10868 DXGKrnl - ok
    11:03:31.0812 10868 eanhcosu (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\eanhcosu.sys
    11:03:31.0813 10868 eanhcosu - ok
    11:03:31.0849 10868 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    11:03:31.0852 10868 EapHost - ok
    11:03:31.0971 10868 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    11:03:32.0004 10868 ebdrv - ok
    11:03:32.0013 10868 echtgppb - ok
    11:03:32.0104 10868 efctuwcc - ok
    11:03:32.0158 10868 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    11:03:32.0159 10868 EFS - ok
    11:03:32.0223 10868 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    11:03:32.0231 10868 ehRecvr - ok
    11:03:32.0262 10868 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    11:03:32.0264 10868 ehSched - ok
    11:03:32.0341 10868 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    11:03:32.0347 10868 elxstor - ok
    11:03:32.0443 10868 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    11:03:32.0443 10868 ErrDev - ok
    11:03:32.0464 10868 eudmlcgx - ok
    11:03:32.0508 10868 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    11:03:32.0512 10868 EventSystem - ok
    11:03:32.0533 10868 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    11:03:32.0536 10868 exfat - ok
    11:03:32.0558 10868 FA312 - ok
    11:03:32.0607 10868 Fabs - ok
    11:03:32.0713 10868 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    11:03:32.0747 10868 fastfat - ok
    11:03:32.0829 10868 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    11:03:32.0836 10868 Fax - ok
    11:03:32.0853 10868 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    11:03:32.0854 10868 fdc - ok
    11:03:32.0886 10868 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    11:03:32.0887 10868 fdPHost - ok
    11:03:32.0913 10868 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    11:03:32.0914 10868 FDResPub - ok
    11:03:32.0923 10868 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    11:03:32.0924 10868 FileInfo - ok
    11:03:32.0938 10868 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    11:03:32.0938 10868 Filetrace - ok
    11:03:33.0009 10868 FirebirdServerMAGIXInstance - ok
    11:03:33.0047 10868 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    11:03:33.0203 10868 FLEXnet Licensing Service - ok
    11:03:33.0322 10868 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:03:33.0339 10868 flpydisk - ok
    11:03:33.0392 10868 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    11:03:33.0394 10868 FltMgr - ok
    11:03:33.0441 10868 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    11:03:33.0449 10868 FontCache - ok
    11:03:33.0506 10868 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    11:03:33.0506 10868 FontCache3.0.0.0 - ok
    11:03:33.0538 10868 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    11:03:33.0541 10868 FsDepends - ok
    11:03:33.0582 10868 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    11:03:33.0583 10868 fssfltr - ok
    11:03:33.0707 10868 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    11:03:33.0733 10868 fsssvc - ok
    11:03:33.0831 10868 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
    11:03:33.0832 10868 Fs_Rec - ok
    11:03:33.0876 10868 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    11:03:33.0889 10868 fvevol - ok
    11:03:33.0938 10868 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:03:33.0941 10868 gagp30kx - ok
    11:03:34.0012 10868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:03:34.0013 10868 GEARAspiWDM - ok
    11:03:34.0088 10868 gimxcwch - ok
    11:03:34.0098 10868 gmwhdabk - ok
    11:03:34.0143 10868 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    11:03:34.0151 10868 gpsvc - ok
    11:03:34.0224 10868 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    11:03:34.0227 10868 gupdate - ok
    11:03:34.0271 10868 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    11:03:34.0271 10868 gupdatem - ok
    11:03:34.0323 10868 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    11:03:34.0326 10868 gusvc - ok
    11:03:34.0413 10868 gyzsnjch - ok
    11:03:34.0453 10868 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    11:03:34.0454 10868 hcw85cir - ok
    11:03:34.0473 10868 hcwPVRP2 - ok
    11:03:34.0586 10868 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    11:03:34.0611 10868 HdAudAddService - ok
    11:03:34.0812 10868 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    11:03:34.0819 10868 HDAudBus - ok
    11:03:34.0897 10868 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:03:34.0904 10868 HidBatt - ok
    11:03:34.0973 10868 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    11:03:34.0986 10868 HidBth - ok
    11:03:35.0226 10868 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    11:03:35.0228 10868 HidIr - ok
    11:03:35.0281 10868 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
    11:03:35.0287 10868 hidserv - ok
    11:03:35.0403 10868 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    11:03:35.0408 10868 HidUsb - ok
    11:03:35.0583 10868 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    11:03:35.0606 10868 hkmsvc - ok
    11:03:35.0677 10868 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    11:03:35.0681 10868 HomeGroupListener - ok
    11:03:35.0737 10868 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    11:03:35.0759 10868 HomeGroupProvider - ok
    11:03:35.0907 10868 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    11:03:35.0926 10868 HpSAMD - ok
    11:03:36.0014 10868 hshld (27cb54c0346efd7b0536b0cb610131ae) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    11:03:36.0017 10868 hshld - ok
    11:03:36.0201 10868 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
    11:03:36.0209 10868 HssDrv - ok
    11:03:36.0343 10868 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    11:03:36.0346 10868 HssSrv - ok
    11:03:36.0387 10868 HssTrayService (92b08e09a54485f18959161686e4b65f) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    11:03:36.0406 10868 HssTrayService - ok
    11:03:36.0438 10868 HssWd - ok
    11:03:36.0539 10868 htsxjlkq (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\htsxjlkq.sys
    11:03:36.0541 10868 htsxjlkq - ok
    11:03:36.0599 10868 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    11:03:36.0606 10868 HTTP - ok
    11:03:36.0641 10868 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    11:03:36.0641 10868 hwpolicy - ok
    11:03:36.0691 10868 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    11:03:36.0693 10868 i8042prt - ok
    11:03:36.0713 10868 iastor - ok
    11:03:36.0768 10868 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    11:03:36.0772 10868 iaStorV - ok
    11:03:36.0852 10868 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    11:03:36.0861 10868 idsvc - ok
    11:03:36.0994 10868 IDSyncService (666bef960200517df9c56fd019d8047d) C:\IDSync\IDSyncService.exe
    11:03:36.0996 10868 IDSyncService - ok
    11:03:37.0208 10868 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    11:03:37.0232 10868 iirsp - ok
    11:03:37.0373 10868 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    11:03:37.0382 10868 IKEEXT - ok
    11:03:37.0441 10868 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    11:03:37.0442 10868 intelide - ok
    11:03:37.0632 10868 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    11:03:37.0634 10868 intelppm - ok
    11:03:37.0693 10868 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    11:03:37.0717 10868 IPBusEnum - ok
    11:03:37.0751 10868 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:03:37.0752 10868 IpFilterDriver - ok
    11:03:37.0801 10868 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    11:03:37.0804 10868 IPMIDRV - ok
    11:03:37.0833 10868 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    11:03:37.0859 10868 IPNAT - ok
    11:03:37.0954 10868 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
    11:03:37.0963 10868 iPod Service - ok
    11:03:38.0048 10868 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    11:03:38.0051 10868 IRENUM - ok
    11:03:38.0216 10868 irqarmaw - ok
    11:03:38.0333 10868 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    11:03:38.0347 10868 isapnp - ok
    11:03:38.0381 10868 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    11:03:38.0417 10868 iScsiPrt - ok
    11:03:38.0554 10868 ISODisk (96f2f5884d02535e2d4dfc849836f4a6) C:\Windows\system32\drivers\ISODisk.sys
    11:03:38.0556 10868 ISODisk - ok
    11:03:38.0723 10868 iviaspi - ok
    11:03:38.0863 10868 jgubkche - ok
    11:03:38.0902 10868 jnlvhsra - ok
    11:03:38.0949 10868 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:03:38.0951 10868 kbdclass - ok
    11:03:39.0019 10868 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:03:39.0032 10868 kbdhid - ok
    11:03:39.0074 10868 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    11:03:39.0076 10868 KeyIso - ok
    11:03:39.0171 10868 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    11:03:39.0174 10868 KSecDD - ok
    11:03:39.0222 10868 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    11:03:39.0224 10868 KSecPkg - ok
    11:03:39.0319 10868 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    11:03:39.0354 10868 KtmRm - ok
    11:03:39.0432 10868 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
    11:03:39.0451 10868 LanmanServer - ok
    11:03:39.0542 10868 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    11:03:39.0592 10868 LanmanWorkstation - ok
    11:03:39.0689 10868 LC7981 - ok
    11:03:39.0713 10868 lkqtjhjr - ok
    11:03:39.0759 10868 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    11:03:39.0767 10868 lltdio - ok
    11:03:39.0809 10868 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    11:03:39.0814 10868 lltdsvc - ok
    11:03:39.0823 10868 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    11:03:39.0826 10868 lmhosts - ok
    11:03:39.0859 10868 LRMINIPORT - ok
    11:03:39.0892 10868 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:03:39.0893 10868 LSI_FC - ok
    11:03:39.0921 10868 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:03:39.0922 10868 LSI_SAS - ok
    11:03:40.0102 10868 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:03:40.0103 10868 LSI_SAS2 - ok
    11:03:40.0133 10868 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:03:40.0136 10868 LSI_SCSI - ok
    11:03:40.0177 10868 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    11:03:40.0178 10868 luafv - ok
    11:03:40.0288 10868 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
    11:03:40.0289 10868 MBAMProtector - ok
    11:03:40.0374 10868 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    11:03:40.0378 10868 MBAMService - ok
    11:03:40.0504 10868 mcaayfmg - ok
    11:03:40.0608 10868 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    11:03:40.0624 10868 Mcx2Svc - ok
    11:03:40.0876 10868 mdf16 (b066b4b2910c670530b63d5e924e8a2b) C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys
    11:03:40.0882 10868 mdf16 - ok
    11:03:41.0048 10868 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    11:03:41.0052 10868 MDM - ok
    11:03:41.0152 10868 MegacloudVSSService (cf4f14c068e9393f6321198ab9c7adbb) C:\Program Files\Megacloud\VSSService.exe
    11:03:41.0152 10868 MegacloudVSSService - ok
    11:03:41.0342 10868 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    11:03:41.0354 10868 megasas - ok
    11:03:41.0512 10868 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:03:41.0554 10868 MegaSR - ok
    11:03:41.0674 10868 Microsoft SharePoint Workspace Audit Service - ok
    11:03:41.0746 10868 mjjbyqgs - ok
    11:03:41.0787 10868 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    11:03:41.0789 10868 MMCSS - ok
    11:03:41.0834 10868 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    11:03:41.0836 10868 Modem - ok
    11:03:41.0874 10868 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    11:03:41.0876 10868 monitor - ok
    11:03:41.0917 10868 motccgp (0bc43805b6da0d7d4f99c737839fc9ec) C:\Windows\system32\DRIVERS\motccgp.sys
    11:03:41.0918 10868 motccgp - ok
    11:03:42.0083 10868 motccgpfl (1b3720c4d16904756d49ef306706b978) C:\Windows\system32\DRIVERS\motccgpfl.sys
    11:03:42.0084 10868 motccgpfl - ok
    11:03:42.0136 10868 motmodem (11b8118f538b579488e7645b2578e544) C:\Windows\system32\DRIVERS\motmodem.sys
    11:03:42.0138 10868 motmodem - ok
    11:03:42.0258 10868 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    11:03:42.0259 10868 MotoHelper - ok
    11:03:42.0303 10868 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
    11:03:42.0304 10868 MotoSwitchService - ok
    11:03:42.0376 10868 Motousbnet (5073ed2d13d77f89df99caaa72e23526) C:\Windows\system32\DRIVERS\Motousbnet.sys
    11:03:42.0377 10868 Motousbnet - ok
    11:03:42.0456 10868 motusbdevice (f780c53d98a0aad28f5b7403b184aea1) C:\Windows\system32\DRIVERS\motusbdevice.sys
    11:03:42.0457 10868 motusbdevice - ok
    11:03:42.0498 10868 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    11:03:42.0499 10868 mouclass - ok
    11:03:42.0536 10868 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    11:03:42.0537 10868 mouhid - ok
    11:03:42.0566 10868 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    11:03:42.0567 10868 mountmgr - ok
    11:03:42.0622 10868 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    11:03:42.0624 10868 MpFilter - ok
    11:03:42.0673 10868 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    11:03:42.0676 10868 mpio - ok
    11:03:42.0732 10868 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    11:03:42.0736 10868 MpNWMon - ok
    11:03:42.0792 10868 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    11:03:42.0793 10868 mpsdrv - ok
    11:03:42.0833 10868 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    11:03:42.0836 10868 MRxDAV - ok
    11:03:42.0887 10868 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:03:42.0888 10868 mrxsmb - ok
    11:03:42.0947 10868 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:03:42.0949 10868 mrxsmb10 - ok
    11:03:42.0963 10868 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:03:42.0964 10868 mrxsmb20 - ok
    11:03:43.0002 10868 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    11:03:43.0003 10868 msahci - ok
    11:03:43.0121 10868 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    11:03:43.0122 10868 MSCamSvc - ok
    11:03:43.0228 10868 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    11:03:43.0229 10868 msdsm - ok
    11:03:43.0283 10868 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    11:03:43.0287 10868 MSDTC - ok
    11:03:43.0334 10868 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    11:03:43.0336 10868 Msfs - ok
    11:03:43.0351 10868 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    11:03:43.0352 10868 mshidkmdf - ok
    11:03:43.0404 10868 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\Windows\system32\Drivers\nx6000.sys
    11:03:43.0406 10868 MSHUSBVideo - ok
    11:03:43.0448 10868 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    11:03:43.0449 10868 msisadrv - ok
    11:03:43.0512 10868 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    11:03:43.0514 10868 MSiSCSI - ok
    11:03:43.0522 10868 msiserver - ok
    11:03:43.0572 10868 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    11:03:43.0573 10868 MSKSSRV - ok
    11:03:43.0644 10868 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    11:03:43.0646 10868 MsMpSvc - ok
    11:03:43.0676 10868 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:03:43.0677 10868 MSPCLOCK - ok
    11:03:43.0704 10868 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    11:03:43.0706 10868 MSPQM - ok
    11:03:43.0763 10868 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    11:03:43.0766 10868 MsRPC - ok
    11:03:43.0797 10868 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    11:03:43.0798 10868 mssmbios - ok
    11:03:43.0814 10868 MSSQL$AUTODESKVAULT - ok
    11:03:43.0868 10868 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    11:03:43.0869 10868 MSTEE - ok
    11:03:43.0929 10868 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:03:43.0931 10868 MTConfig - ok
    11:03:43.0993 10868 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
    11:03:43.0994 10868 MTsensor - ok
    11:03:44.0008 10868 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    11:03:44.0009 10868 Mup - ok
    11:03:44.0099 10868 mvd22 (8405a99d3e250eb017fe7a0dc3a9ffc0) C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys
    11:03:44.0101 10868 mvd22 - ok
    11:03:44.0116 10868 myhxbxgn - ok
    11:03:44.0126 10868 mzmslejl - ok
    11:03:44.0163 10868 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    11:03:44.0168 10868 napagent - ok
    11:03:44.0228 10868 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    11:03:44.0232 10868 NativeWifiP - ok
    11:03:44.0313 10868 ndassvc - ok
    11:03:44.0342 10868 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    11:03:44.0349 10868 NDIS - ok
    11:03:44.0366 10868 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:03:44.0367 10868 NdisCap - ok
    11:03:44.0424 10868 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:03:44.0426 10868 NdisTapi - ok
    11:03:44.0467 10868 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:03:44.0468 10868 Ndisuio - ok
    11:03:44.0506 10868 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:03:44.0508 10868 NdisWan - ok
    11:03:44.0566 10868 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    11:03:44.0567 10868 NDProxy - ok
    11:03:44.0593 10868 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    11:03:44.0594 10868 NetBIOS - ok
    11:03:44.0628 10868 NetBT (7f52ab76dccbab60c8a8337f400dbbc6) C:\Windows\system32\DRIVERS\netbt.sys
    11:03:44.0632 10868 NetBT ( Virus.Win32.ZAccess.k ) - infected
    11:03:44.0632 10868 NetBT - detected Virus.Win32.ZAccess.k (0)
    11:03:44.0674 10868 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    11:03:44.0676 10868 Netlogon - ok
    11:03:44.0733 10868 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    11:03:44.0738 10868 Netman - ok
    11:03:44.0859 10868 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    11:03:44.0886 10868 NetMsmqActivator - ok
    11:03:44.0908 10868 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    11:03:44.0909 10868 NetPipeActivator - ok
    11:03:44.0991 10868 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    11:03:44.0997 10868 netprofm - ok
    11:03:45.0038 10868 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    11:03:45.0039 10868 NetTcpActivator - ok
    11:03:45.0046 10868 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    11:03:45.0047 10868 NetTcpPortSharing - ok
    11:03:45.0121 10868 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:03:45.0122 10868 nfrd960 - ok
    11:03:45.0132 10868 nglygumz - ok
    11:03:45.0166 10868 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    11:03:45.0167 10868 NisDrv - ok
    11:03:45.0218 10868 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
     
  10. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    11:03:45.0219 10868 NisSrv - ok
    11:03:45.0258 10868 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    11:03:45.0262 10868 NlaSvc - ok
    11:03:45.0313 10868 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys
    11:03:45.0314 10868 nmwcd - ok
    11:03:45.0437 10868 nmwcdc (7312987b6ccde6f6cee32c14bed1ca2e) C:\Windows\system32\drivers\ccdcmbo.sys
    11:03:45.0446 10868 nmwcdc - ok
    11:03:45.0518 10868 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    11:03:45.0519 10868 Npfs - ok
    11:03:45.0552 10868 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    11:03:45.0554 10868 nsi - ok
    11:03:45.0594 10868 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    11:03:45.0596 10868 nsiproxy - ok
    11:03:45.0653 10868 ntcdrdrv (a5627bf1b0f901e66ce0b3ec657cbf25) C:\Windows\system32\DRIVERS\ntcdrdrv.sys
    11:03:45.0654 10868 ntcdrdrv - ok
    11:03:45.0731 10868 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    11:03:45.0744 10868 Ntfs - ok
    11:03:45.0893 10868 NuidFltr (9620a1d8160a550f064bbaf48d0f97cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
    11:03:45.0894 10868 NuidFltr - ok
    11:03:45.0926 10868 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    11:03:45.0926 10868 Null - ok
    11:03:45.0942 10868 nvcap - ok
    11:03:45.0977 10868 nvedavt (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\nipsvc.dll
    11:03:46.0029 10868 Suspicious file (NoAccess): C:\Windows\system32\nipsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
    11:03:46.0029 10868 nvedavt ( Backdoor.Multi.ZAccess.gen ) - infected
    11:03:46.0029 10868 nvedavt - detected Backdoor.Multi.ZAccess.gen (0)
    11:03:46.0461 10868 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    11:03:46.0613 10868 nvlddmkm - ok
    11:03:46.0738 10868 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    11:03:46.0742 10868 nvraid - ok
    11:03:46.0765 10868 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    11:03:46.0767 10868 nvstor - ok
    11:03:46.0818 10868 NVSvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
    11:03:46.0825 10868 NVSvc - ok
    11:03:47.0001 10868 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    11:03:47.0047 10868 nvUpdatusService - ok
    11:03:47.0218 10868 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    11:03:47.0222 10868 nv_agp - ok
    11:03:47.0231 10868 nwlnkipx - ok
    11:03:47.0248 10868 odrjidqo - ok
    11:03:47.0261 10868 oentpmve - ok
    11:03:47.0290 10868 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    11:03:47.0291 10868 ohci1394 - ok
    11:03:47.0307 10868 ohtgvpls - ok
    11:03:47.0375 10868 omnfwvux - ok
    11:03:47.0381 10868 oostygzp - ok
    11:03:47.0482 10868 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:03:47.0485 10868 ose - ok
    11:03:47.0628 10868 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    11:03:47.0672 10868 osppsvc - ok
    11:03:47.0787 10868 p2k (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\fastfat.dll
    11:03:47.0795 10868 Suspicious file (NoAccess): C:\Windows\system32\fastfat.dll. md5: 11028c6a84a967070cb1286550f2058f
    11:03:47.0795 10868 p2k ( Backdoor.Multi.ZAccess.gen ) - infected
    11:03:47.0795 10868 p2k - detected Backdoor.Multi.ZAccess.gen (0)
    11:03:47.0853 10868 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    11:03:47.0860 10868 p2pimsvc - ok
    11:03:47.0881 10868 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    11:03:47.0887 10868 p2psvc - ok
    11:03:47.0926 10868 paamsrv - ok
    11:03:47.0967 10868 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    11:03:47.0970 10868 Parport - ok
    11:03:48.0068 10868 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    11:03:48.0070 10868 partmgr - ok
    11:03:48.0083 10868 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    11:03:48.0085 10868 Parvdm - ok
    11:03:48.0121 10868 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    11:03:48.0125 10868 PcaSvc - ok
    11:03:48.0190 10868 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    11:03:48.0191 10868 pccsmcfd - ok
    11:03:48.0231 10868 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    11:03:48.0233 10868 pci - ok
    11:03:48.0251 10868 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    11:03:48.0252 10868 pciide - ok
    11:03:48.0261 10868 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:03:48.0263 10868 pcmcia - ok
    11:03:48.0281 10868 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    11:03:48.0282 10868 pcw - ok
    11:03:48.0390 10868 pcx1nd5 - ok
    11:03:48.0448 10868 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    11:03:48.0455 10868 PEAUTH - ok
    11:03:48.0526 10868 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    11:03:48.0541 10868 PeerDistSvc - ok
    11:03:48.0707 10868 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    11:03:48.0732 10868 pla - ok
    11:03:48.0955 10868 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    11:03:48.0967 10868 PlugPlay - ok
    11:03:49.0098 10868 Pml Driver HPZ12 (379f7a0ec9fbe07629fd3f244d3e3e44) C:\Windows\system32\HPZipm12.dll
    11:03:49.0101 10868 Pml Driver HPZ12 - ok
    11:03:49.0162 10868 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    11:03:49.0176 10868 PNRPAutoReg - ok
    11:03:49.0227 10868 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    11:03:49.0231 10868 PNRPsvc - ok
    11:03:49.0421 10868 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
    11:03:49.0431 10868 Point32 - ok
    11:03:49.0527 10868 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    11:03:49.0562 10868 PolicyAgent - ok
    11:03:49.0676 10868 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    11:03:49.0685 10868 Power - ok
    11:03:49.0811 10868 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    11:03:49.0822 10868 PptpMiniport - ok
    11:03:50.0055 10868 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    11:03:50.0066 10868 Processor - ok
    11:03:50.0108 10868 procexp100 - ok
    11:03:50.0195 10868 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    11:03:50.0206 10868 ProfSvc - ok
    11:03:50.0325 10868 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    11:03:50.0326 10868 ProtectedStorage - ok
    11:03:50.0475 10868 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    11:03:50.0491 10868 Psched - ok
    11:03:50.0537 10868 pxctjdxj - ok
    11:03:50.0586 10868 qbgpwvsl (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\qbgpwvsl.sys
    11:03:50.0592 10868 qbgpwvsl - ok
    11:03:50.0771 10868 qhyymwib - ok
    11:03:51.0051 10868 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    11:03:51.0081 10868 ql2300 - ok
    11:03:51.0291 10868 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:03:51.0305 10868 ql40xx - ok
    11:03:51.0512 10868 qmhwivaz - ok
    11:03:51.0585 10868 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    11:03:51.0636 10868 QWAVE - ok
    11:03:51.0830 10868 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    11:03:51.0832 10868 QWAVEdrv - ok
    11:03:51.0916 10868 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    11:03:51.0926 10868 RasAcd - ok
    11:03:52.0056 10868 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:03:52.0061 10868 RasAgileVpn - ok
    11:03:52.0171 10868 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    11:03:52.0202 10868 RasAuto - ok
    11:03:52.0330 10868 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:03:52.0338 10868 Rasl2tp - ok
    11:03:52.0472 10868 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    11:03:52.0487 10868 RasMan - ok
    11:03:52.0773 10868 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:03:52.0785 10868 RasPppoe - ok
    11:03:52.0948 10868 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    11:03:52.0961 10868 RasSstp - ok
    11:03:53.0107 10868 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    11:03:53.0111 10868 rdbss - ok
    11:03:53.0312 10868 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:03:53.0325 10868 rdpbus - ok
    11:03:53.0448 10868 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:03:53.0473 10868 RDPCDD - ok
    11:03:53.0517 10868 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    11:03:53.0532 10868 RDPDR - ok
    11:03:53.0605 10868 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    11:03:53.0620 10868 RDPENCDD - ok
    11:03:53.0712 10868 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    11:03:53.0717 10868 RDPREFMP - ok
    11:03:53.0831 10868 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
    11:03:53.0840 10868 RdpVideoMiniport - ok
    11:03:53.0898 10868 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
    11:03:53.0907 10868 RDPWD - ok
    11:03:54.0108 10868 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    11:03:54.0111 10868 rdyboost - ok
    11:03:54.0226 10868 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    11:03:54.0238 10868 RemoteAccess - ok
    11:03:54.0306 10868 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    11:03:54.0311 10868 RemoteRegistry - ok
    11:03:54.0347 10868 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    11:03:54.0363 10868 RFCOMM - ok
    11:03:54.0522 10868 RichVideo (788bc2196086cc830442ec2d6d847666) C:\Program Files\CyberLink\Shared files\RichVideo.exe
    11:03:54.0523 10868 RichVideo - ok
    11:03:54.0637 10868 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    11:03:54.0653 10868 RpcEptMapper - ok
    11:03:54.0752 10868 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    11:03:54.0770 10868 RpcLocator - ok
    11:03:54.0816 10868 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    11:03:54.0820 10868 RpcSs - ok
    11:03:54.0922 10868 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    11:03:54.0938 10868 rspndr - ok
    11:03:54.0996 10868 ruvxtwxa - ok
    11:03:55.0012 10868 rzgttibq - ok
    11:03:55.0090 10868 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    11:03:55.0102 10868 s3cap - ok
    11:03:55.0191 10868 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    11:03:55.0192 10868 SamSs - ok
    11:03:55.0443 10868 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
    11:03:55.0500 10868 SBAMSvc - ok
    11:03:55.0612 10868 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys
    11:03:55.0613 10868 sbapifs - ok
    11:03:55.0690 10868 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
    11:03:55.0698 10868 SbFw - ok
    11:03:55.0735 10868 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
    11:03:55.0737 10868 SBFWIMCL - ok
    11:03:55.0755 10868 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
    11:03:55.0756 10868 SBFWIMCLMP - ok
    11:03:55.0798 10868 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
    11:03:55.0800 10868 sbhips - ok
    11:03:56.0023 10868 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    11:03:56.0036 10868 sbp2port - ok
    11:03:56.0157 10868 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
    11:03:56.0163 10868 SBRE - ok
    11:03:56.0362 10868 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
    11:03:56.0375 10868 SbTis - ok
    11:03:56.0465 10868 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    11:03:56.0481 10868 SCardSvr - ok
    11:03:56.0587 10868 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    11:03:56.0588 10868 scfilter - ok
    11:03:56.0670 10868 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    11:03:56.0691 10868 Schedule - ok
    11:03:56.0723 10868 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    11:03:56.0725 10868 SCPolicySvc - ok
    11:03:56.0861 10868 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    11:03:56.0876 10868 SDRSVC - ok
    11:03:56.0940 10868 se59unic - ok
    11:03:57.0036 10868 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    11:03:57.0038 10868 SeaPort - ok
    11:03:57.0230 10868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    11:03:57.0231 10868 secdrv - ok
    11:03:57.0288 10868 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    11:03:57.0305 10868 seclogon - ok
    11:03:57.0348 10868 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    11:03:57.0362 10868 SENS - ok
    11:03:57.0376 10868 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    11:03:57.0392 10868 SensrSvc - ok
    11:03:57.0442 10868 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    11:03:57.0443 10868 Serenum - ok
    11:03:57.0493 10868 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    11:03:57.0495 10868 Serial - ok
    11:03:57.0546 10868 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    11:03:57.0547 10868 sermouse - ok
    11:03:57.0730 10868 ServiceLayer (12b41d84a4d058adc60853c365dbfcca) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    11:03:57.0825 10868 ServiceLayer - ok
    11:03:57.0998 10868 servidor - ok
    11:03:58.0058 10868 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    11:03:58.0070 10868 SessionEnv - ok
    11:03:58.0131 10868 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    11:03:58.0147 10868 sffdisk - ok
    11:03:58.0217 10868 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    11:03:58.0232 10868 sffp_mmc - ok
    11:03:58.0330 10868 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    11:03:58.0333 10868 sffp_sd - ok
    11:03:58.0391 10868 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:03:58.0392 10868 sfloppy - ok
    11:03:58.0430 10868 SGIR (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\tbiosdrv.dll
    11:03:58.0443 10868 Suspicious file (NoAccess): C:\Windows\system32\tbiosdrv.dll. md5: 11028c6a84a967070cb1286550f2058f
    11:03:58.0443 10868 SGIR ( Backdoor.Multi.ZAccess.gen ) - infected
    11:03:58.0443 10868 SGIR - detected Backdoor.Multi.ZAccess.gen (0)
    11:03:58.0502 10868 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    11:03:58.0507 10868 SharedAccess - ok
    11:03:58.0577 10868 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    11:03:58.0583 10868 ShellHWDetection - ok
    11:03:58.0645 10868 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    11:03:58.0646 10868 sisagp - ok
    11:03:58.0713 10868 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:03:58.0715 10868 SiSRaid2 - ok
    11:03:58.0738 10868 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:03:58.0740 10868 SiSRaid4 - ok
    11:03:58.0851 10868 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
    11:03:58.0868 10868 SkypeUpdate - ok
    11:03:59.0105 10868 SmartDefragDriver (bf302072dc8374cf4e118fd88aa817a2) C:\Windows\system32\Drivers\SmartDefragDriver.sys
    11:03:59.0107 10868 SmartDefragDriver - ok
    11:03:59.0178 10868 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    11:03:59.0193 10868 Smb - ok
    11:03:59.0431 10868 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    11:03:59.0463 10868 SNMPTRAP - ok
    11:03:59.0581 10868 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    11:03:59.0583 10868 spldr - ok
    11:03:59.0677 10868 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    11:03:59.0682 10868 Spooler - ok
    11:03:59.0828 10868 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    11:03:59.0862 10868 sppsvc - ok
    11:03:59.0941 10868 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    11:03:59.0955 10868 sppuinotify - ok
    11:04:00.0040 10868 sprtsvc_dellsupportcenter - ok
    11:04:00.0103 10868 srkqcgyr - ok
    11:04:00.0208 10868 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    11:04:00.0215 10868 srv - ok
    11:04:00.0323 10868 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    11:04:00.0330 10868 srv2 - ok
    11:04:00.0448 10868 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    11:04:00.0457 10868 srvnet - ok
    11:04:00.0575 10868 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    11:04:00.0578 10868 SSDPSRV - ok
    11:04:00.0633 10868 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    11:04:00.0637 10868 SstpSvc - ok
    11:04:00.0703 10868 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    11:04:00.0705 10868 stexstor - ok
    11:04:00.0768 10868 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    11:04:00.0776 10868 StiSvc - ok
    11:04:00.0847 10868 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    11:04:00.0863 10868 storflt - ok
    11:04:00.0953 10868 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    11:04:00.0955 10868 storvsc - ok
    11:04:01.0026 10868 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    11:04:01.0027 10868 swenum - ok
    11:04:01.0225 10868 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    11:04:01.0322 10868 SwitchBoard - ok
    11:04:01.0530 10868 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    11:04:01.0552 10868 swprv - ok
    11:04:01.0646 10868 Synth3dVsc - ok
    11:04:01.0752 10868 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    11:04:01.0772 10868 SysMain - ok
    11:04:01.0991 10868 SZASSIST (2902b85d0dc9ce43d76660c128d8908a) C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
    11:04:01.0991 10868 SZASSIST - ok
    11:04:02.0370 10868 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    11:04:02.0402 10868 TabletInputService - ok
    11:04:02.0501 10868 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
    11:04:02.0512 10868 taphss - ok
    11:04:02.0668 10868 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    11:04:02.0702 10868 TapiSrv - ok
    11:04:02.0791 10868 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    11:04:02.0801 10868 TBS - ok
    11:04:02.0901 10868 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    11:04:02.0927 10868 Tcpip - ok
    11:04:03.0010 10868 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    11:04:03.0022 10868 TCPIP6 - ok
    11:04:03.0116 10868 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    11:04:03.0119 10868 tcpipreg - ok
    11:04:03.0171 10868 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    11:04:03.0174 10868 TDPIPE - ok
    11:04:03.0236 10868 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    11:04:03.0244 10868 TDTCP - ok
    11:04:03.0344 10868 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    11:04:03.0346 10868 tdx - ok
    11:04:03.0381 10868 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    11:04:03.0384 10868 TermDD - ok
    11:04:03.0429 10868 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    11:04:03.0437 10868 TermService - ok
    11:04:03.0471 10868 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    11:04:03.0475 10868 Themes - ok
    11:04:03.0511 10868 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    11:04:03.0514 10868 THREADORDER - ok
    11:04:03.0596 10868 tmyeytbk - ok
    11:04:03.0772 10868 tm_cfw - ok
    11:04:03.0894 10868 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    11:04:03.0895 10868 TomTomHOMEService - ok
    11:04:03.0944 10868 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    11:04:03.0964 10868 TrkWks - ok
    11:04:04.0027 10868 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    11:04:04.0030 10868 TrustedInstaller - ok
    11:04:04.0149 10868 tsdhd (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\KMW_SYS.dll
    11:04:04.0156 10868 Suspicious file (NoAccess): C:\Windows\system32\KMW_SYS.dll. md5: 11028c6a84a967070cb1286550f2058f
    11:04:04.0156 10868 tsdhd ( Backdoor.Multi.ZAccess.gen ) - infected
    11:04:04.0156 10868 tsdhd - detected Backdoor.Multi.ZAccess.gen (0)
    11:04:04.0190 10868 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:04:04.0191 10868 tssecsrv - ok
    11:04:04.0239 10868 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    11:04:04.0241 10868 TsUsbFlt - ok
    11:04:04.0249 10868 tsusbhub - ok
    11:04:04.0435 10868 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    11:04:04.0437 10868 tunnel - ok
    11:04:04.0579 10868 TVECapSvc (ad4ec2140d66f0259ee018d2b759217a) C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
    11:04:04.0582 10868 TVECapSvc - ok
    11:04:04.0589 10868 TVESched (7efaad0edfa32d9fe0ccad24008fcad9) C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
    11:04:04.0590 10868 TVESched - ok
    11:04:04.0651 10868 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    11:04:04.0654 10868 uagp35 - ok
    11:04:04.0746 10868 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    11:04:04.0755 10868 udfs - ok
    11:04:04.0824 10868 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    11:04:04.0836 10868 UI0Detect - ok
    11:04:04.0845 10868 ujpmglgd - ok
    11:04:04.0904 10868 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    11:04:04.0905 10868 uliagpkx - ok
    11:04:05.0015 10868 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    11:04:05.0016 10868 umbus - ok
    11:04:05.0059 10868 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    11:04:05.0060 10868 UmPass - ok
    11:04:05.0142 10868 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    11:04:05.0162 10868 UmRdpService - ok
    11:04:05.0289 10868 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
    11:04:05.0289 10868 UnlockerDriver5 - ok
    11:04:05.0415 10868 unrealircd - ok
    11:04:05.0501 10868 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    11:04:05.0516 10868 upnphost - ok
    11:04:05.0659 10868 upperdev (7062ed67a10f1c83b2ab951736e24f11) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
    11:04:05.0660 10868 upperdev - ok
    11:04:05.0699 10868 uqgovcpe - ok
    11:04:05.0769 10868 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    11:04:05.0770 10868 usbaudio - ok
    11:04:05.0810 10868 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:04:05.0812 10868 usbccgp - ok
    11:04:05.0856 10868 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    11:04:05.0857 10868 usbcir - ok
    11:04:05.0877 10868 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    11:04:05.0880 10868 usbehci - ok
    11:04:05.0911 10868 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    11:04:05.0914 10868 usbhub - ok
    11:04:05.0937 10868 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    11:04:05.0939 10868 usbohci - ok
    11:04:05.0989 10868 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    11:04:05.0990 10868 usbprint - ok
    11:04:06.0046 10868 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
    11:04:06.0049 10868 usbser - ok
    11:04:06.0105 10868 UsbserFilt (b76d8039f5b595c4ca551b3d5dd15a98) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
    11:04:06.0107 10868 UsbserFilt - ok
    11:04:06.0140 10868 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:04:06.0142 10868 USBSTOR - ok
    11:04:06.0189 10868 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    11:04:06.0191 10868 usbuhci - ok
    11:04:06.0270 10868 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
    11:04:06.0272 10868 usbvideo - ok
    11:04:06.0329 10868 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    11:04:06.0331 10868 UxSms - ok
    11:04:06.0342 10868 uywyvisi - ok
    11:04:06.0374 10868 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    11:04:06.0375 10868 VaultSvc - ok
    11:04:06.0422 10868 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    11:04:06.0424 10868 vdrvroot - ok
    11:04:06.0467 10868 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    11:04:06.0475 10868 vds - ok
    11:04:06.0510 10868 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:04:06.0511 10868 vga - ok
    11:04:06.0577 10868 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    11:04:06.0579 10868 VgaSave - ok
    11:04:06.0614 10868 VGPU - ok
    11:04:06.0650 10868 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    11:04:06.0652 10868 vhdmp - ok
    11:04:06.0695 10868 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    11:04:06.0697 10868 viaagp - ok
    11:04:06.0722 10868 viaagp1 - ok
    11:04:06.0765 10868 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    11:04:06.0766 10868 ViaC7 - ok
    11:04:06.0804 10868 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    11:04:06.0805 10868 viaide - ok
    11:04:06.0860 10868 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    11:04:06.0861 10868 vmbus - ok
    11:04:06.0890 10868 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    11:04:06.0891 10868 VMBusHID - ok
    11:04:06.0937 10868 vmm (c01604eaea9c89035cff58cdb322476c) C:\Windows\system32\Drivers\vmm.sys
    11:04:06.0941 10868 vmm - ok
    11:04:06.0965 10868 vmskvhis - ok
    11:04:06.0984 10868 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    11:04:06.0986 10868 volmgr - ok
    11:04:07.0035 10868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    11:04:07.0039 10868 volmgrx - ok
    11:04:07.0161 10868 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    11:04:07.0177 10868 volsnap - ok
    11:04:07.0322 10868 vsdatant - ok
    11:04:07.0432 10868 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:04:07.0435 10868 vsmraid - ok
    11:04:07.0481 10868 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    11:04:07.0492 10868 VSS - ok
    11:04:07.0509 10868 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    11:04:07.0510 10868 vwifibus - ok
    11:04:07.0669 10868 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    11:04:07.0682 10868 vwififlt - ok
    11:04:07.0822 10868 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
    11:04:07.0824 10868 vwifimp - ok
    11:04:07.0877 10868 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    11:04:07.0884 10868 W32Time - ok
    11:04:07.0931 10868 W700mdfl (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\modemcsa.dll
    11:04:07.0942 10868 Suspicious file (NoAccess): C:\Windows\system32\modemcsa.dll. md5: 11028c6a84a967070cb1286550f2058f
    11:04:07.0942 10868 W700mdfl ( Backdoor.Multi.ZAccess.gen ) - infected
    11:04:07.0942 10868 W700mdfl - detected Backdoor.Multi.ZAccess.gen (0)
    11:04:07.0997 10868 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    11:04:07.0999 10868 WacomPen - ok
    11:04:08.0039 10868 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    11:04:08.0040 10868 WANARP - ok
    11:04:08.0044 10868 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    11:04:08.0045 10868 Wanarpv6 - ok
    11:04:08.0097 10868 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    11:04:08.0111 10868 wbengine - ok
    11:04:08.0157 10868 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    11:04:08.0162 10868 WbioSrvc - ok
    11:04:08.0231 10868 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    11:04:08.0247 10868 wcncsvc - ok
    11:04:08.0441 10868 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    11:04:08.0451 10868 WcsPlugInService - ok
    11:04:08.0561 10868 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    11:04:08.0562 10868 Wd - ok
    11:04:08.0614 10868 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
    11:04:08.0615 10868 WDC_SAM - ok
    11:04:08.0675 10868 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    11:04:08.0680 10868 Wdf01000 - ok
    11:04:08.0730 10868 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    11:04:08.0734 10868 WdiServiceHost - ok
    11:04:08.0737 10868 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    11:04:08.0740 10868 WdiSystemHost - ok
    11:04:08.0775 10868 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    11:04:08.0780 10868 WebClient - ok
    11:04:08.0797 10868 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    11:04:08.0802 10868 Wecsvc - ok
    11:04:08.0846 10868 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    11:04:08.0855 10868 wercplsupport - ok
    11:04:09.0042 10868 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    11:04:09.0046 10868 WerSvc - ok
    11:04:09.0134 10868 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:04:09.0144 10868 WfpLwf - ok
    11:04:09.0327 10868 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    11:04:09.0340 10868 WIMMount - ok
    11:04:09.0382 10868 WinHttpAutoProxySvc - ok
    11:04:09.0544 10868 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    11:04:09.0546 10868 Winmgmt - ok
    11:04:09.0767 10868 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    11:04:09.0812 10868 WinRM - ok
    11:04:10.0022 10868 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
    11:04:10.0024 10868 WinUsb - ok
    11:04:10.0070 10868 wiqcqshl - ok
    11:04:10.0162 10868 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    11:04:10.0192 10868 Wlansvc - ok
    11:04:10.0330 10868 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    11:04:10.0335 10868 wlcrasvc - ok
    11:04:10.0540 10868 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    11:04:10.0550 10868 wlidsvc - ok
    11:04:10.0679 10868 wluefyoa - ok
    11:04:10.0721 10868 wmccds - ok
    11:04:10.0762 10868 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    11:04:10.0772 10868 WmiAcpi - ok
    11:04:10.0860 10868 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    11:04:10.0862 10868 wmiApSrv - ok
    11:04:10.0987 10868 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    11:04:10.0994 10868 WMPNetworkSvc - ok
    11:04:11.0079 10868 WMZuneComm (017695393afffed8de58abd1b085be6d) C:\Program Files\Zune1\WMZuneComm.exe
    11:04:11.0085 10868 WMZuneComm - ok
    11:04:11.0174 10868 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    11:04:11.0190 10868 WPCSvc - ok
    11:04:11.0267 10868 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    11:04:11.0271 10868 WPDBusEnum - ok
    11:04:11.0380 10868 wrapper (9e44162625028965c3a9880ba8dd1b25) C:\Program Files\theSkyNet\wrapper-windows-x86-32.exe
    11:04:11.0384 10868 wrapper - ok
    11:04:11.0445 10868 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    11:04:11.0446 10868 ws2ifsl - ok
    11:04:11.0472 10868 WSearch - ok
    11:04:11.0571 10868 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    11:04:11.0597 10868 wuauserv - ok
    11:04:11.0646 10868 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    11:04:11.0647 10868 WudfPf - ok
    11:04:11.0670 10868 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:04:11.0672 10868 WUDFRd - ok
    11:04:11.0709 10868 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    11:04:11.0715 10868 wudfsvc - ok
    11:04:11.0756 10868 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    11:04:11.0772 10868 WwanSvc - ok
    11:04:11.0812 10868 xaaszano - ok
    11:04:11.0850 10868 XAMPP (16a004d355467e44d217dc4df62ec1e4) C:\xampp\service.exe
    11:04:11.0885 10868 XAMPP - ok
    11:04:11.0929 10868 xcnkzzti - ok
    11:04:11.0946 10868 zpcollector - ok
    11:04:12.0119 10868 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) C:\Program Files\Zune1\ZuneNss.exe
    11:04:12.0179 10868 ZuneNetworkSvc - ok
    11:04:12.0210 10868 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) C:\Program Files\Zune1\ZuneWlanCfgSvc.exe
    11:04:12.0216 10868 ZuneWlanCfgSvc - ok
    11:04:12.0316 10868 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    11:04:12.0350 10868 \Device\Harddisk0\DR0 - ok
    11:04:12.0354 10868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    11:04:12.0524 10868 \Device\Harddisk1\DR1 - ok
    11:04:12.0529 10868 Boot (0x1200) (df8a36e91a02a833ee08ec9f4e49b167) \Device\Harddisk0\DR0\Partition0
    11:04:12.0530 10868 \Device\Harddisk0\DR0\Partition0 - ok
    11:04:12.0554 10868 Boot (0x1200) (f9fe329eab3f6046c6eb2c9599506830) \Device\Harddisk0\DR0\Partition1
    11:04:12.0569 10868 \Device\Harddisk0\DR0\Partition1 - ok
    11:04:12.0571 10868 Boot (0x1200) (96fa954e79f7cdd00338b9a91c845f86) \Device\Harddisk1\DR1\Partition0
    11:04:12.0572 10868 \Device\Harddisk1\DR1\Partition0 - ok
    11:04:12.0574 10868 ============================================================
    11:04:12.0574 10868 Scan finished
    11:04:12.0574 10868 ============================================================
    11:04:12.0582 10632 Detected object count: 8
    11:04:12.0582 10632 Actual detected object count: 8
    11:05:23.0560 10632 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    11:05:23.0560 10632 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    11:05:23.0681 10632 C:\Windows\system32\mxnic.dll - copied to quarantine
    11:05:23.0692 10632 HKLM\SYSTEM\ControlSet001\services\atierecord - will be deleted on reboot
    11:05:23.0740 10632 HKLM\SYSTEM\ControlSet002\services\atierecord - will be deleted on reboot
    11:05:23.0872 10632 C:\Windows\system32\mxnic.dll - will be deleted on reboot
    11:05:23.0872 10632 atierecord ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    11:05:24.0021 10632 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
    11:05:25.0380 10632 C:\Windows\$NtUninstallKB23404$\1048025828\@ - copied to quarantine
    11:05:25.0414 10632 C:\Windows\$NtUninstallKB23404$\1048025828\L\xadqgnnk - copied to quarantine
    11:05:25.0466 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$00000001 - copied to quarantine
    11:05:25.0517 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$80000000 - copied to quarantine
    11:05:25.0582 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$800000cb - copied to quarantine
    11:05:25.0642 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$800000cf - copied to quarantine
    11:05:25.0664 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000c0 - copied to quarantine
    11:05:25.0724 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000cb - copied to quarantine
    11:05:25.0819 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000cf - copied to quarantine
    11:05:25.0861 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@800000c0 - copied to quarantine
    11:05:25.0917 10632 C:\Windows\$NtUninstallKB42131$\1048025828\@ - copied to quarantine
    11:05:25.0922 10632 C:\Windows\$NtUninstallKB42131$\1048025828\cfg.ini - copied to quarantine
    11:05:25.0926 10632 C:\Windows\$NtUninstallKB42131$\1048025828\Desktop.ini - copied to quarantine
    11:05:26.0001 10632 C:\Windows\$NtUninstallKB42131$\1048025828\L\xadqgnnk - copied to quarantine
    11:05:26.0064 10632 C:\Windows\$NtUninstallKB42131$\1048025828\oemid - copied to quarantine
    11:05:26.0084 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000001.@ - copied to quarantine
    11:05:26.0102 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000002.@ - copied to quarantine
    11:05:26.0127 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000004.@ - copied to quarantine
    11:05:26.0150 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000000.@ - copied to quarantine
    11:05:26.0186 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000004.@ - copied to quarantine
    11:05:26.0206 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000032.@ - copied to quarantine
    11:05:26.0261 10632 C:\Windows\$NtUninstallKB42131$\1048025828\version - copied to quarantine
    11:05:26.0355 10632 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813
    11:05:29.0535 10632 Backup copy found, using it..
    11:05:29.0824 10632 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
    11:05:32.0521 10632 C:\Windows\$NtUninstallKB23404$\1048025828\@ - will be deleted on reboot
    11:05:32.0522 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$00000001 - will be deleted on reboot
    11:05:32.0524 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$80000000 - will be deleted on reboot
    11:05:32.0524 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$800000cb - will be deleted on reboot
    11:05:32.0525 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$800000cf - will be deleted on reboot
    11:05:32.0525 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000c0 - will be deleted on reboot
    11:05:32.0525 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000cb - will be deleted on reboot
    11:05:32.0526 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000cf - will be deleted on reboot
    11:05:32.0526 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@800000c0 - will be deleted on reboot
    11:05:32.0527 10632 C:\Windows\$NtUninstallKB23404$\2616922789 - will be deleted on reboot
    11:05:32.0527 10632 C:\Windows\$NtUninstallKB42131$\1048025828\@ - will be deleted on reboot
    11:05:32.0529 10632 C:\Windows\$NtUninstallKB42131$\1048025828\cfg.ini - will be deleted on reboot
    11:05:32.0529 10632 C:\Windows\$NtUninstallKB42131$\1048025828\Desktop.ini - will be deleted on reboot
    11:05:32.0530 10632 C:\Windows\$NtUninstallKB42131$\1048025828\oemid - will be deleted on reboot
    11:05:32.0531 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000001.@ - will be deleted on reboot
    11:05:32.0531 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000002.@ - will be deleted on reboot
    11:05:32.0532 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000004.@ - will be deleted on reboot
    11:05:32.0532 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000000.@ - will be deleted on reboot
    11:05:32.0532 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000004.@ - will be deleted on reboot
    11:05:32.0534 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000032.@ - will be deleted on reboot
    11:05:32.0534 10632 C:\Windows\$NtUninstallKB42131$\1048025828\version - will be deleted on reboot
    11:05:32.0535 10632 C:\Windows\$NtUninstallKB42131$\3279782550 - will be deleted on reboot
    11:05:32.0536 10632 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
    11:05:32.0652 10632 C:\Windows\system32\nipsvc.dll - copied to quarantine
    11:05:32.0680 10632 HKLM\SYSTEM\ControlSet001\services\nvedavt - will be deleted on reboot
    11:05:32.0681 10632 HKLM\SYSTEM\ControlSet002\services\nvedavt - will be deleted on reboot
    11:05:32.0715 10632 C:\Windows\system32\nipsvc.dll - will be deleted on reboot
    11:05:32.0715 10632 nvedavt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    11:05:32.0777 10632 C:\Windows\system32\fastfat.dll - copied to quarantine
    11:05:32.0787 10632 HKLM\SYSTEM\ControlSet001\services\p2k - will be deleted on reboot
    11:05:32.0792 10632 C:\Windows\system32\fastfat.dll - will be deleted on reboot
    11:05:32.0792 10632 p2k ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    11:05:32.0839 10632 C:\Windows\system32\tbiosdrv.dll - copied to quarantine
    11:05:32.0850 10632 HKLM\SYSTEM\ControlSet001\services\SGIR - will be deleted on reboot
    11:05:32.0860 10632 HKLM\SYSTEM\ControlSet002\services\SGIR - will be deleted on reboot
    11:05:32.0865 10632 C:\Windows\system32\tbiosdrv.dll - will be deleted on reboot
    11:05:32.0865 10632 SGIR ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    11:05:32.0989 10632 C:\Windows\system32\KMW_SYS.dll - copied to quarantine
    11:05:33.0000 10632 HKLM\SYSTEM\ControlSet001\services\tsdhd - will be deleted on reboot
    11:05:33.0000 10632 HKLM\SYSTEM\ControlSet002\services\tsdhd - will be deleted on reboot
    11:05:33.0004 10632 C:\Windows\system32\KMW_SYS.dll - will be deleted on reboot
    11:05:33.0004 10632 tsdhd ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    11:05:33.0056 10632 C:\Windows\system32\modemcsa.dll - copied to quarantine
    11:05:33.0066 10632 HKLM\SYSTEM\ControlSet001\services\W700mdfl - will be deleted on reboot
    11:05:33.0067 10632 HKLM\SYSTEM\ControlSet002\services\W700mdfl - will be deleted on reboot
    11:05:33.0071 10632 C:\Windows\system32\modemcsa.dll - will be deleted on reboot
    11:05:33.0071 10632 W700mdfl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    11:05:54.0286 10772 Deinitialize success
     
  11. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Since running TDSSKiller MSE has picked up other viruses/Trojans Conedex.A, Alurean.FP and Osram!ots all in TDS quarantine. It has then automatically removed them.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    That's fine.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  13. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-17 11:55:38
    -----------------------------
    11:55:38.020 OS Version: Windows 6.1.7601 Service Pack 1
    11:55:38.020 Number of processors: 4 586 0xF0B
    11:55:38.024 ComputerName: CHEUNG-DESKTOP UserName: Cheung
    11:55:42.225 Initialize success
    12:01:46.862 AVAST engine defs: 12041601
    12:02:25.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    12:02:25.475 Disk 0 Vendor: Size: 0MB BusType: 0
    12:02:25.485 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6
    12:02:25.488 Disk 1 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476940MB BusType: 3
    12:02:25.516 Disk 0 MBR read successfully
    12:02:25.521 Disk 0 MBR scan
    12:02:25.638 Disk 0 Windows 7 default MBR code
    12:02:25.688 Disk 0 MBR hidden
    12:02:25.696 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 523798 MB offset 63
    12:02:25.920 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 430068 MB offset 1072740375
    12:02:26.174 Disk 0 scanning C:\Windows\system32\drivers
    12:03:20.327 Service scanning
    12:04:06.356 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    12:04:57.618 Modules scanning
    12:05:12.555 Disk 0 trace - called modules:
    12:05:12.579 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    12:05:12.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8681f030]
    12:05:12.587 3 CLASSPNP.SYS[8bc0459e] -> nt!IofCallDriver -> [0x866de918]
    12:05:12.590 5 ACPI.sys[83aba3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x866ca030]
    12:05:14.074 AVAST engine scan C:\Windows
    12:05:18.178 AVAST engine scan C:\Windows\system32
    12:20:32.610 AVAST engine scan C:\Windows\system32\drivers
    12:21:35.526 AVAST engine scan C:\Users\Cheung
    13:30:11.180 AVAST engine scan C:\ProgramData
    13:35:18.673 Scan finished successfully
    16:01:37.252 Disk 0 MBR has been saved successfully to "C:\Users\Cheung\Desktop\MBR.dat"
    16:01:37.328 The log file has been saved successfully to "C:\Users\Cheung\Desktop\aswMBR.txt"
     
  14. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
    -bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x0000007f`e1702e00
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;
    Press any key to quit...
     
  15. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Combofix ran successfully but it took ages (more than 15 minutes) to produce the Report and the computer hanged before it could tell me the Report had been produced. What had been made (and the creation time was right at the beginning of the report preparation) is here:

    ComboFix 12-04-17.01 - Cheung 18/04/2012 9:22:30.1.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2353 [GMT 8:00]
    Running from: C:\Users\Cheung\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\Program Files\Blinkx
    C:\Program Files\Blinkx\blinkx.ico
    C:\Program Files\Blinkx\blinkxss.exe
    C:\Program Files\Blinkx\blinkxstop.exe
    C:\Program Files\Blinkx\lang.dll
    C:\Program Files\Blinkx\templates\beat.ico
    C:\Program Files\Blinkx\templates\index.html
    C:\Program Files\Blinkx\templates\noflash.html
    C:\Program Files\Blinkx\templates\offline.html
    C:\Program Files\Blinkx\templates\offline.swf
    C:\Program Files\Blinkx\templates\uninstall.exe
    C:\Program Files\DealScout
    C:\Program Files\DealScout\deALscout.dll
    C:\Program Files\DealScout\installer.ico
    C:\Program Files\DealScout\uninstall.exe
    C:\Users\Cheung\AppData\Local\assembly\tmp
    C:\Users\Cheung\AppData\Roaming\Cocylu
    C:\Users\Cheung\AppData\Roaming\Cocylu\qouq.mai
    C:\Users\Cheung\AppData\Roaming\Cocylu\qouq.tmp
    C:\Windows\$NtUninstallKB23404$
    C:\Windows\$NtUninstallKB23404$\1048025828\L\xadqgnnk
    C:\Windows\$NtUninstallKB42131$
    C:\Windows\$NtUninstallKB42131$\1048025828\L\xadqgnnk
    C:\Windows\system32\dds_trash_log.cmd
    C:\Windows\system32\tmp4A3F.tmp
    C:\Windows\system32\tmp4A4F.tmp
    C:\Windows\system32\tmp51FC.tmp
    C:\Windows\system32\tmp523B.tmp
    C:\Windows\XSxS
    D:\autorun.inf

    ((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))

    2012-04-18 01:33:56 . 2012-04-18 01:33:56 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2012-04-18 01:33:55 . 2012-04-18 01:33:55 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
    2012-04-17 12:42:50 . 2012-04-17 12:42:50 -------- d-----w- C:\Program Files\Common Files\Java
    2012-04-17 12:42:24 . 2012-04-17 12:42:07 637848 ----a-w- C:\Windows\system32\npdeployJava1.dll
    2012-04-17 12:30:30 . 2012-04-17 12:30:30 242240 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
    2012-04-17 12:30:18 . 2012-04-17 12:30:30 -------- d-----w- C:\Program Files\DAEMON Tools Lite
    2012-04-17 11:50:06 . 2012-04-18 01:35:44 56200 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84B0D504-B077-4239-9341-C5BA1A9D1218}\offreg.dll
    2012-04-17 10:23:31 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84B0D504-B077-4239-9341-C5BA1A9D1218}\mpengine.dll
    2012-04-17 03:05:23 . 2012-04-17 03:05:23 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-16 08:00:30 . 2012-04-16 08:00:30 -------- d-----w- C:\Program Files\FileHippo.com
    2012-04-15 10:02:12 . 2012-04-04 07:56:40 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2012-04-15 10:02:11 . 2012-04-15 10:02:29 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2012-04-14 10:08:06 . 2012-04-14 10:08:10 -------- d-----w- C:\Users\Cheung\AppData\Local\adaware
    2012-04-14 10:08:05 . 2012-04-14 10:08:07 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2012-04-14 10:07:52 . 2011-04-05 09:35:20 94040 ----a-w- C:\Windows\system32\drivers\sbhips.sys
    2012-04-14 10:07:39 . 2011-04-05 09:35:20 78936 ----a-w- C:\Windows\system32\drivers\sbtis.sys
    2012-04-14 10:07:21 . 2011-04-05 09:35:20 221784 ----a-w- C:\Windows\system32\drivers\SbFw.sys
    2012-04-14 10:07:21 . 2011-02-08 01:14:22 69208 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
    2012-04-14 10:07:17 . 2012-04-14 10:07:17 -------- d-----w- C:\ProgramData\Lavasoft
    2012-04-14 10:07:16 . 2012-04-14 10:07:17 -------- d-----w- C:\Program Files\Ad-Aware Antivirus
    2012-04-14 10:04:34 . 2012-04-16 09:24:07 -------- d-----w- C:\Users\Cheung\AppData\Roaming\Ad-Aware Antivirus
    2012-04-13 16:34:12 . 2010-11-26 10:02:20 15672 ----a-w- C:\Windows\system32\drivers\SmartDefragDriver.sys
    2012-04-13 16:34:06 . 2012-04-13 16:34:06 -------- d-----w- C:\Program Files\IObit
    2012-04-13 16:29:38 . 2012-04-13 16:29:42 -------- d-----w- C:\Program Files\OpenDrive
    2012-04-12 09:08:12 . 2012-03-01 05:46:57 19824 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
    2012-04-12 09:08:12 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\system32\imagehlp.dll
    2012-04-12 09:05:41 . 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\system32\ntkrnlpa.exe
    2012-04-12 09:05:40 . 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\system32\ntoskrnl.exe
    2012-04-11 08:04:38 . 2012-04-11 08:04:38 -------- d--h--w- C:\Windows\AxInstSV
    2012-04-11 07:39:40 . 2012-04-12 09:05:23 -------- d-----w- C:\Users\DB
    2012-04-04 04:16:32 . 2012-04-04 04:17:28 -------- d-----w- C:\Program Files\Megacloud
    2012-04-04 04:08:42 . 2012-04-04 04:09:21 -------- d-----w- C:\Program Files\Spectromancer
    2012-04-04 03:29:13 . 2012-04-04 03:29:13 -------- d-----w- C:\Users\Cheung\AppData\Local\OpenDrive
    2012-04-03 09:20:15 . 2012-04-18 02:00:21 -------- d-----w- C:\Users\Cheung\AppData\Roaming\Fiabee
    2012-04-03 09:19:53 . 2012-04-03 09:19:53 -------- d-----w- C:\Program Files\Tuso
    2012-03-28 03:45:27 . 2012-03-28 03:45:27 -------- d-----w- C:\Program Files\Evernote
    2012-03-26 08:13:15 . 2012-03-26 08:13:15 5 ----a-w- C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp
    2012-03-26 07:56:44 . 2012-04-18 00:33:49 -------- d-----w- C:\Users\Cheung\.gstreamer-0.10
    2012-03-26 07:48:50 . 2012-03-26 07:48:50 -------- d-----w- C:\ProgramData\Motorola Media Link
    2012-03-26 07:48:48 . 2012-03-26 07:48:48 -------- d-----w- C:\Program Files\Motorola Mobility
    2012-03-26 07:45:56 . 2012-04-18 02:01:09 -------- d-----w- C:\Users\Cheung\AppData\Roaming\MotoCast
    2012-03-22 19:12:12 . 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\system32\GPhotos.scr
    2012-03-22 15:06:59 . 2006-09-12 04:46:24 227328 --sha-r- C:\Windows\system32\ac3DX.ax
    2012-03-22 15:06:59 . 2006-08-16 07:53:32 175104 --sha-r- C:\Windows\system32\CoreAAC.ax
    2012-03-22 15:06:59 . 2006-01-12 16:23:26 123904 --sha-r- C:\Windows\system32\AVCDX.ax
    2012-03-22 15:06:59 . 2005-02-22 09:55:02 81920 --sha-r- C:\Windows\system32\aac_parser.ax
    2012-03-22 15:06:59 . 2005-01-17 16:26:36 179200 --sha-r- C:\Windows\system32\DiracSplitter.ax
    2012-03-22 15:06:59 . 2003-12-07 00:59:44 97280 --sha-r- C:\Windows\system32\FLACDX.ax
    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2012-04-17 12:43:55 . 2011-06-26 00:41:06 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
    2012-04-17 12:42:07 . 2011-06-24 23:18:42 567696 ----a-w- C:\Windows\system32\deployJava1.dll
    2012-04-17 03:08:46 . 2011-06-25 11:43:51 187904 ----a-w- C:\Windows\system32\drivers\netbt.sys
    2012-03-16 01:48:42 . 2012-03-16 01:48:42 1734368 ----a-w- C:\Windows\system32\LivedriveControlPanel.cpl
    2012-03-14 02:15:38 . 2011-06-25 03:24:14 6582328 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-03-01 05:37:41 . 2012-04-12 09:08:12 172544 ----a-w- C:\Windows\system32\wintrust.dll
    2012-03-01 05:29:16 . 2012-04-12 09:08:12 5120 ----a-w- C:\Windows\system32\wmi.dll
    2012-02-28 01:11:07 . 2012-04-12 09:19:46 1127424 ----a-w- C:\Windows\system32\wininet.dll
    2012-02-17 05:34:22 . 2012-03-14 13:14:01 919040 ----a-w- C:\Windows\system32\rdpcorets.dll
    2012-02-17 05:34:22 . 2012-03-14 13:14:01 826880 ----a-w- C:\Windows\system32\rdpcore.dll
    2012-02-17 04:14:08 . 2012-03-14 13:14:00 183808 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
    2012-02-17 04:13:22 . 2012-03-14 13:14:01 24576 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
    2012-02-14 04:09:44 . 2012-02-14 04:09:44 1070352 ----a-w- C:\Windows\system32\MSCOMCTL.OCX
    2012-02-10 09:40:56 . 2012-02-10 09:41:26 713784 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20863C96-A9D1-4B85-BB1A-D10691BC006B}\gapaengine.dll
    2012-02-10 05:38:43 . 2012-03-14 13:19:28 1077248 ----a-w- C:\Windows\system32\DWrite.dll
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 881984 ----a-w- C:\Windows\system32\nvgenco32.dll
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 61248 ----a-w- C:\Windows\system32\OpenCL.dll
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 5892928 ----a-w- C:\Windows\system32\nvcuda.dll
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 2517312 ----a-w- C:\Windows\system32\nvcuvid.dll
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 2437440 ----a-w- C:\Windows\system32\nvcuvenc.dll
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 19443520 ----a-w- C:\Windows\system32\nvoglv32.dll
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 17543488 ----a-w- C:\Windows\system32\nvcompiler.dll
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 15009600 ----a-w- C:\Windows\system32\nvd3dum.dll
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 10816832 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
    2012-02-09 14:43:00 . 2012-02-09 14:43:00 1000256 ----a-w- C:\Windows\system32\nvdispco32.dll
    2012-02-09 14:43:00 . 2011-02-22 18:57:00 2301248 ----a-w- C:\Windows\system32\nvapi.dll
    2012-02-09 14:43:00 . 2009-07-13 22:09:18 7713088 ----a-w- C:\Windows\system32\nvwgf2um.dll
    2012-02-03 03:54:27 . 2012-03-14 13:19:30 2343424 ----a-w- C:\Windows\system32\win32k.sys
    2012-01-31 12:44:05 . 2011-06-24 09:19:05 237072 ------w- C:\Windows\system32\MpSigStub.exe
    2012-01-25 05:58:00 . 2012-01-25 05:58:00 23808 ----a-w- C:\Windows\system32\drivers\Motousbnet.sys
    2012-01-25 05:57:48 . 2012-01-25 05:57:48 24192 ----a-w- C:\Windows\system32\drivers\motmodem.sys
    2012-01-25 05:57:44 . 2012-01-25 05:57:44 8448 ----a-w- C:\Windows\system32\drivers\motccgpfl.sys
    2012-01-25 05:57:36 . 2012-01-25 05:57:36 20864 ----a-w- C:\Windows\system32\drivers\motccgp.sys
    2012-01-25 05:32:35 . 2012-03-14 13:13:58 58880 ----a-w- C:\Windows\system32\rdpwsx.dll
    2012-01-25 05:32:34 . 2012-03-14 13:13:58 129536 ----a-w- C:\Windows\system32\rdpcorekmts.dll
    2012-01-25 05:27:51 . 2012-03-14 13:13:58 8192 ----a-w- C:\Windows\system32\rdrmemptylst.exe
    2006-05-03 03:06:54 163328 --sha-r- C:\Windows\System32\flvDX.dll
    2007-02-21 04:47:16 31232 --sha-r- C:\Windows\System32\msfDX.dll
    2008-03-16 06:30:52 216064 --sha-r- C:\Windows\System32\nbDX.dll
    2010-01-06 16:00:00 107520 --sha-r- C:\Windows\System32\TAKDSDecoder.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 08:49:38 176936]
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AEC5D7C-9BA0-4A13-AB5D-244E4276FC09}]
    2012-01-28 06:44:53 760136 ----a-w- C:\Windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
    2011-05-09 08:49:38 176936 ----a-w- C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1B5498A8-C09C-43DD-89FC-67803840387E}"= "C:\Windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll" [2012-01-28 06:44:53 760136]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 08:49:38 176936]
    "{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "C:\Program Files\GoBox\gobox.dll" [2012-03-02 02:35:38 311296]
    [HKEY_CLASSES_ROOT\clsid\{1b5498a8-c09c-43dd-89fc-67803840387e}]
    [HKEY_CLASSES_ROOT\PrimaDeskPlugin.PrimadeskToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{FC7DF02D-B3FD-440D-B35C-EF63E4EEFB23}]
    [HKEY_CLASSES_ROOT\PrimaDeskPlugin.Primadesk]
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    [HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{F999A48B-1950-4D81-9971-79018F807B4B}"= "C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 08:49:38 176936]
    "{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "C:\Program Files\GoBox\gobox.dll" [2012-03-02 02:35:38 311296]
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    [HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSOComplete]
    @="{F0DEA1E7-0A07-490d-A2F8-6E711A576463}"
    [HKEY_CLASSES_ROOT\CLSID\{F0DEA1E7-0A07-490d-A2F8-6E711A576463}]
    2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSODownloading]
    @="{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}"
    [HKEY_CLASSES_ROOT\CLSID\{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}]
    2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03_TUSOInProgress]
    @="{342DF534-1707-4bcb-A8AE-12790BB89C8E}"
    [HKEY_CLASSES_ROOT\CLSID\{342DF534-1707-4bcb-A8AE-12790BB89C8E}]
    2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04_TUSOSharedComplete]
    @="{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}"
    [HKEY_CLASSES_ROOT\CLSID\{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}]
    2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05_TUSODefault]
    @="{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}"
    [HKEY_CLASSES_ROOT\CLSID\{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}]
    2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06_TUSOLink]
    @="{5FD2AA18-24C0-4A27-9824-AC5AF745369E}"
    [HKEY_CLASSES_ROOT\CLSID\{5FD2AA18-24C0-4A27-9824-AC5AF745369E}]
    2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
    @="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
    2012-04-11 07:06:44 221840 ----a-w- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0OpenDrive_ShellOverlayIcon]
    @="{3268FFAC-39F2-4058-BE09-7396DB121F4A}"
    [HKEY_CLASSES_ROOT\CLSID\{3268FFAC-39F2-4058-BE09-7396DB121F4A}]
    2012-03-10 04:04:14 3153584 ----a-w- C:\Program Files\OpenDrive\OpenDrive.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:07:40 559104 ----a-w- C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:07:40 559104 ----a-w- C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:07:40 559104 ----a-w- C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:07:40 559104 ----a-w- C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
    @="{0367BF0F-7636-43AF-A152-E935D61A0203}"
    [HKEY_CLASSES_ROOT\CLSID\{0367BF0F-7636-43AF-A152-E935D61A0203}]
    2011-12-02 10:37:10 158224 ----a-w- C:\Windows\System32\CbFsMntNtf3.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt1]
    @="{A30768B3-9C38-4810-AAC3-422B73A0B25C}"
    [HKEY_CLASSES_ROOT\CLSID\{A30768B3-9C38-4810-AAC3-422B73A0B25C}]
    2011-09-15 09:25:30 573440 ----a-w- C:\IDSync\IDSyncIcon.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt2]
    @="{906E4756-73EC-4A58-A3B1-461B759D8F7B}"
    [HKEY_CLASSES_ROOT\CLSID\{906E4756-73EC-4A58-A3B1-461B759D8F7B}]
    2011-09-15 09:25:30 573440 ----a-w- C:\IDSync\IDSyncIcon.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt3]
    @="{5DF1669E-DBBC-4C36-918E-8E470774D7AF}"
    [HKEY_CLASSES_ROOT\CLSID\{5DF1669E-DBBC-4C36-918E-8E470774D7AF}]
    2011-09-15 09:25:30 573440 ----a-w- C:\IDSync\IDSyncIcon.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
    @="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
    2012-04-11 07:06:44 221840 ----a-w- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
    @="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
    2012-04-11 07:06:44 221840 ----a-w- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
    @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
    [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
    2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12:20 94208 ----a-w- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12:20 94208 ----a-w- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12:20 94208 ----a-w- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12:20 94208 ----a-w- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-12-02 10:37:10 158224 ----a-w- C:\Windows\System32\CbFsMntNtf3.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
    @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
    [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
    2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
    @="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
    [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
    2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
    @="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
    [HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
    2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
    @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
    [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
    2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-03-19 20:29:44 365648 ----a-w- C:\Program Files\SugarSync\SugarSyncShellExt.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-03-19 20:29:44 365648 ----a-w- C:\Program Files\SugarSync\SugarSyncShellExt.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-03-19 20:29:44 365648 ----a-w- C:\Program Files\SugarSync\SugarSyncShellExt.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-03-19 20:29:44 365648 ----a-w- C:\Program Files\SugarSync\SugarSyncShellExt.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 05:58:52 495616]
    "SugarSync"="C:\Program Files\SugarSync\SugarSyncManager.exe" [2012-03-19 20:32:24 9413712]
    "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 15:07:38 718720]
    "BIBLauncher"="C:\Program Files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 06:02:05 901600]
    "OpenDNS Updater"="C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 21:42:58 839680]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 06:28:48 39408]
    "WLSync"="C:\Program Files\Windows Live\Mesh\WLSync.exe" [2011-05-13 07:23:02 1449312]
    "Akamai NetSession Interface"="C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe" [2012-03-12 21:37:52 3331872]
    "Xvid"="C:\Program Files\Xvid\CheckUpdate.exe" [2011-01-17 19:41:43 8192]
    "IDSyncStartup"="C:\IDSync\IDSyncStartup.exe" [2011-09-14 10:44:28 95704]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2012-04-05 03:41:28 17356424]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 04:43:08 247728]
    "MotoCast"="C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-03-26 08:14:18 1981]
    "Livedrive"="C:\Program Files\Megacloud\Livedrive.exe" [2012-03-16 01:45:40 1636864]
    "FileHippo.com"="C:\Program Files\FileHippo.com\UpdateChecker.exe" [2012-03-26 07:34:22 306688]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 09:54:22 3672384]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 12:17:41 1174016]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "TrayServer"="C:\PROGRA~1\MAGIX\MOVIE_~1\TrayServer_en.exe" [2008-11-13 04:52:48 90112]
    "Zune Launcher"="C:\Program Files\Zune1\ZuneLauncher.exe" [2011-08-05 04:29:56 159456]
    "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 05:37:14 517096]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-07-05 10:36:48 421888]
    "NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [2011-06-08 09:00:36 5694792]
    "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 07:16:48 997920]
    "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 06:54:26 91520]
    "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 06:37:46 135536]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 07:57:34 1313672]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 07:56:42 1821576]
    "Intel AppUp(SM) center"="C:\Program Files\IntelAppUp\IntelAppStore\bin\serviceManager.lnk" [2011-06-24 10:47:20 1311]
    "TVEService"="C:\Program Files\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 09:56:04 226536]
    "PCMAgent"="C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 03:34:02 148776]
    "PlayMovie"="C:\Program Files\CyberLink\PlayMovie\PMVService.exe" [2009-09-08 10:07:24 177384]
    "CLMLServer"="C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 03:34:20 202024]
    "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 09:42:18 499608]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
    "AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 23:08:56 1523360]
    "AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 14:10:47 402432]
    "Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 05:53:56 36760]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 05:53:56 815512]
    "TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2011-11-30 00:43:27 296056]
    "Fiabee"="C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe" [2012-03-27 07:19:50 9892336]
    "OpenDrive Tray"="C:\Program Files\OpenDrive\OpenDrive_Tray.exe" [2012-03-10 04:03:56 4341424]
    "Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 09:09:36 198032]
    "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 07:56:38 462408]
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 03:07:54 252296]
    C:\Users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - C:\Users\Cheung\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24242056]
    C:\Users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
    C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
    EvernoteTray.lnk - C:\Program Files\Evernote\Evernote\EvernoteTray.exe [2012-3-22 391008]
    GoBox.lnk - C:\Program Files\GoBox\gobox_desktop.exe [2012-3-2 491520]
    IDriveSync Tray.lnk - C:\IDSync\IDSyncTray.exe [2012-3-2 1775064]
    MangoApps Desktop.lnk - C:\Program Files\MangoApps Desktop\MangoApps Desktop.exe [2012-3-9 142336]
    MegaCloud.lnk - C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe [2011-11-28 10755728]
    Microsoft SharePoint Workspace.lnk - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    PortableApps.lnk - C:\Portable Apps\Start.exe [2011-12-8 145920]
    qlock.lnk - C:\Program Files\Qlock\qlock.exe [2009-2-14 4142080]
    Samsung Auto Backup Guage.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-6-27 888832]
    Samsung Auto Backup Real-Time Daemon.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-6-27 77824]
    Samsung Auto Backup Scheduler.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-6-27 102400]
    Windows Live Mesh.lnk - C:\Program Files\Windows Live\Mesh\WLSync.exe [2011-5-13 1449312]
    Wuala.lnk - C:\Users\Cheung\AppData\Roaming\Wuala\Wuala.exe [2012-2-27 451504]
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
     
  17. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    That log is incomplete.
    Check C:\combofix.txt file to see if there is more than you posted.

    If not you have to re-run Combofix.
     
  18. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    when it was preparing report, it said to not start any programs, but the restart meant that all my startup and system tray items started. Would this be the cause?
     
  19. Broni

    Broni Malware Annihilator Posts: 47,684   +267

  20. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    ComboFix 12-04-17.01 - Cheung 18/04/2012 12:19:45.3.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.1551 [GMT 8:00]
    Running from: c:\users\Cheung\Desktop\ComboFix1.exe
    AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
    SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-18 04:29 . 2012-04-18 04:29--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-04-18 04:29 . 2012-04-18 04:29--------d-----w-c:\users\Dropbox2\AppData\Local\temp
    2012-04-18 04:29 . 2012-04-18 04:29--------d-----w-c:\users\Dropbox1\AppData\Local\temp
    2012-04-18 04:29 . 2012-04-18 04:29--------d-----w-c:\users\Default\AppData\Local\temp
    2012-04-18 03:57 . 2012-04-18 03:5756200----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55EF27BB-B2D7-488F-B92B-74475F11E9CB}\offreg.dll
    2012-04-18 02:34 . 2012-03-14 02:156582328----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55EF27BB-B2D7-488F-B92B-74475F11E9CB}\mpengine.dll
    2012-04-18 01:02 . 2012-04-18 03:00--------d-----w-C:\ComboFix
    2012-04-17 12:42 . 2012-04-17 12:42--------d-----w-c:\program files\Common Files\Java
    2012-04-17 12:42 . 2012-04-17 12:42637848----a-w-c:\windows\system32\npdeployJava1.dll
    2012-04-17 12:30 . 2012-04-17 12:30242240----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
    2012-04-17 12:30 . 2012-04-17 12:30--------d-----w-c:\program files\DAEMON Tools Lite
    2012-04-17 03:05 . 2012-04-17 03:05--------d-----w-C:\TDSSKiller_Quarantine
    2012-04-16 08:00 . 2012-04-16 08:00--------d-----w-c:\program files\FileHippo.com
    2012-04-15 10:02 . 2012-04-04 07:5622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-04-15 10:02 . 2012-04-15 10:02--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-04-14 10:08 . 2012-04-14 10:08--------d-----w-c:\users\Cheung\AppData\Local\adaware
    2012-04-14 10:08 . 2012-04-14 10:08--------d-----w-c:\programdata\Ad-Aware Browsing Protection
    2012-04-14 10:07 . 2011-04-05 09:3594040----a-w-c:\windows\system32\drivers\sbhips.sys
    2012-04-14 10:07 . 2011-04-05 09:3578936----a-w-c:\windows\system32\drivers\sbtis.sys
    2012-04-14 10:07 . 2011-04-05 09:35221784----a-w-c:\windows\system32\drivers\SbFw.sys
    2012-04-14 10:07 . 2011-02-08 01:1469208----a-w-c:\windows\system32\drivers\SbFwIm.sys
    2012-04-14 10:07 . 2012-04-14 10:07--------d-----w-c:\programdata\Lavasoft
    2012-04-14 10:07 . 2012-04-14 10:07--------d-----w-c:\program files\Ad-Aware Antivirus
    2012-04-14 10:04 . 2012-04-16 09:24--------d-----w-c:\users\Cheung\AppData\Roaming\Ad-Aware Antivirus
    2012-04-13 16:34 . 2011-12-16 09:2129016----a-w-c:\windows\system32\SmartDefragBootTime.exe
    2012-04-13 16:34 . 2010-11-26 10:0215672----a-w-c:\windows\system32\drivers\SmartDefragDriver.sys
    2012-04-13 16:34 . 2012-04-13 16:34--------d-----w-c:\program files\IObit
    2012-04-13 16:29 . 2012-04-13 16:29--------d-----w-c:\program files\OpenDrive
    2012-04-12 09:08 . 2012-03-01 05:4619824----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 09:08 . 2012-03-01 05:37172544----a-w-c:\windows\system32\wintrust.dll
    2012-04-12 09:08 . 2012-03-01 05:33159232----a-w-c:\windows\system32\imagehlp.dll
    2012-04-12 09:08 . 2012-03-01 05:295120----a-w-c:\windows\system32\wmi.dll
    2012-04-12 09:05 . 2012-03-06 05:593968368----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-04-12 09:05 . 2012-03-06 05:593913072----a-w-c:\windows\system32\ntoskrnl.exe
    2012-04-11 08:04 . 2012-04-11 08:04--------d--h--w-c:\windows\AxInstSV
    2012-04-11 07:39 . 2012-04-12 09:05--------d-----w-c:\users\DB
    2012-04-04 04:16 . 2012-04-04 04:17--------d-----w-c:\program files\Megacloud
    2012-04-04 04:08 . 2012-04-04 04:09--------d-----w-c:\program files\Spectromancer
    2012-04-04 03:29 . 2012-04-04 03:29--------d-----w-c:\users\Cheung\AppData\Local\OpenDrive
    2012-04-03 09:20 . 2012-04-18 03:02--------d-----w-c:\users\Cheung\AppData\Roaming\Fiabee
    2012-04-03 09:19 . 2012-04-03 09:19--------d-----w-c:\program files\Tuso
    2012-03-28 03:45 . 2012-03-28 03:45--------d-----w-c:\program files\Evernote
    2012-03-26 08:13 . 2012-03-26 08:135----a-w-c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
    2012-03-26 07:56 . 2012-04-18 04:02--------d-----w-c:\users\Cheung\.gstreamer-0.10
    2012-03-26 07:48 . 2012-03-26 07:48--------d-----w-c:\programdata\Motorola Media Link
    2012-03-26 07:48 . 2012-03-26 07:48--------d-----w-c:\program files\Motorola Mobility
    2012-03-26 07:45 . 2012-04-18 04:17--------d-----w-c:\users\Cheung\AppData\Roaming\MotoCast
    2012-03-22 19:12 . 2012-03-22 19:124435968----a-w-c:\windows\system32\GPhotos.scr
    2012-03-22 15:06 . 2006-09-12 04:46227328--sha-r-c:\windows\system32\ac3DX.ax
    2012-03-22 15:06 . 2006-08-16 07:53175104--sha-r-c:\windows\system32\CoreAAC.ax
    2012-03-22 15:06 . 2006-01-12 16:23123904--sha-r-c:\windows\system32\AVCDX.ax
    2012-03-22 15:06 . 2005-02-22 09:5581920--sha-r-c:\windows\system32\aac_parser.ax
    2012-03-22 15:06 . 2005-01-17 16:26179200--sha-r-c:\windows\system32\DiracSplitter.ax
    2012-03-22 15:06 . 2003-12-07 00:5997280--sha-r-c:\windows\system32\FLACDX.ax
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-17 12:43 . 2011-06-26 00:4170304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-17 12:42 . 2011-06-24 23:18567696----a-w-c:\windows\system32\deployJava1.dll
    2012-04-17 03:08 . 2011-06-25 11:43187904----a-w-c:\windows\system32\drivers\netbt.sys
    2012-03-16 01:48 . 2012-03-16 01:481734368----a-w-c:\windows\system32\LivedriveControlPanel.cpl
    2012-03-14 02:15 . 2011-06-25 03:246582328----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-17 05:34 . 2012-03-14 13:14919040----a-w-c:\windows\system32\rdpcorets.dll
    2012-02-17 05:34 . 2012-03-14 13:14826880----a-w-c:\windows\system32\rdpcore.dll
    2012-02-17 04:14 . 2012-03-14 13:14183808----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:13 . 2012-03-14 13:1424576----a-w-c:\windows\system32\drivers\tdtcp.sys
    2012-02-14 04:09 . 2012-02-14 04:091070352----a-w-c:\windows\system32\MSCOMCTL.OCX
    2012-02-10 09:40 . 2012-02-10 09:41713784------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20863C96-A9D1-4B85-BB1A-D10691BC006B}\gapaengine.dll
    2012-02-10 05:38 . 2012-03-14 13:191077248----a-w-c:\windows\system32\DWrite.dll
    2012-02-09 14:43 . 2012-02-09 14:43881984----a-w-c:\windows\system32\nvgenco32.dll
    2012-02-09 14:43 . 2012-02-09 14:4361248----a-w-c:\windows\system32\OpenCL.dll
    2012-02-09 14:43 . 2012-02-09 14:435892928----a-w-c:\windows\system32\nvcuda.dll
    2012-02-09 14:43 . 2012-02-09 14:432517312----a-w-c:\windows\system32\nvcuvid.dll
    2012-02-09 14:43 . 2012-02-09 14:432437440----a-w-c:\windows\system32\nvcuvenc.dll
    2012-02-09 14:43 . 2012-02-09 14:4319443520----a-w-c:\windows\system32\nvoglv32.dll
    2012-02-09 14:43 . 2012-02-09 14:4317543488----a-w-c:\windows\system32\nvcompiler.dll
    2012-02-09 14:43 . 2012-02-09 14:4315009600----a-w-c:\windows\system32\nvd3dum.dll
    2012-02-09 14:43 . 2012-02-09 14:4310816832----a-w-c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-09 14:43 . 2012-02-09 14:431000256----a-w-c:\windows\system32\nvdispco32.dll
    2012-02-09 14:43 . 2011-02-22 18:572301248----a-w-c:\windows\system32\nvapi.dll
    2012-02-09 14:43 . 2009-07-13 22:097713088----a-w-c:\windows\system32\nvwgf2um.dll
    2012-02-03 03:54 . 2012-03-14 13:192343424----a-w-c:\windows\system32\win32k.sys
    2012-01-31 12:44 . 2011-06-24 09:19237072------w-c:\windows\system32\MpSigStub.exe
    2012-01-25 05:58 . 2012-01-25 05:5823808----a-w-c:\windows\system32\drivers\Motousbnet.sys
    2012-01-25 05:57 . 2012-01-25 05:5724192----a-w-c:\windows\system32\drivers\motmodem.sys
    2012-01-25 05:57 . 2012-01-25 05:578448----a-w-c:\windows\system32\drivers\motccgpfl.sys
    2012-01-25 05:57 . 2012-01-25 05:5720864----a-w-c:\windows\system32\drivers\motccgp.sys
    2012-01-25 05:32 . 2012-03-14 13:1358880----a-w-c:\windows\system32\rdpwsx.dll
    2012-01-25 05:32 . 2012-03-14 13:13129536----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-01-25 05:27 . 2012-03-14 13:138192----a-w-c:\windows\system32\rdrmemptylst.exe
    2006-05-03 03:06163328--sha-r-c:\windows\System32\flvDX.dll
    2007-02-21 04:4731232--sha-r-c:\windows\System32\msfDX.dll
    2008-03-16 06:30216064--sha-r-c:\windows\System32\nbDX.dll
    2010-01-06 16:00107520--sha-r-c:\windows\System32\TAKDSDecoder.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AEC5D7C-9BA0-4A13-AB5D-244E4276FC09}]
    2012-01-28 06:44760136----a-w-c:\windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
    2011-05-09 08:49176936----a-w-c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1B5498A8-C09C-43DD-89FC-67803840387E}"= "c:\windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll" [2012-01-28 760136]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
    "{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\GoBox\gobox.dll" [2012-03-02 311296]
    .
    [HKEY_CLASSES_ROOT\clsid\{1b5498a8-c09c-43dd-89fc-67803840387e}]
    [HKEY_CLASSES_ROOT\PrimaDeskPlugin.PrimadeskToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{FC7DF02D-B3FD-440D-B35C-EF63E4EEFB23}]
    [HKEY_CLASSES_ROOT\PrimaDeskPlugin.Primadesk]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
    "{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\GoBox\gobox.dll" [2012-03-02 311296]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSOComplete]
    @="{F0DEA1E7-0A07-490d-A2F8-6E711A576463}"
    [HKEY_CLASSES_ROOT\CLSID\{F0DEA1E7-0A07-490d-A2F8-6E711A576463}]
    2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSODownloading]
    @="{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}"
    [HKEY_CLASSES_ROOT\CLSID\{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}]
    2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03_TUSOInProgress]
    @="{342DF534-1707-4bcb-A8AE-12790BB89C8E}"
    [HKEY_CLASSES_ROOT\CLSID\{342DF534-1707-4bcb-A8AE-12790BB89C8E}]
    2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04_TUSOSharedComplete]
    @="{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}"
    [HKEY_CLASSES_ROOT\CLSID\{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}]
    2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05_TUSODefault]
    @="{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}"
    [HKEY_CLASSES_ROOT\CLSID\{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}]
    2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06_TUSOLink]
    @="{5FD2AA18-24C0-4A27-9824-AC5AF745369E}"
    [HKEY_CLASSES_ROOT\CLSID\{5FD2AA18-24C0-4A27-9824-AC5AF745369E}]
    2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
    @="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
    2012-04-11 07:06221840----a-w-c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0OpenDrive_ShellOverlayIcon]
    @="{3268FFAC-39F2-4058-BE09-7396DB121F4A}"
    [HKEY_CLASSES_ROOT\CLSID\{3268FFAC-39F2-4058-BE09-7396DB121F4A}]
    2012-03-10 04:043153584----a-w-c:\program files\OpenDrive\OpenDrive.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:07559104----a-w-c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:07559104----a-w-c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:07559104----a-w-c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:07559104----a-w-c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
    @="{0367BF0F-7636-43AF-A152-E935D61A0203}"
    [HKEY_CLASSES_ROOT\CLSID\{0367BF0F-7636-43AF-A152-E935D61A0203}]
    2011-12-02 10:37158224----a-w-c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt1]
    @="{A30768B3-9C38-4810-AAC3-422B73A0B25C}"
    [HKEY_CLASSES_ROOT\CLSID\{A30768B3-9C38-4810-AAC3-422B73A0B25C}]
    2011-09-15 09:25573440----a-w-c:\idsync\IDSyncIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt2]
    @="{906E4756-73EC-4A58-A3B1-461B759D8F7B}"
    [HKEY_CLASSES_ROOT\CLSID\{906E4756-73EC-4A58-A3B1-461B759D8F7B}]
    2011-09-15 09:25573440----a-w-c:\idsync\IDSyncIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt3]
    @="{5DF1669E-DBBC-4C36-918E-8E470774D7AF}"
    [HKEY_CLASSES_ROOT\CLSID\{5DF1669E-DBBC-4C36-918E-8E470774D7AF}]
    2011-09-15 09:25573440----a-w-c:\idsync\IDSyncIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
    @="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
    2012-04-11 07:06221840----a-w-c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
    @="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
    2012-04-11 07:06221840----a-w-c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
    @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
    [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
    2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-12-02 10:37158224----a-w-c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
    @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
    [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
    2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
    @="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
    [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
    2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
    @="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
    [HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
    2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
    @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
    [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
    2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-03-19 20:29365648----a-w-c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-03-19 20:29365648----a-w-c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-03-19 20:29365648----a-w-c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-03-19 20:29365648----a-w-c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="" [BU]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
    "BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
    "OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
    "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]
    "Akamai NetSession Interface"="c:\users\Cheung\AppData\Local\Akamai\netsession_win.exe" [2012-03-12 3331872]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "IDSyncStartup"="c:\idsync\IDSyncStartup.exe" [2011-09-14 95704]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
    "MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-03-26 1981]
    "Livedrive"="c:\program files\Megacloud\Livedrive.exe" [2012-03-16 1636864]
    "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "TrayServer"="c:\progra~1\MAGIX\MOVIE_~1\TrayServer_en.exe" [2008-11-13 90112]
    "Zune Launcher"="c:\program files\Zune1\ZuneLauncher.exe" [2011-08-05 159456]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2011-06-08 5694792]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
    "Intel AppUp(SM) center"="c:\program files\IntelAppUp\IntelAppStore\bin\serviceManager.lnk" [2011-06-24 1311]
    "TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 226536]
    "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 148776]
    "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2009-09-08 177384]
    "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 202024]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-30 296056]
    "Fiabee"="c:\program files\Tuso\Fiabee Sync\Fiabee.exe" [2012-03-27 9892336]
    "OpenDrive Tray"="c:\program files\OpenDrive\OpenDrive_Tray.exe" [2012-03-10 4341424]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Cheung\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24242056]
    .
    c:\users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
    .
    c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
    EvernoteTray.lnk - c:\program files\Evernote\Evernote\EvernoteTray.exe [2012-3-22 391008]
    GoBox.lnk - c:\program files\GoBox\gobox_desktop.exe [2012-3-2 491520]
    IDriveSync Tray.lnk - c:\idsync\IDSyncTray.exe [2012-3-2 1775064]
    MangoApps Desktop.lnk - c:\program files\MangoApps Desktop\MangoApps Desktop.exe [2012-3-9 142336]
    MegaCloud.lnk - c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe [2011-11-28 10755728]
    Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    PortableApps.lnk - c:\portable apps\Start.exe [2011-12-8 145920]
    qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-14 4142080]
    Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-6-27 888832]
    Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-6-27 77824]
    Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-6-27 102400]
    Windows Live Mesh.lnk - c:\program files\Windows Live\Mesh\WLSync.exe [2011-5-13 1449312]
    Wuala.lnk - c:\users\Cheung\AppData\Roaming\Wuala\Wuala.exe [2012-2-27 451504]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
    backup=c:\windows\pss\Orbit.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Cheung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Cheung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
    path=c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
    backup=c:\windows\pss\RocketDock.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2012-04-11 09:543672384----a-w-c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-08-18 17:07421736----a-w-c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
    2011-05-20 08:56724536----a-w-c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 05:58495616----a-w-c:\program files\RocketDock\RocketDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync]
    2012-03-19 20:329413712----a-w-c:\program files\SugarSync\SugarSyncManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-07-22 06:2839408----a-w-c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-11-30 00:43296056----a-w-c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZuneLyricsHelper]
    2009-09-06 03:1961952----a-w-c:\program files\Zune Addons\Zune Lyrics\ZuneNowPlaying.exe
     
  21. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    .
    R1 algpxihc;algpxihc;c:\windows\system32\drivers\algpxihc.sys [x]
    R1 anfrxscr;anfrxscr;c:\windows\system32\drivers\anfrxscr.sys [x]
    R1 anrxzaes;anrxzaes;c:\windows\system32\drivers\anrxzaes.sys [x]
    R1 bcykqxnd;bcykqxnd;c:\windows\system32\drivers\bcykqxnd.sys [x]
    R1 bfeazglf;bfeazglf;c:\windows\system32\drivers\bfeazglf.sys [x]
    R1 bizvasmp;bizvasmp;c:\windows\system32\drivers\bizvasmp.sys [x]
    R1 bkasepal;bkasepal;c:\windows\system32\drivers\bkasepal.sys [x]
    R1 bynjmlee;bynjmlee;c:\windows\system32\drivers\bynjmlee.sys [x]
    R1 cleqxnfr;cleqxnfr;c:\windows\system32\drivers\cleqxnfr.sys [x]
    R1 clrpisck;clrpisck;c:\windows\system32\drivers\clrpisck.sys [x]
    R1 cmfxxesp;cmfxxesp;c:\windows\system32\drivers\cmfxxesp.sys [x]
    R1 cnbqyxod;cnbqyxod;c:\windows\system32\drivers\cnbqyxod.sys [x]
    R1 cnivisli;cnivisli;c:\windows\system32\drivers\cnivisli.sys [x]
    R1 cqumwyqr;cqumwyqr;c:\windows\system32\drivers\cqumwyqr.sys [x]
    R1 crlwsgkt;crlwsgkt;c:\windows\system32\drivers\crlwsgkt.sys [x]
    R1 crogquxg;crogquxg;c:\windows\system32\drivers\crogquxg.sys [x]
    R1 cvoosfih;cvoosfih;c:\windows\system32\drivers\cvoosfih.sys [x]
    R1 dfjlravi;dfjlravi;c:\windows\system32\drivers\dfjlravi.sys [x]
    R1 dgxwxhoi;dgxwxhoi;c:\windows\system32\drivers\dgxwxhoi.sys [x]
    R1 doavittn;doavittn;c:\windows\system32\drivers\doavittn.sys [x]
    R1 dobsrzzr;dobsrzzr;c:\windows\system32\drivers\dobsrzzr.sys [x]
    R1 echtgppb;echtgppb;c:\windows\system32\drivers\echtgppb.sys [x]
    R1 efctuwcc;efctuwcc;c:\windows\system32\drivers\efctuwcc.sys [x]
    R1 ejswrmjj;ejswrmjj;c:\windows\system32\drivers\ejswrmjj.sys [x]
    R1 eudmlcgx;eudmlcgx;c:\windows\system32\drivers\eudmlcgx.sys [x]
    R1 feskqxkv;feskqxkv;c:\windows\system32\drivers\feskqxkv.sys [x]
    R1 fvemleed;fvemleed;c:\windows\system32\drivers\fvemleed.sys [x]
    R1 fyqgcqyx;fyqgcqyx;c:\windows\system32\drivers\fyqgcqyx.sys [x]
    R1 gaiyrthq;gaiyrthq;c:\windows\system32\drivers\gaiyrthq.sys [x]
    R1 gimxcwch;gimxcwch;c:\windows\system32\drivers\gimxcwch.sys [x]
    R1 glewgrop;glewgrop;c:\windows\system32\drivers\glewgrop.sys [x]
    R1 gmwhdabk;gmwhdabk;c:\windows\system32\drivers\gmwhdabk.sys [x]
    R1 gyzsnjch;gyzsnjch;c:\windows\system32\drivers\gyzsnjch.sys [x]
    R1 hbxpeivb;hbxpeivb;c:\windows\system32\drivers\hbxpeivb.sys [x]
    R1 hcaktcpj;hcaktcpj;c:\windows\system32\drivers\hcaktcpj.sys [x]
    R1 hspvpogo;hspvpogo;c:\windows\system32\drivers\hspvpogo.sys [x]
    R1 iiiribdp;iiiribdp;c:\windows\system32\drivers\iiiribdp.sys [x]
    R1 inzhyahc;inzhyahc;c:\windows\system32\drivers\inzhyahc.sys [x]
    R1 iqbjmgih;iqbjmgih;c:\windows\system32\drivers\iqbjmgih.sys [x]
    R1 irqarmaw;irqarmaw;c:\windows\system32\drivers\irqarmaw.sys [x]
    R1 irubozzj;irubozzj;c:\windows\system32\drivers\irubozzj.sys [x]
    R1 jgubkche;jgubkche;c:\windows\system32\drivers\jgubkche.sys [x]
    R1 jjxcyfpq;jjxcyfpq;c:\windows\system32\drivers\jjxcyfpq.sys [x]
    R1 jnlvhsra;jnlvhsra;c:\windows\system32\drivers\jnlvhsra.sys [x]
    R1 kdcouwvd;kdcouwvd;c:\windows\system32\drivers\kdcouwvd.sys [x]
    R1 kiosgusv;kiosgusv;c:\windows\system32\drivers\kiosgusv.sys [x]
    R1 ldkoqbcv;ldkoqbcv;c:\windows\system32\drivers\ldkoqbcv.sys [x]
    R1 lhhjelll;lhhjelll;c:\windows\system32\drivers\lhhjelll.sys [x]
    R1 lkqtjhjr;lkqtjhjr;c:\windows\system32\drivers\lkqtjhjr.sys [x]
    R1 lqotftju;lqotftju;c:\windows\system32\drivers\lqotftju.sys [x]
    R1 mcaayfmg;mcaayfmg;c:\windows\system32\drivers\mcaayfmg.sys [x]
    R1 mjjbyqgs;mjjbyqgs;c:\windows\system32\drivers\mjjbyqgs.sys [x]
    R1 mjzygdsh;mjzygdsh;c:\windows\system32\drivers\mjzygdsh.sys [x]
    R1 myhxbxgn;myhxbxgn;c:\windows\system32\drivers\myhxbxgn.sys [x]
    R1 mzmslejl;mzmslejl;c:\windows\system32\drivers\mzmslejl.sys [x]
    R1 ndjpqrgg;ndjpqrgg;c:\windows\system32\drivers\ndjpqrgg.sys [x]
    R1 ndxkqvho;ndxkqvho;c:\windows\system32\drivers\ndxkqvho.sys [x]
    R1 nghkpaca;nghkpaca;c:\windows\system32\drivers\nghkpaca.sys [x]
    R1 nglygumz;nglygumz;c:\windows\system32\drivers\nglygumz.sys [x]
    R1 nmlxqhad;nmlxqhad;c:\windows\system32\drivers\nmlxqhad.sys [x]
    R1 odrjidqo;odrjidqo;c:\windows\system32\drivers\odrjidqo.sys [x]
    R1 oentpmve;oentpmve;c:\windows\system32\drivers\oentpmve.sys [x]
    R1 ohtgvpls;ohtgvpls;c:\windows\system32\drivers\ohtgvpls.sys [x]
    R1 ojvnitvc;ojvnitvc;c:\windows\system32\drivers\ojvnitvc.sys [x]
    R1 omnfwvux;omnfwvux;c:\windows\system32\drivers\omnfwvux.sys [x]
    R1 oostygzp;oostygzp;c:\windows\system32\drivers\oostygzp.sys [x]
    R1 osbtqxyg;osbtqxyg;c:\windows\system32\drivers\osbtqxyg.sys [x]
    R1 oxmyyngw;oxmyyngw;c:\windows\system32\drivers\oxmyyngw.sys [x]
    R1 oyqbyjxp;oyqbyjxp;c:\windows\system32\drivers\oyqbyjxp.sys [x]
    R1 prhcxhri;prhcxhri;c:\windows\system32\drivers\prhcxhri.sys [x]
    R1 pugrpfks;pugrpfks;c:\windows\system32\drivers\pugrpfks.sys [x]
    R1 pxctjdxj;pxctjdxj;c:\windows\system32\drivers\pxctjdxj.sys [x]
    R1 qdyrljwa;qdyrljwa;c:\windows\system32\drivers\qdyrljwa.sys [x]
    R1 qhyymwib;qhyymwib;c:\windows\system32\drivers\qhyymwib.sys [x]
    R1 qmhwivaz;qmhwivaz;c:\windows\system32\drivers\qmhwivaz.sys [x]
    R1 rpkkgjox;rpkkgjox;c:\windows\system32\drivers\rpkkgjox.sys [x]
    R1 rtvimyen;rtvimyen;c:\windows\system32\drivers\rtvimyen.sys [x]
    R1 ruvxtwxa;ruvxtwxa;c:\windows\system32\drivers\ruvxtwxa.sys [x]
    R1 rwtlydmu;rwtlydmu;c:\windows\system32\drivers\rwtlydmu.sys [x]
    R1 rzgttibq;rzgttibq;c:\windows\system32\drivers\rzgttibq.sys [x]
    R1 spzwunjo;spzwunjo;c:\windows\system32\drivers\spzwunjo.sys [x]
    R1 srkqcgyr;srkqcgyr;c:\windows\system32\drivers\srkqcgyr.sys [x]
    R1 tgvfsljd;tgvfsljd;c:\windows\system32\drivers\tgvfsljd.sys [x]
    R1 tmyeytbk;tmyeytbk;c:\windows\system32\drivers\tmyeytbk.sys [x]
    R1 tpiwwocw;tpiwwocw;c:\windows\system32\drivers\tpiwwocw.sys [x]
    R1 ujpmglgd;ujpmglgd;c:\windows\system32\drivers\ujpmglgd.sys [x]
    R1 uqgovcpe;uqgovcpe;c:\windows\system32\drivers\uqgovcpe.sys [x]
    R1 uvyxiehq;uvyxiehq;c:\windows\system32\drivers\uvyxiehq.sys [x]
    R1 uywyvisi;uywyvisi;c:\windows\system32\drivers\uywyvisi.sys [x]
    R1 vmskvhis;vmskvhis;c:\windows\system32\drivers\vmskvhis.sys [x]
    R1 wayrjbij;wayrjbij;c:\windows\system32\drivers\wayrjbij.sys [x]
    R1 wiqcqshl;wiqcqshl;c:\windows\system32\drivers\wiqcqshl.sys [x]
    R1 wlryfvmn;wlryfvmn;c:\windows\system32\drivers\wlryfvmn.sys [x]
    R1 wluefyoa;wluefyoa;c:\windows\system32\drivers\wluefyoa.sys [x]
    R1 wolwliit;wolwliit;c:\windows\system32\drivers\wolwliit.sys [x]
    R1 wvsyfnkj;wvsyfnkj;c:\windows\system32\drivers\wvsyfnkj.sys [x]
    R1 xaaszano;xaaszano;c:\windows\system32\drivers\xaaszano.sys [x]
    R1 xcnkzzti;xcnkzzti;c:\windows\system32\drivers\xcnkzzti.sys [x]
    R1 xjnzyttd;xjnzyttd;c:\windows\system32\drivers\xjnzyttd.sys [x]
    R1 yaoqwpdl;yaoqwpdl;c:\windows\system32\drivers\yaoqwpdl.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
    R2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 252576]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-12 49152]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 20864]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 8448]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 23808]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11008]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune1\WMZuneComm.exe [2011-08-05 268512]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2011-01-06 13440]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
    S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-16 146904]
    S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-12-02 296336]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-17 242240]
    S1 ISODisk;ISODisk; [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 101720]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]
    S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
    S2 IDSyncService;IDSyncService;c:\idsync\IDSyncService.exe [2011-06-09 144856]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 MegacloudVSSService;Megacloud VSS Service;c:\program files\Megacloud\VSSService.exe [2012-03-16 157920]
    S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
    S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 74968]
    S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
    S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-29 464224]
    S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-29 189792]
    S2 wrapper;theSkyNet;c:\program files\theSkyNet\wrapper-windows-x86-32.exe [2011-05-25 431896]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 45288]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
    S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [2010-08-11 18288]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
    S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [2010-08-11 70512]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    AkamaiREG_MULTI_SZ Akamai
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    NETSVCS REQUIRES REPAIRS - current entries shown
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Ias
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Wmi
    WmdmPmSp
    btkrnl
    ADSMService
    viaagp1
    pcx1nd5
    dmboot
    LC7981
    DCamUSBMke
    alcan5wn
    Bcim
    swupdtmr
    SGHIDI
    DcCam
    pcctlcom
    sis162u
    ANC
    logonsvcid
    ftdisk
    usnsvc
    bdss
    icraplus
    F700ius
    zebrceb
    pxfhbus
    s125mdfl
    RDID1007
    SetupSys
    symappcore
    iastor
    btnetfilter
    paamsrv
    vsdatant
    LRMINIPORT
    procexp100
    FA312
    zpcollector
    W700mdfl
    tsdhd
    nvedavt
    p2k
    ctxcpuusync
    SGIR
    atierecord
    unrealircd
    nwlnkipx
    se59unic
    servidor
    ctdvda2k
    ndassvc
    application
    CTERFXFX.DLL
    dlaifs_m
    autocomplete
    AlKernel
    msftesql
    SbcpHid
    cicsclient
    vcommmgr
    avhook
    AcronisOSSReinstallSvc
    SymIM
    contentfilter
    swmidi
    ELmou
    ZY202_XP
    niorbk
    adobeversioncue
    dot4scan
    iviaspi
    hcwPVRP2
    sprtsvc_dellsupportcenter
    wmccds
    nvcap
    MSSQL$AUTODESKVAULT
    cisvc
    ccevtmgr
    tm_cfw
    dlacdbhm
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    wercplsupport
    EapHost
    ProfSvc
    schedule
    hkmsvc
    SessionEnv
    winmgmt
    browser
    Themes
    BDESVC
    AppMgmt
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 12:43]
    .
    2012-04-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-07-22 11:01]
    .
    2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 05:40]
    .
    2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 05:40]
    .
    2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001Core.job
    - c:\users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:17]
    .
    2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001UA.job
    - c:\users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.dreamerz.biz/home.htm
    uInternet Settings,ProxyOverride = *.local;192.168.*.*;127.0.0.1:9421;<local>
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Add to Evernote 4 - c:\portable apps\PortableApps\EvernotePortable\App\Evernote\EvernoteIE.dll/204
    IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Linked&In Search - c:\program files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll/ContextMenu.htm
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{8B75A3DC-33D2-42E6-9440-7A1BECF6D031}: DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{BB33D5F5-D7EF-41F9-A0C1-0A3064D53BD4}: NameServer = 208.67.222.222,208.67.220.220
    DPF: {1FAEED48-6C46-4AE6-9686-499858131F2E} - hxxps://www.primadesk.com/primadesk/plugin/npPrimaDeskPlugin.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-30810291.sys
    MSConfigStartUp-TrayServer - c:\program files\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version1\TrayServer_en.exe
    MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
    AddRemove-DealScout - c:\program files\DealScout\uninstall.exe
    AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
    AddRemove-blinkx beat - c:\program files\Blinkx\templates\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4196)
    c:\program files\Tuso\Fiabee Sync\LIBEAY32.dll
    c:\program files\Tuso\Fiabee Sync\SSLEAY32.dll
    c:\program files\Tuso\Fiabee Sync\iconv.dll
    c:\program files\OpenDrive\OpenDrive.dll
    c:\program files\OpenDrive\libssh2.dll
    c:\program files\OpenDrive\zlibwapi.dll
    c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    c:\windows\system32\CbFsMntNtf3.dll
    c:\idsync\IDSyncIcon.dll
    c:\program files\Megacloud\LivedriveExtensions.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
    c:\windows\system32\CbFsNetRdr3.dll
    .
    Completion time: 2012-04-18 12:33:03
    ComboFix-quarantined-files.txt 2012-04-18 04:33
    .
    Pre-Run: 129,162,366,976 bytes free
    Post-Run: 128,882,073,600 bytes free
    .
    - - End Of File - - E6A997BE16D39885B3D1CFF6406694A3
     
  22. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Since running combofix, when i try to open ie it comes with error:

    C:\Program Files\Internet Explorer\iexplore.exe

    Illegal operation attempted on a registry key that has been marked for deletion.

    I have had to use Chrome to post this. (Was already installed).
     
  23. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    btw I had to rerun Combofix (a number of times as the PC hung twice).
     
  24. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    After the error it come up with the following option:

    [Window Title]
    Windows

    [Main Instruction]
    Can't open this item

    [Content]
    It might have been moved, renamed, or deleted. Do you want to remove this item?

    [Yes] [No]
     
  25. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Explorer is getting the same error as IE. Actually any program that is in the registry is getting the error. (Chrome I am using is a Portable Version). Scared to reboot!!!
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.