Inactive Suspected keylogger

drewaarom

drewaarom

Posts: 43   +0
A few days ago a delay started between when I type a key on the keyboard and when it is displayed on the screen. It lags, and then it catches up. The same behavior occurs using both a wireless and wired keyboard; and no, filter keys are not on, and no other keyboard accessibility function is enabled.

I have also had a recurring infection with something called "bettersurf."

Could someone please help me scan my computer and eradicate any infestations?

It's pretty old:

WinXp Ver 2002, SP3, all available updates installed
Pentium CPU, 2.8 GHz
3GM RAM

Firefox is my main browser, though I use Chrome sometimes, too.

I've run all the standard malware programs recommended here and elsewhere, and the problem - even at this very moment - persists. It's very annoying and troubling. In all my 20 years using computers I've never come across anything quite like it.

Help!

Thanks.

Drew
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.04.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ab :: SPACECASE [administrator]

2/3/2014 7:52:22 PM
mbam-log-2014-02-03 (19-52-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222227
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by ab at 20:26:21 on 2014-02-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.819 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PLANET\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PLANET\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\ab\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\PLANET\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAHelper.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Google Update] "c:\documents and settings\ab\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Plex Media Server] "c:\program files\plex\plex media server\Plex Media Server.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CDAServer] c:\program files\common files\common desktop agent\CDASrv.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\ab\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ab\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\planet\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\planet\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\planet\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353187210218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: Interfaces\{9339AF5B-E908-4F9B-988C-8FC3DF3C2FB4} : NameServer = 209.18.47.61,209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ab\application data\mozilla\firefox\profiles\cyr4tuop.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\ab\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2013-12-20 10:25; ext@WebexpEnhancedV1alpha710.net; c:\program files\webexpenhancedv1\webexpenhancedv1alpha710\ff
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 214696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2012-11-30 181760]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-1-10 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-1-10 1042272]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2012-2-15 5120]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-3 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-1-10 171416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-02-04 00:51:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-03 02:01:53 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{edb52725-524c-4cec-919a-ee0795356efc}\mpengine.dll
2014-02-02 07:05:06 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-29 06:14:00 -------- d-----w- c:\program files\iPod
2014-01-29 06:13:55 -------- d-----w- c:\program files\iTunes
2014-01-29 06:13:55 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-19 20:28:01 877480 ----a-w- c:\windows\system32\npdeployJava1.dll
2014-01-19 20:28:01 800168 ----a-w- c:\windows\system32\deployJava1.dll
2014-01-19 20:24:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-18 23:26:01 -------- d-----w- c:\windows\system32\appmgmt
2014-01-10 23:15:26 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-01-10 23:15:10 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2014-01-10 23:14:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-01-10 08:24:18 -------- d-sh--w- c:\documents and settings\ab\IECompatCache
2014-01-10 07:56:52 -------- d-----w- C:\AdwCleaner
2014-01-10 07:49:55 -------- d-----w- c:\documents and settings\ab\application data\SUPERAntiSpyware.com
2014-01-10 07:49:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-01-10 07:49:28 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-01-10 07:47:11 -------- d-----w- c:\documents and settings\ab\application data\Malwarebytes
2014-01-10 07:46:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-01-10 07:46:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-10 07:46:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-10 06:25:03 -------- d-----w- c:\program files\VideoPlayerV3
.
==================== Find3M ====================
.
2014-01-29 06:25:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-29 06:25:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-19 01:46:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
2012-10-06 00:54:00 188416 --sha-r- c:\windows\system32\winDCE32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDS723020BLA642 rev.MN6OA800 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-22
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Harddisk0\DR0[0x8A4D9AB8]
3 CLASSPNP[0xB8118FD7] -> ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Ide\IdeDeviceP1T0L0-17[0x8A501B00]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 20:27:18.90 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2012 11:43:18 PM
System Uptime: 2/1/2014 8:47:43 PM (48 hours ago)
.
Motherboard: Dell Inc. | | 0X8582
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 19.556 GiB free.
D: is FIXED (NTFS) - 1803 GiB total, 961.864 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 5.926 GiB free.
F: is FIXED (NTFS) - 1853 GiB total, 1118.151 GiB free.
Y: is CDROM ()
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP748: 12/17/2013 10:19:19 PM - Software Distribution Service 3.0
RP749: 12/18/2013 10:21:45 PM - System Checkpoint
RP750: 12/19/2013 10:00:58 AM - Software Distribution Service 3.0
RP751: 12/20/2013 5:05:22 PM - Software Distribution Service 3.0
RP752: 12/21/2013 9:25:42 PM - Software Distribution Service 3.0
RP753: 12/22/2013 1:41:14 AM - Software Distribution Service 3.0
RP754: 12/29/2013 10:22:02 PM - Software Distribution Service 3.0
RP755: 12/30/2013 10:24:17 PM - Software Distribution Service 3.0
RP756: 1/1/2014 1:13:07 AM - System Checkpoint
RP757: 1/1/2014 10:20:11 AM - Software Distribution Service 3.0
RP758: 1/2/2014 9:06:58 PM - Software Distribution Service 3.0
RP759: 1/3/2014 10:53:59 PM - System Checkpoint
RP760: 1/4/2014 1:52:14 AM - Software Distribution Service 3.0
RP761: 1/5/2014 1:52:23 AM - Software Distribution Service 3.0
RP762: 1/6/2014 1:52:37 AM - Software Distribution Service 3.0
RP763: 1/7/2014 8:20:32 AM - System Checkpoint
RP764: 1/7/2014 10:42:16 PM - Software Distribution Service 3.0
RP765: 1/8/2014 10:49:11 PM - Software Distribution Service 3.0
RP766: 1/10/2014 1:32:09 AM - System Checkpoint
RP767: 1/10/2014 1:51:17 AM - Software Distribution Service 3.0
RP768: 1/11/2014 1:49:50 PM - Software Distribution Service 3.0
RP769: 1/12/2014 2:33:07 AM - Software Distribution Service 3.0
RP770: 1/13/2014 9:38:57 PM - Software Distribution Service 3.0
RP771: 1/14/2014 10:16:53 AM - Software Distribution Service 3.0
RP772: 1/14/2014 9:52:04 PM - Software Distribution Service 3.0
RP773: 1/15/2014 11:29:00 AM - Software Distribution Service 3.0
RP774: 1/16/2014 9:30:01 PM - Software Distribution Service 3.0
RP775: 1/17/2014 10:39:25 PM - Software Distribution Service 3.0
RP776: 1/18/2014 6:25:35 PM - Removed Microsoft Silverlight
RP777: 1/18/2014 11:17:26 PM - Software Distribution Service 3.0
RP778: 1/19/2014 3:24:14 PM - Installed Java 7 Update 51
RP779: 1/20/2014 2:17:01 AM - Software Distribution Service 3.0
RP780: 1/21/2014 6:25:01 PM - Software Distribution Service 3.0
RP781: 1/22/2014 9:29:46 PM - System Checkpoint
RP782: 1/22/2014 9:34:27 PM - Software Distribution Service 3.0
RP783: 1/23/2014 10:29:17 PM - Software Distribution Service 3.0
RP784: 1/24/2014 10:50:36 PM - System Checkpoint
RP785: 1/25/2014 2:13:55 AM - Software Distribution Service 3.0
RP786: 1/26/2014 1:58:20 AM - Software Distribution Service 3.0
RP787: 1/27/2014 2:13:56 AM - Software Distribution Service 3.0
RP788: 1/28/2014 9:23:55 PM - Software Distribution Service 3.0
RP789: 1/29/2014 9:37:16 PM - Software Distribution Service 3.0
RP790: 1/30/2014 9:53:11 PM - Software Distribution Service 3.0
RP791: 1/31/2014 10:47:18 PM - System Checkpoint
RP792: 2/1/2014 4:00:44 AM - Software Distribution Service 3.0
RP793: 2/2/2014 2:05:00 AM - Software Distribution Service 3.0
RP794: 2/2/2014 9:01:49 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.20
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.9)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0
Bonjour
Calculator Powertoy for Windows XP
Canon Camera Access Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot A1100 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Class_50_Content_Update
ClearType Tuning Control Panel Applet
Common Desktop Agent
Compatibility Pack for the 2007 Office system
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
Dropbox
Email Address Collector v3.2
Get Yahoo! Messenger
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Software v9.2.4.11
Intel(R) PROSafe for Wired Connections
iTunes
Java 7 Update 51
Java Auto Updater
JavaFX 2.1.1
JDiskReport 1.4.0
Lexmark Software Uninstall
LG United Mobile Driver
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Train Simulator
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.6 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Newroads V3.2
NVIDIA Control Panel 301.42
NVIDIA Install Application
PDF Settings
PLANET Bluetooth Software
Plex
Plex Media Server
QuickTime
Samsung Easy Document Creator
Samsung Easy Printer Manager
Samsung Network PC Fax
Samsung Scan Process Machine
Samsung SCX-472x Series
SD40-2_Content_Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Skype™ 6.11
SNS Upload for Easy Document Creator
Spybot - Search & Destroy
SUPER © +Recorder.2013.55 (Mar 7, 2013) version +Recorder.2013.
SUPERAntiSpyware
TechPowerUp GPU-Z
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VLC media player 2.1.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
2/2/2014 6:04:38 AM, error: VolSnap [20] - The shadow copy of volume D: was aborted because of a failed free space computation.
2/1/2014 8:48:17 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/29/2014 1:21:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
1/29/2014 1:21:38 AM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
21:40:22.0250 0x2cdc TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
21:40:28.0312 0x2cdc ============================================================
21:40:28.0312 0x2cdc Current date / time: 2014/02/03 21:40:28.0312
21:40:28.0312 0x2cdc SystemInfo:
21:40:28.0312 0x2cdc
21:40:28.0312 0x2cdc OS Version: 5.1.2600 ServicePack: 3.0
21:40:28.0312 0x2cdc Product type: Workstation
21:40:28.0312 0x2cdc ComputerName: SPACECASE
21:40:28.0312 0x2cdc UserName: ab
21:40:28.0312 0x2cdc Windows directory: C:\WINDOWS
21:40:28.0312 0x2cdc System windows directory: C:\WINDOWS
21:40:28.0312 0x2cdc Processor architecture: Intel x86
21:40:28.0312 0x2cdc Number of processors: 2
21:40:28.0312 0x2cdc Page size: 0x1000
21:40:28.0312 0x2cdc Boot type: Normal boot
21:40:28.0312 0x2cdc ============================================================
21:40:31.0109 0x2cdc KLMD registered as C:\WINDOWS\system32\drivers\15702661.sys
21:40:31.0515 0x2cdc System UUID: {3B0B9993-214A-51B6-D814-63B585F8206B}
21:40:32.0828 0x2cdc Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:40:32.0828 0x2cdc Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:40:32.0828 0x2cdc ============================================================
21:40:32.0828 0x2cdc \Device\Harddisk0\DR0:
21:40:32.0828 0x2cdc MBR partitions:
21:40:32.0828 0x2cdc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7801F1A
21:40:32.0828 0x2cdc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7801F59, BlocksNum 0xE1605568
21:40:32.0828 0x2cdc \Device\Harddisk1\DR1:
21:40:32.0828 0x2cdc MBR partitions:
21:40:32.0828 0x2cdc \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x13FE59A
21:40:32.0828 0x2cdc \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x13FE5D9, BlocksNum 0xE7A08EE8
21:40:32.0828 0x2cdc ============================================================
21:40:32.0843 0x2cdc C: <-> \Device\Harddisk0\DR0\Partition1
21:40:32.0875 0x2cdc D: <-> \Device\Harddisk0\DR0\Partition2
21:40:32.0890 0x2cdc E: <-> \Device\Harddisk1\DR1\Partition1
21:40:32.0937 0x2cdc F: <-> \Device\Harddisk1\DR1\Partition2
21:40:32.0937 0x2cdc ============================================================
21:40:32.0937 0x2cdc Initialize success
21:40:32.0937 0x2cdc ============================================================
21:40:42.0031 0x448c ============================================================
21:40:42.0031 0x448c Scan started
21:40:42.0031 0x448c Mode: Manual;
21:40:42.0031 0x448c ============================================================
21:40:42.0031 0x448c KSN ping started
21:40:44.0625 0x448c KSN ping finished: true
21:40:45.0093 0x448c ================ Scan system memory ========================
21:40:45.0109 0x448c System memory - ok
21:40:45.0109 0x448c ================ Scan services =============================
21:40:45.0156 0x448c [ 51F207D5A9E7B2E76BEE59C05CCC23C4, BE78957DD197777D899FAFBBE71E2FDB5DB9AC6AC4F1595A562FD362429BED6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:40:45.0156 0x448c !SASCORE - ok
21:40:45.0328 0x448c Abiosdsk - ok
21:40:45.0343 0x448c abp480n5 - ok
21:40:45.0375 0x448c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:40:45.0375 0x448c ACPI - ok
21:40:45.0406 0x448c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:40:45.0406 0x448c ACPIEC - ok
21:40:45.0437 0x448c [ 6D182C31ACF16213407F2768F1107FE3, 92B602152AB9F93A7AC510A01AEF714ED8EE30C9306E3D44BECEE10EC3464184 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:40:45.0437 0x448c Adobe LM Service - ok
21:40:45.0484 0x448c [ 14C23516C990DCD6052152CF034DDE40, 1EC8AAD6AA6D68A17A9D04AECDB716BD0DD4BFF93641BD96D01855AF1232A5FB ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
21:40:45.0484 0x448c Adobe Version Cue CS3 - ok
21:40:45.0531 0x448c [ 8D268693A6DCE3D7319DF14834841BAF, 229C95FE2E6A692EBC2842823A1C7D438F8DF18F44691BD7AFE79DB76F092F9D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:40:45.0546 0x448c AdobeFlashPlayerUpdateSvc - ok
21:40:45.0546 0x448c adpu160m - ok
21:40:45.0578 0x448c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:40:45.0578 0x448c aec - ok
21:40:45.0609 0x448c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:40:45.0609 0x448c AFD - ok
21:40:45.0625 0x448c Aha154x - ok
21:40:45.0625 0x448c aic78u2 - ok
21:40:45.0640 0x448c aic78xx - ok
21:40:45.0671 0x448c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:40:45.0671 0x448c Alerter - ok
21:40:45.0687 0x448c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
21:40:45.0687 0x448c ALG - ok
21:40:45.0703 0x448c AliIde - ok
21:40:45.0718 0x448c amsint - ok
21:40:45.0750 0x448c [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:40:45.0750 0x448c Apple Mobile Device - ok
21:40:45.0781 0x448c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:40:45.0781 0x448c AppMgmt - ok
21:40:45.0796 0x448c [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:40:45.0796 0x448c Arp1394 - ok
21:40:45.0796 0x448c asc - ok
21:40:45.0812 0x448c asc3350p - ok
21:40:45.0812 0x448c asc3550 - ok
21:40:45.0890 0x448c [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:40:45.0890 0x448c aspnet_state - ok
21:40:45.0921 0x448c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:40:45.0921 0x448c AsyncMac - ok
21:40:45.0953 0x448c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:40:45.0953 0x448c atapi - ok
21:40:45.0953 0x448c Atdisk - ok
21:40:45.0984 0x448c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:40:45.0984 0x448c Atmarpc - ok
21:40:46.0000 0x448c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:40:46.0000 0x448c AudioSrv - ok
21:40:46.0031 0x448c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:40:46.0031 0x448c audstub - ok
21:40:46.0062 0x448c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:40:46.0062 0x448c Beep - ok
21:40:46.0093 0x448c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
21:40:46.0109 0x448c BITS - ok
21:40:46.0140 0x448c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:40:46.0156 0x448c Bonjour Service - ok
21:40:46.0187 0x448c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
21:40:46.0203 0x448c Browser - ok
21:40:46.0234 0x448c [ 42EBCE48178CE5D0998EB1CA62DB1E9B, 094B8C92F0D340201A8C1A73E75713A89AF0880C090896ED95B6D73F3D90A554 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
21:40:46.0234 0x448c btaudio - ok
21:40:46.0265 0x448c [ 39309739BADD058C8F4B845D9A3C58D2, 62640565ACE89EAA022A6742DB3D18F8C5B191A6EFEB80838070D452527401BA ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
21:40:46.0265 0x448c BTDriver - ok
21:40:46.0296 0x448c [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:40:46.0296 0x448c BthEnum - ok
21:40:46.0328 0x448c [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:40:46.0328 0x448c BthPan - ok
21:40:46.0359 0x448c [ 662BFD909447DD9CC15B1A1C366583B4, 2E012304336769C24A6EFB4D975BA3F21289827A5EB4C9A8216E941344348447 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
21:40:46.0375 0x448c BTHPORT - ok
21:40:46.0406 0x448c [ F4C43C66471B87996D95DB7A3A664A37, C7324DBF75376578EC254FD64E2564FEF9A35B58DFE1095389F769F37EA68B21 ] BthServ C:\WINDOWS\System32\bthserv.dll
21:40:46.0406 0x448c BthServ - ok
21:40:46.0421 0x448c [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:40:46.0421 0x448c BTHUSB - ok
21:40:46.0484 0x448c [ C9253AB5F6611FA2CA5C914D0FE384C5, 6E1C74880FF617CDEEFDAA661024E4C8D167EB0CA1C19C5981156F071AFB0B74 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:40:46.0515 0x448c BTKRNL - ok
21:40:46.0546 0x448c [ 34B0AAC30DC8C9CD5A49D37C8D56A8B6, ACEBB951FAAE5BFA0D30B44D5EF2B4F6A3C6A11D71F7FD35F4AFA9685B2A0F78 ] BTSERIAL C:\WINDOWS\system32\drivers\btserial.sys
21:40:46.0562 0x448c BTSERIAL - ok
21:40:46.0578 0x448c [ F341D88A02F22842FDCBF57CFF04A6E3, 110B214CB7A61660D846881877D1C73FB06633AD72B243C88AB701571A2E76F7 ] BTSLBCSP C:\WINDOWS\system32\drivers\btslbcsp.sys
21:40:46.0578 0x448c BTSLBCSP - ok
21:40:46.0593 0x448c [ A1E2ED3E0640999DE683367A4F716F61, 6388AF50A0587240BCFC2BED7771855BBE3E80AA9F21BA1F3B2D0E2D75DCA76A ] btwdins C:\Program Files\PLANET\Bluetooth Software\bin\btwdins.exe
21:40:46.0609 0x448c btwdins - ok
21:40:46.0625 0x448c [ 9A794455B18D815DB25D991452D4266A, FD12031A70299DE2FCDC7D9310824CD9A3CB7FDC8BB2A180BC961BDEF41D5459 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
21:40:46.0625 0x448c BTWDNDIS - ok
21:40:46.0640 0x448c [ 843E656DB562FFFF197AFAF98042FACA, B522A873F0EBE632436B024EFAE7C573BB9F033E1BAD89D5F9E7B5411CA6AEFA ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
21:40:46.0640 0x448c BTWUSB - ok
21:40:46.0656 0x448c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:40:46.0656 0x448c cbidf2k - ok
21:40:46.0703 0x448c [ 8EF654045E518AC00E52E7A1E2D3AD70, C267AAB7CA9C6D1DD49043DE13211E25157AADECC8D302712BBBD6EB6F530ED9 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
21:40:46.0703 0x448c CCALib8 - ok
21:40:46.0734 0x448c [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:40:46.0734 0x448c CCDECODE - ok
21:40:46.0734 0x448c cd20xrnt - ok
21:40:46.0750 0x448c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:40:46.0750 0x448c Cdaudio - ok
21:40:46.0765 0x448c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:40:46.0765 0x448c Cdfs - ok
21:40:46.0781 0x448c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:40:46.0781 0x448c Cdrom - ok
21:40:46.0796 0x448c Changer - ok
21:40:46.0812 0x448c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:40:46.0828 0x448c CiSvc - ok
21:40:46.0828 0x448c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:40:46.0843 0x448c ClipSrv - ok
21:40:46.0859 0x448c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:46.0859 0x448c clr_optimization_v2.0.50727_32 - ok
21:40:46.0890 0x448c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:40:46.0890 0x448c clr_optimization_v4.0.30319_32 - ok
21:40:46.0906 0x448c CmdIde - ok
21:40:46.0921 0x448c COMSysApp - ok
21:40:46.0937 0x448c Cpqarray - ok
21:40:46.0953 0x448c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:40:46.0953 0x448c CryptSvc - ok
21:40:46.0968 0x448c dac2w2k - ok
21:40:46.0968 0x448c dac960nt - ok
21:40:47.0015 0x448c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:40:47.0015 0x448c DcomLaunch - ok
21:40:47.0046 0x448c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:40:47.0062 0x448c Dhcp - ok
21:40:47.0062 0x448c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:40:47.0062 0x448c Disk - ok
21:40:47.0078 0x448c dmadmin - ok
21:40:47.0125 0x448c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:40:47.0140 0x448c dmboot - ok
21:40:47.0156 0x448c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:40:47.0156 0x448c dmio - ok
21:40:47.0171 0x448c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:40:47.0171 0x448c dmload - ok
21:40:47.0187 0x448c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
21:40:47.0203 0x448c dmserver - ok
21:40:47.0234 0x448c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:40:47.0234 0x448c DMusic - ok
21:40:47.0265 0x448c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:40:47.0265 0x448c Dnscache - ok
21:40:47.0296 0x448c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:40:47.0296 0x448c Dot3svc - ok
21:40:47.0312 0x448c dpti2o - ok
21:40:47.0328 0x448c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:40:47.0328 0x448c drmkaud - ok
21:40:47.0343 0x448c [ 95974E66D3DE4951D29E28E8BC0B644C, 5737A2FB4D95AAB61A50E25CC570D78FC91C1A7B02754211B1B57DC4209A7D58 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:40:47.0343 0x448c E100B - ok
21:40:47.0375 0x448c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:40:47.0375 0x448c EapHost - ok
21:40:47.0390 0x448c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:40:47.0390 0x448c ERSvc - ok
21:40:47.0406 0x448c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
21:40:47.0406 0x448c Eventlog - ok
21:40:47.0453 0x448c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
21:40:47.0453 0x448c EventSystem - ok
21:40:47.0484 0x448c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:40:47.0484 0x448c Fastfat - ok
21:40:47.0500 0x448c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:40:47.0515 0x448c FastUserSwitchingCompatibility - ok
21:40:47.0531 0x448c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:40:47.0531 0x448c Fdc - ok
21:40:47.0531 0x448c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:40:47.0531 0x448c Fips - ok
21:40:47.0593 0x448c [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:40:47.0609 0x448c FLEXnet Licensing Service - ok
21:40:47.0609 0x448c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:40:47.0625 0x448c Flpydisk - ok
21:40:47.0640 0x448c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:40:47.0640 0x448c FltMgr - ok
21:40:47.0671 0x448c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:40:47.0671 0x448c FontCache3.0.0.0 - ok
21:40:47.0687 0x448c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:40:47.0687 0x448c Fs_Rec - ok
21:40:47.0703 0x448c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:40:47.0703 0x448c Ftdisk - ok
21:40:47.0734 0x448c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:40:47.0734 0x448c GEARAspiWDM - ok
21:40:47.0765 0x448c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:40:47.0765 0x448c Gpc - ok
21:40:47.0781 0x448c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:40:47.0781 0x448c gupdate - ok
21:40:47.0796 0x448c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:40:47.0796 0x448c gupdatem - ok
21:40:47.0812 0x448c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:40:47.0828 0x448c HDAudBus - ok
21:40:47.0843 0x448c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:40:47.0859 0x448c helpsvc - ok
21:40:47.0875 0x448c [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:40:47.0875 0x448c HidServ - ok
21:40:47.0890 0x448c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:40:47.0890 0x448c hidusb - ok
21:40:47.0921 0x448c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:40:47.0921 0x448c hkmsvc - ok
21:40:47.0921 0x448c hpn - ok
21:40:47.0953 0x448c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:40:47.0953 0x448c HTTP - ok
21:40:47.0968 0x448c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:40:47.0984 0x448c HTTPFilter - ok
21:40:47.0984 0x448c i2omgmt - ok
21:40:48.0000 0x448c i2omp - ok
21:40:48.0000 0x448c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
21:40:48.0015 0x448c i8042prt - ok
21:40:48.0062 0x448c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:40:48.0078 0x448c idsvc - ok
21:40:48.0093 0x448c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:40:48.0093 0x448c Imapi - ok
21:40:48.0125 0x448c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
21:40:48.0125 0x448c ImapiService - ok
21:40:48.0140 0x448c ini910u - ok
21:40:48.0156 0x448c IntelIde - ok
21:40:48.0171 0x448c [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:40:48.0171 0x448c intelppm - ok
21:40:48.0187 0x448c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:40:48.0187 0x448c Ip6Fw - ok
21:40:48.0234 0x448c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:40:48.0234 0x448c IpFilterDriver - ok
21:40:48.0250 0x448c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:40:48.0250 0x448c IpInIp - ok
21:40:48.0281 0x448c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:40:48.0281 0x448c IpNat - ok
21:40:48.0312 0x448c [ 9AE882A67F019CF30E8C9D7D60B05DDA, FB5D71F94529F37C8B45A5B4FBD15C66AECBFABB7E51C3B9BF63AEAFBE89F8BC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:40:48.0375 0x448c iPod Service - ok
21:40:48.0421 0x448c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:40:48.0453 0x448c IPSec - ok
21:40:48.0484 0x448c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:40:48.0484 0x448c IRENUM - ok
21:40:48.0515 0x448c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:40:48.0515 0x448c isapnp - ok
21:40:48.0515 0x448c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:40:48.0515 0x448c Kbdclass - ok
21:40:48.0531 0x448c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:40:48.0531 0x448c kbdhid - ok
21:40:48.0562 0x448c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:40:48.0562 0x448c kmixer - ok
21:40:48.0578 0x448c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:40:48.0593 0x448c KSecDD - ok
21:40:48.0609 0x448c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:40:48.0625 0x448c lanmanserver - ok
21:40:48.0640 0x448c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:40:48.0640 0x448c lanmanworkstation - ok
21:40:48.0656 0x448c lbrtfdc - ok
21:40:48.0671 0x448c lmab_device - ok
21:40:48.0703 0x448c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:40:48.0718 0x448c LmHosts - ok
21:40:48.0796 0x448c [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:40:48.0812 0x448c MDM - ok
21:40:48.0828 0x448c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:40:48.0828 0x448c Messenger - ok
21:40:48.0859 0x448c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:40:48.0859 0x448c mnmdd - ok
21:40:48.0875 0x448c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:40:48.0875 0x448c mnmsrvc - ok
21:40:48.0890 0x448c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:40:48.0890 0x448c Modem - ok
21:40:48.0906 0x448c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:40:48.0906 0x448c Mouclass - ok
21:40:48.0921 0x448c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:40:48.0921 0x448c mouhid - ok
21:40:48.0921 0x448c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:40:48.0937 0x448c MountMgr - ok
21:40:48.0953 0x448c [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:40:48.0968 0x448c MozillaMaintenance - ok
21:40:48.0984 0x448c [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:40:48.0984 0x448c MpFilter - ok
21:40:49.0046 0x448c [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl9294977c C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDB52725-524C-4CEC-919A-EE0795356EFC}\MpKsl9294977c.sys
21:40:49.0046 0x448c MpKsl9294977c - ok
21:40:49.0062 0x448c mraid35x - ok
21:40:49.0078 0x448c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:40:49.0093 0x448c MRxDAV - ok
21:40:49.0109 0x448c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:40:49.0125 0x448c MRxSmb - ok
21:40:49.0140 0x448c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:40:49.0140 0x448c MSDTC - ok
21:40:49.0156 0x448c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:40:49.0156 0x448c Msfs - ok
21:40:49.0171 0x448c MSIServer - ok
21:40:49.0187 0x448c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:40:49.0187 0x448c MSKSSRV - ok
21:40:49.0234 0x448c [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:40:49.0234 0x448c MsMpSvc - ok
21:40:49.0250 0x448c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:40:49.0265 0x448c MSPCLOCK - ok
21:40:49.0265 0x448c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:40:49.0265 0x448c MSPQM - ok
21:40:49.0281 0x448c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:40:49.0281 0x448c mssmbios - ok
21:40:49.0296 0x448c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:40:49.0312 0x448c MSTEE - ok
21:40:49.0328 0x448c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:40:49.0328 0x448c Mup - ok
21:40:49.0343 0x448c [ 88705DC61B9275B82E48904D53031F5B, E9EF6D1D6AA04A4BE88650B22792C243736168A7143B459C9F1D59B8A4BE3979 ] n558 C:\WINDOWS\system32\Drivers\n558.sys
21:40:49.0343 0x448c n558 - ok
21:40:49.0359 0x448c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:40:49.0375 0x448c NABTSFEC - ok
21:40:49.0390 0x448c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:40:49.0406 0x448c napagent - ok
21:40:49.0421 0x448c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:40:49.0437 0x448c NDIS - ok
21:40:49.0453 0x448c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:40:49.0453 0x448c NdisIP - ok
21:40:49.0468 0x448c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:40:49.0468 0x448c NdisTapi - ok
21:40:49.0484 0x448c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:40:49.0484 0x448c Ndisuio - ok
21:40:49.0500 0x448c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:40:49.0500 0x448c NdisWan - ok
21:40:49.0515 0x448c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:40:49.0515 0x448c NDProxy - ok
21:40:49.0531 0x448c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:40:49.0531 0x448c NetBIOS - ok
21:40:49.0546 0x448c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:40:49.0562 0x448c NetBT - ok
21:40:49.0578 0x448c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
21:40:49.0578 0x448c NetDDE - ok
21:40:49.0593 0x448c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:40:49.0593 0x448c NetDDEdsdm - ok
21:40:49.0609 0x448c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:40:49.0609 0x448c Netlogon - ok
21:40:49.0625 0x448c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
21:40:49.0640 0x448c Netman - ok
21:40:49.0656 0x448c [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:40:49.0671 0x448c NetTcpPortSharing - ok
21:40:49.0687 0x448c [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:40:49.0687 0x448c NIC1394 - ok
21:40:49.0703 0x448c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
21:40:49.0718 0x448c Nla - ok
21:40:49.0750 0x448c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:40:49.0765 0x448c Npfs - ok
21:40:49.0781 0x448c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:40:49.0796 0x448c Ntfs - ok
21:40:49.0812 0x448c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:40:49.0812 0x448c NtLmSsp - ok
21:40:49.0843 0x448c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:40:49.0859 0x448c NtmsSvc - ok
21:40:49.0875 0x448c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
21:40:49.0875 0x448c Null - ok
21:40:50.0312 0x448c [ 7C56F3FD65B2BDB315CA3605A5392D7B, 1C33B2723BBD958FE06D71B6AC5C54DF1F46491C292749FE0DB8577BF056A765 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:40:50.0687 0x448c nv - ok
21:40:50.0765 0x448c [ 5150B108EA88831E1C599603D8B89621, C2E0A77330172149D64613CB113851414C7BDCB4BDA367349BA421651DB47AD1 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:40:50.0765 0x448c NVSvc - ok
21:40:50.0781 0x448c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:40:50.0781 0x448c NwlnkFlt - ok
 
21:40:50.0796 0x448c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:40:50.0796 0x448c NwlnkFwd - ok
21:40:50.0828 0x448c [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:40:50.0828 0x448c ohci1394 - ok
21:40:50.0843 0x448c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:40:50.0843 0x448c Parport - ok
21:40:50.0843 0x448c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:40:50.0843 0x448c PartMgr - ok
21:40:50.0875 0x448c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:40:50.0875 0x448c ParVdm - ok
21:40:50.0890 0x448c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:40:50.0890 0x448c PCI - ok
21:40:50.0906 0x448c PCIDump - ok
21:40:50.0906 0x448c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:40:50.0906 0x448c PCIIde - ok
21:40:50.0937 0x448c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:40:50.0937 0x448c Pcmcia - ok
21:40:50.0968 0x448c [ 4431F2FA27F56F4BC654B0AF5810CC91, 1E155D2ADF97A01626ADA9DC8D04E022FC32C2995B8A894B4B495C41C1BEABEA ] PD0620VID C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
21:40:50.0968 0x448c PD0620VID - ok
21:40:50.0968 0x448c PDCOMP - ok
21:40:50.0984 0x448c PDFRAME - ok
21:40:51.0000 0x448c PDRELI - ok
21:40:51.0000 0x448c PDRFRAME - ok
21:40:51.0015 0x448c perc2 - ok
21:40:51.0015 0x448c perc2hib - ok
21:40:51.0062 0x448c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
21:40:51.0062 0x448c PlugPlay - ok
21:40:51.0078 0x448c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:40:51.0078 0x448c PolicyAgent - ok
21:40:51.0093 0x448c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:40:51.0093 0x448c PptpMiniport - ok
21:40:51.0093 0x448c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:40:51.0093 0x448c ProtectedStorage - ok
21:40:51.0109 0x448c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:40:51.0109 0x448c PSched - ok
21:40:51.0109 0x448c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:40:51.0125 0x448c Ptilink - ok
21:40:51.0125 0x448c ql1080 - ok
21:40:51.0140 0x448c Ql10wnt - ok
21:40:51.0140 0x448c ql12160 - ok
21:40:51.0156 0x448c ql1240 - ok
21:40:51.0156 0x448c ql1280 - ok
21:40:51.0171 0x448c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:40:51.0171 0x448c RasAcd - ok
21:40:51.0203 0x448c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:40:51.0203 0x448c RasAuto - ok
21:40:51.0218 0x448c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:40:51.0218 0x448c Rasl2tp - ok
21:40:51.0234 0x448c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:40:51.0250 0x448c RasMan - ok
21:40:51.0250 0x448c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:40:51.0250 0x448c RasPppoe - ok
21:40:51.0265 0x448c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:40:51.0265 0x448c Raspti - ok
21:40:51.0281 0x448c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:40:51.0296 0x448c Rdbss - ok
21:40:51.0296 0x448c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:40:51.0296 0x448c RDPCDD - ok
21:40:51.0312 0x448c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:40:51.0328 0x448c rdpdr - ok
21:40:51.0359 0x448c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:40:51.0359 0x448c RDPWD - ok
21:40:51.0375 0x448c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:40:51.0375 0x448c RDSessMgr - ok
21:40:51.0390 0x448c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:40:51.0390 0x448c redbook - ok
21:40:51.0406 0x448c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:40:51.0421 0x448c RemoteAccess - ok
21:40:51.0437 0x448c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:40:51.0437 0x448c RemoteRegistry - ok
21:40:51.0453 0x448c [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:40:51.0468 0x448c RFCOMM - ok
21:40:51.0484 0x448c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:40:51.0484 0x448c RpcLocator - ok
21:40:51.0515 0x448c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:40:51.0515 0x448c RpcSs - ok
21:40:51.0546 0x448c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:40:51.0546 0x448c RSVP - ok
21:40:51.0562 0x448c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
21:40:51.0562 0x448c SamSs - ok
21:40:51.0625 0x448c [ 78B0D0DF30E2B17AEF9D036D8BD1B3D4, F31FFAE1261AD779910BEED25815DBE765E5AC941CE155D98B3425071EE5A043 ] Samsung Network Fax Server C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe
21:40:51.0625 0x448c Samsung Network Fax Server - ok
21:40:51.0640 0x448c [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:40:51.0640 0x448c SASDIFSV - ok
21:40:51.0656 0x448c [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:40:51.0656 0x448c SASKUTIL - ok
21:40:51.0671 0x448c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:40:51.0687 0x448c SCardSvr - ok
21:40:51.0703 0x448c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:40:51.0734 0x448c Schedule - ok
21:40:51.0890 0x448c [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
21:40:52.0000 0x448c SDScannerService - ok
21:40:52.0062 0x448c [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:40:52.0093 0x448c SDUpdateService - ok
21:40:52.0109 0x448c [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:40:52.0109 0x448c SDWSCService - ok
21:40:52.0125 0x448c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:40:52.0125 0x448c Secdrv - ok
21:40:52.0125 0x448c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:40:52.0140 0x448c seclogon - ok
21:40:52.0140 0x448c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
21:40:52.0140 0x448c SENS - ok
21:40:52.0156 0x448c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:40:52.0171 0x448c Serial - ok
21:40:52.0203 0x448c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:40:52.0203 0x448c Sfloppy - ok
21:40:52.0218 0x448c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:40:52.0234 0x448c SharedAccess - ok
21:40:52.0250 0x448c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:40:52.0265 0x448c ShellHWDetection - ok
21:40:52.0265 0x448c Simbad - ok
21:40:52.0296 0x448c [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:40:52.0296 0x448c SkypeUpdate - ok
21:40:52.0328 0x448c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:40:52.0328 0x448c SLIP - ok
21:40:52.0343 0x448c Sparrow - ok
21:40:52.0359 0x448c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:40:52.0375 0x448c splitter - ok
21:40:52.0390 0x448c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:40:52.0390 0x448c Spooler - ok
21:40:52.0421 0x448c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:40:52.0421 0x448c sr - ok
21:40:52.0453 0x448c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
21:40:52.0453 0x448c srservice - ok
21:40:52.0468 0x448c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:40:52.0484 0x448c Srv - ok
21:40:52.0484 0x448c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:40:52.0500 0x448c SSDPSRV - ok
21:40:52.0515 0x448c [ EF3458337D7341A05169CEFC73709264, C9D0AE966CFA02F7B72586C2A6E2AFA9818C9F4856A4E9625B79BC5A886FC193 ] SSPORT C:\WINDOWS\system32\Drivers\SSPORT.sys
21:40:52.0515 0x448c SSPORT - ok
21:40:52.0562 0x448c [ 2A2DC39623ADEF8AB3703AB9FAC4B440, A7D66F8364363085EA8BC54AB41E0C1E509A7A88753D6E6707FACF0265DF2A75 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
21:40:52.0593 0x448c STHDA - ok
21:40:52.0609 0x448c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:40:52.0625 0x448c stisvc - ok
21:40:52.0640 0x448c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:40:52.0640 0x448c streamip - ok
21:40:52.0656 0x448c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:40:52.0656 0x448c swenum - ok
21:40:52.0671 0x448c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:40:52.0671 0x448c swmidi - ok
21:40:52.0671 0x448c SwPrv - ok
21:40:52.0703 0x448c symc810 - ok
21:40:52.0703 0x448c symc8xx - ok
21:40:52.0718 0x448c sym_hi - ok
21:40:52.0734 0x448c sym_u3 - ok
21:40:52.0734 0x448c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:40:52.0750 0x448c sysaudio - ok
21:40:52.0750 0x448c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:40:52.0765 0x448c SysmonLog - ok
21:40:52.0781 0x448c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:40:52.0796 0x448c TapiSrv - ok
21:40:52.0812 0x448c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:40:52.0828 0x448c Tcpip - ok
21:40:52.0843 0x448c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:40:52.0843 0x448c TDPIPE - ok
21:40:52.0875 0x448c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:40:52.0875 0x448c TDTCP - ok
21:40:52.0875 0x448c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:40:52.0890 0x448c TermDD - ok
21:40:52.0906 0x448c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
21:40:52.0906 0x448c TermService - ok
21:40:52.0921 0x448c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
21:40:52.0921 0x448c Themes - ok
21:40:52.0953 0x448c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:40:52.0953 0x448c TlntSvr - ok
21:40:52.0953 0x448c TosIde - ok
21:40:52.0968 0x448c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:40:52.0968 0x448c TrkWks - ok
21:40:53.0000 0x448c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:40:53.0000 0x448c Udfs - ok
21:40:53.0015 0x448c ultra - ok
21:40:53.0031 0x448c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:40:53.0046 0x448c Update - ok
21:40:53.0062 0x448c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
21:40:53.0062 0x448c upnphost - ok
21:40:53.0093 0x448c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
21:40:53.0093 0x448c UPS - ok
21:40:53.0125 0x448c [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:40:53.0125 0x448c USBAAPL - ok
21:40:53.0140 0x448c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:40:53.0140 0x448c usbccgp - ok
21:40:53.0171 0x448c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:40:53.0171 0x448c usbehci - ok
21:40:53.0187 0x448c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:40:53.0187 0x448c usbhub - ok
21:40:53.0203 0x448c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:40:53.0203 0x448c usbprint - ok
21:40:53.0234 0x448c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:40:53.0234 0x448c usbscan - ok
21:40:53.0265 0x448c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:40:53.0265 0x448c USBSTOR - ok
21:40:53.0281 0x448c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:40:53.0281 0x448c usbuhci - ok
21:40:53.0281 0x448c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:40:53.0281 0x448c VgaSave - ok
21:40:53.0296 0x448c ViaIde - ok
21:40:53.0312 0x448c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:40:53.0312 0x448c VolSnap - ok
21:40:53.0343 0x448c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
21:40:53.0343 0x448c VSS - ok
21:40:53.0375 0x448c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
21:40:53.0375 0x448c W32Time - ok
21:40:53.0390 0x448c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:40:53.0390 0x448c Wanarp - ok
21:40:53.0406 0x448c WDICA - ok
21:40:53.0421 0x448c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:40:53.0421 0x448c wdmaud - ok
21:40:53.0453 0x448c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
21:40:53.0453 0x448c WebClient - ok
21:40:53.0500 0x448c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:40:53.0500 0x448c winmgmt - ok
21:40:53.0562 0x448c [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:40:53.0640 0x448c WinRM - ok
21:40:53.0687 0x448c [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:40:53.0687 0x448c WmdmPmSN - ok
21:40:53.0718 0x448c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:40:53.0734 0x448c Wmi - ok
21:40:53.0765 0x448c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:40:53.0765 0x448c WmiApSrv - ok
21:40:53.0812 0x448c [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:40:53.0843 0x448c WMPNetworkSvc - ok
21:40:53.0906 0x448c [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:40:53.0921 0x448c WPFFontCache_v0400 - ok
21:40:53.0968 0x448c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:40:53.0968 0x448c wscsvc - ok
21:40:53.0984 0x448c WSearch - ok
21:40:54.0000 0x448c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:40:54.0000 0x448c WSTCODEC - ok
21:40:54.0015 0x448c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:40:54.0015 0x448c wuauserv - ok
21:40:54.0031 0x448c [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:40:54.0031 0x448c WudfPf - ok
21:40:54.0046 0x448c [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:40:54.0046 0x448c WudfRd - ok
21:40:54.0062 0x448c [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:40:54.0078 0x448c WudfSvc - ok
21:40:54.0109 0x448c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:40:54.0125 0x448c WZCSVC - ok
21:40:54.0156 0x448c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:40:54.0156 0x448c xmlprov - ok
21:40:54.0171 0x448c ================ Scan global ===============================
21:40:54.0187 0x448c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
21:40:54.0203 0x448c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:40:54.0218 0x448c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:40:54.0250 0x448c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
21:40:54.0250 0x448c [ Global ] - ok
21:40:54.0250 0x448c ================ Scan MBR ==================================
21:40:54.0265 0x448c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:40:54.0437 0x448c \Device\Harddisk0\DR0 - ok
21:40:54.0453 0x448c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:40:54.0453 0x448c \Device\Harddisk1\DR1 - ok
21:40:54.0453 0x448c ================ Scan VBR ==================================
21:40:54.0468 0x448c [ FC2CED2DFB604957A7D369A8C4C08879 ] \Device\Harddisk0\DR0\Partition1
21:40:54.0468 0x448c \Device\Harddisk0\DR0\Partition1 - ok
21:40:54.0484 0x448c [ 5C8F7EF7A1E5C9B4F00A6FC984520A3E ] \Device\Harddisk0\DR0\Partition2
21:40:54.0484 0x448c \Device\Harddisk0\DR0\Partition2 - ok
21:40:54.0484 0x448c [ 7EC0C3C6E0A7DAB2DA7FCDCAB6E15239 ] \Device\Harddisk1\DR1\Partition1
21:40:54.0500 0x448c \Device\Harddisk1\DR1\Partition1 - ok
21:40:54.0500 0x448c [ 5D143C146F8EDA3099FF8E09C966B912 ] \Device\Harddisk1\DR1\Partition2
21:40:54.0515 0x448c \Device\Harddisk1\DR1\Partition2 - ok
21:40:54.0515 0x448c Waiting for KSN requests completion. In queue: 174
21:40:55.0515 0x448c Waiting for KSN requests completion. In queue: 174
21:40:56.0515 0x448c Waiting for KSN requests completion. In queue: 174
21:40:57.0546 0x448c AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, enabled, updated
21:40:57.0546 0x448c Win FW state via NFM: enabled
21:41:00.0000 0x448c ============================================================
21:41:00.0000 0x448c Scan finished
21:41:00.0000 0x448c ============================================================
21:41:00.0015 0x45f0 Detected object count: 0
21:41:00.0015 0x45f0 Actual detected object count: 0
 
redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller says to update it after the pre-scan, and it gives a link to the web site. I update it, and the second time I run it, it stalls on the "searching for update" section of pre-scan; after about 10 minutes, I close the app. I run a third time; it says it needs to be updated; this time I decline to update, and just run the scan. The scan gets to "searching for TASKS," and stalls out there. It has been there for over 30 minutes. All applications were closed, until I opened Firefox to make this post.
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Was running combofix, per the instructions, when, somewhere in the area of "stage 5" or "stage 6" the standard winxp app fail notice came up, saying "PEV.EXE has encountered and error and needs to close." After clicking the "don't send" report to microsoft button, combofix went through about 10 more stages, then the computer screen went abruptly black, and the computer restarted.

there is no combofix.txt log, but there is a weird "file" in C:\ that's just called "ComboFix;" it has a computer icon; and when I click it, it takes me to a "folder" that appears to be the "My Computer" folder. The address is C:\ComboFix.
 
ComboFix 14-02-03.01 - ab 02/04/2014 0:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2337 [GMT -5:00]
Running from: c:\documents and settings\ab\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ab\WINDOWS
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2014-01-04 to 2014-02-04 )))))))))))))))))))))))))))))))
.
.
2014-02-04 05:09 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62DC951C-161B-4F0C-AF9A-A563C8D1E794}\mpengine.dll
2014-02-04 04:25 . 2014-02-04 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-04 04:25 . 2014-02-04 04:25 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-04 04:24 . 2014-02-04 04:24 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-03 02:01 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-29 06:14 . 2014-01-29 06:14 -------- d-----w- c:\program files\iPod
2014-01-29 06:13 . 2014-01-29 06:15 -------- d-----w- c:\program files\iTunes
2014-01-29 06:13 . 2014-01-29 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-19 20:28 . 2013-12-19 02:10 877480 ----a-w- c:\windows\system32\npdeployJava1.dll
2014-01-19 20:28 . 2013-12-19 02:10 800168 ----a-w- c:\windows\system32\deployJava1.dll
2014-01-19 20:24 . 2013-12-19 02:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-18 23:27 . 2014-01-18 23:27 -------- d-----w- c:\program files\Microsoft Silverlight
2014-01-10 23:15 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-01-10 23:15 . 2014-01-22 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2014-01-10 23:14 . 2014-01-10 23:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-01-10 08:24 . 2014-01-10 08:24 -------- d-sh--w- c:\documents and settings\ab\IECompatCache
2014-01-10 07:56 . 2014-01-11 01:40 -------- d-----w- C:\AdwCleaner
2014-01-10 07:49 . 2014-01-10 07:49 -------- d-----w- c:\documents and settings\ab\Application Data\SUPERAntiSpyware.com
2014-01-10 07:49 . 2014-02-02 03:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-01-10 07:49 . 2014-01-10 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2014-01-10 07:47 . 2014-01-10 07:47 -------- d-----w- c:\documents and settings\ab\Application Data\Malwarebytes
2014-01-10 07:46 . 2014-01-10 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-10 07:46 . 2014-01-10 07:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-10 07:46 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-10 06:25 . 2014-02-02 01:46 -------- d-----w- c:\program files\VideoPlayerV3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-29 06:25 . 2012-04-11 22:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-29 06:25 . 2012-04-11 22:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32 . 2012-04-11 08:12 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-19 01:46 . 2012-06-21 03:15 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-11-27 20:21 . 2006-02-28 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2006-02-28 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2006-02-28 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
2012-10-06 00:54 188416 --sha-r- c:\windows\system32\winDCE32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\ab\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\ab\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\ab\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\ab\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2013-06-03 3997832]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-21 344064]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\documents and settings\ab\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\ab\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\PLANET\Bluetooth Software\BTTray.exe [2005-5-31 577597]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"lmab_device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\lmabcoms.exe"=
"c:\\Documents and Settings\\ab\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX472x\\SCNSearch\\USDAgent.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\Samsung\\Easy Document Creator\\USDAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexDlnaServer.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl9294977c;MpKsl9294977c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDB52725-524C-4CEC-919A-EE0795356EFC}\MpKsl9294977c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDB52725-524C-4CEC-919A-EE0795356EFC}\MpKsl9294977c.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [10/10/2013 5:54 PM 120088]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [11/30/2012 6:28 PM 181760]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [1/10/2014 6:15 PM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1/10/2014 6:15 PM 1042272]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2/15/2012 8:16 AM 5120]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [1/10/2014 6:15 PM 171416]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9/5/2013 10:34 AM 171680]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mbamchameleon
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 06:25]
.
2014-02-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-10 15:57]
.
2014-02-01 c:\windows\Tasks\Defrag C.job
- c:\windows\system32\defrag.exe [2006-02-28 00:12]
.
2014-02-01 c:\windows\Tasks\Defrag D.job
- c:\windows\system32\defrag.exe [2006-02-28 00:12]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-14 22:35]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-14 22:35]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-854245398-839522115-1003Core.job
- c:\documents and settings\ab\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-14 22:31]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-854245398-839522115-1003UA.job
- c:\documents and settings\ab\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-14 22:31]
.
2014-02-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01]
.
2014-02-01 c:\windows\Tasks\MyDocs.job
- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]
.
2014-02-03 c:\windows\Tasks\MyDocs_diff.job
- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]
.
2012-07-20 c:\windows\Tasks\MyVids.job
- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]
.
2013-02-14 c:\windows\Tasks\MyVids_inc.job
- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]
.
2014-02-03 c:\windows\Tasks\Outlook.job
- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]
.
2014-01-29 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-10 15:49]
.
2014-01-11 c:\windows\Tasks\remote_MyDocs.job
- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]
.
2012-05-10 c:\windows\Tasks\remote_MyDocs_diff.job
- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]
.
2014-01-11 c:\windows\Tasks\remote_Outlook.job
- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]
.
2014-02-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-10 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\PLANET\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: adobe.com
Trusted Zone: aol.com\free
Trusted Zone: netflix.com
Trusted Zone: samsungsetup.com\www
Trusted Zone: sosonlinebackup.com
Trusted Zone: symantec.com
TCP: Interfaces\{9339AF5B-E908-4F9B-988C-8FC3DF3C2FB4}: NameServer = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\documents and settings\ab\Application Data\Mozilla\Firefox\Profiles\cyr4tuop.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: 2013-12-20 10:25; ext@WebexpEnhancedV1alpha710.net; c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha710\ff
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-04 00:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDS723020BLA642 rev.MN6OA800 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-22
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-02-04 00:28:00
ComboFix-quarantined-files.txt 2014-02-04 05:27
.
Pre-Run: 21,672,935,424 bytes free
Post-Run: 22,366,085,120 bytes free
.
- - End Of File - - A80D4360CE0FE14BC933F2DC533DC845
8F558EB6672622401DA993E1E865C861
 
I don't see anything malicious there.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
Thank you for your help.

Do you run across keyloggers in this forum? If so, what are the symptoms? Right now, I'm afraid to enter any passwords on this computer, because the keyboard delay/stutter effect is so pronounced, and so unusual, and it started so suddenly. It's just very suspicious.

After the work we did, do you feel confident that my keystrokes aren't being logged?
 
You must log in or register to reply here.

Similar threads

drewaarom
Time lag/stutter between keyboard and screen
Replies
12
Views
9K
gbhall
gbhall
SneakyTiki
Intermittent Crashing with Strange Temperature Fluctuations
Replies
8
Views
3K
SneakyTiki
SneakyTiki
J
  • Locked
Inactive Suspected Keylogger - help plz!
Replies
3
Views
3K
Broni
Broni

Latest posts

Back