Solved Trojan Sirefef needs eliminating

N

NathanC

Posts: 38   +0
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.15.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Cheung :: CHEUNG-DESKTOP [limited]
Protection: Disabled
16/04/2012 5:24:14 PM
mbam-log-2012-04-16 (17-24-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288445
Time elapsed: 14 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ypzaov.exe (Trojan.Zbot.IPGen) -> Quarantined and deleted successfully.
C:\Users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nuirek.exe (Trojan.Zbot.IPGen) -> Quarantined and deleted successfully.
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\hogio.exe (Trojan.Zbot.IPGen) -> Quarantined and deleted successfully.
C:\Users\Cheung\AppData\Local\Temp\jZip\jZip15225\jZip185C\iepv.exe (PUP.PSW.Passview) -> Quarantined and deleted successfully.
(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-17 09:35:09
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 rev.
Running: gmer.exe; Driver: C:\Users\Cheung\AppData\Local\Temp\kwlyyfog.sys

---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Cheung at 9:36:22 on 2012-04-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.597 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\IDSync\IDSyncService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Megacloud\VSSService.exe
C:\IDSync\IDSyncCDBManager.exe
C:\Windows\system32\conhost.exe
C:\IDSync\IDSyncSDBManager.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\theSkyNet\wrapper-windows-x86-32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\IDSync\IDSyncClient.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\java.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Zune1\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IntelAppUp\IntelAppStore\bin\serviceManager.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\OpenDrive\OpenDrive_Tray.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Business-in-a-Box\BIBLauncher.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\IDSync\IDSyncTray.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\Megacloud\Livedrive.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Windows\system32\conhost.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\IDSync\IDSNotifier.exe
C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\GoBox\gobox_desktop.exe
C:\Program Files\Evernote\Evernote\Evernote.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Portable Apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Users\Cheung\AppData\Roaming\Wuala\Wuala.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\DropboxPortableAHK.exe
C:\Portable Apps\PortableApps\DropboxPortableAHK-HR\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Cheung\Desktop\gmer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\getmac.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dreamerz.biz/home.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*;127.0.0.1:9421;<local>
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEToolbarBHO Class: {1a1dac8c-074d-440f-8707-7009a672d7d1} - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: DealScout: {467013bb-d67e-45be-a7d7-c29e3cca8aad} - c:\program files\dealscout\dealscout.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: PrimaDesk Login Helper: {7aec5d7c-9ba0-4a13-ab5d-244e4276fc09} - c:\windows\downloaded program files\conflict.3\npPrimaDeskPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
BHO: BrowserHelper Class: {edf48a39-1442-463f-9f4e-f376a78d034a} - c:\program files\megacloud\LivedriveExplorerExtensions.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: LinkedIn Toolbar: {bb670d0b-5c46-40c7-b38b-40dd26987723} - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll
TB: PrimadeskToolbar: {1b5498a8-c09c-43dd-89fc-67803840387e} - c:\windows\downloaded program files\conflict.3\npPrimaDeskPlugin.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
TB: GoBox: {6a719530-8443-4898-9bc4-69e76b5f1c89} - c:\program files\gobox\gobox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: GoBox Sidebar: {3bc832b5-d7af-4718-98ac-7f1269404929} - c:\program files\gobox\gobox.dll
EB: LinkedIn Toolbar: {85e0b171-04fa-11d1-b7da-00a0c90348d6} - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll
uRun: [<NO NAME>]
uRun: [AdobeBridge]
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Google Update] "c:\users\cheung\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [BIBLauncher] c:\program files\business-in-a-box\BIBLauncher.exe
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
uRun: [Akamai NetSession Interface] "c:\users\cheung\appdata\local\akamai\netsession_win.exe"
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IDSyncStartup] "c:\idsync\IDSyncStartup.exe" Hide
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [Livedrive] "c:\program files\megacloud\Livedrive.exe"
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRunOnce: [Application Restart #7] c:\program files\google\chrome frame\application\chrome.exe --automation-channel=chrometestinginterface:8528.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --user-data-dir="c:\users\cheung\appdata\local\google\chrome frame\user data\iexplore" --chrome-version=17.0.963.79 --lang=en-US --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session
mRun: [TrayServer] c:\progra~1\magix\movie_~1\TrayServer_en.exe
mRun: [Zune Launcher] "c:\program files\zune1\ZuneLauncher.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Intel AppUp(SM) center] "c:\program files\intelappup\intelappstore\bin\serviceManager.lnk"
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema\PCMAgent.exe"
mRun: [PlayMovie] "c:\program files\cyberlink\playmovie\PMVService.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema\kernel\clml\CLMLSvc.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Fiabee] c:\program files\tuso\fiabee sync\Fiabee.exe hack
mRun: [OpenDrive Tray] c:\program files\opendrive\OpenDrive_Tray.exe
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SBRegRebootCleaner] "c:\program files\ad-aware antivirus\engine\SBRC.exe"
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dropbox1\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteTray.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\gobox.lnk - c:\program files\gobox\gobox_desktop.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\idrive~1.lnk - c:\idsync\IDSyncTray.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\mangoa~1.lnk - c:\program files\mangoapps desktop\MangoApps Desktop.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\megacl~1.lnk - c:\users\cheung\appdata\roaming\megacloud\MegaCloud.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office14\GROOVE.EXE
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\portab~1.lnk - c:\portable apps\Start.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\qlock.lnk - c:\program files\qlock\qlock.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\program files\windows live\mesh\WLSync.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\wuala.lnk - c:\users\cheung\appdata\roaming\wuala\Wuala.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4 - c:\portable apps\portableapps\evernoteportable\app\evernote\EvernoteIE.dll/204
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Linked&In Search - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll/ContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {1FAEED48-6C46-4AE6-9686-499858131F2E} - hxxps://www.primadesk.com/primadesk/plugin/npPrimaDeskPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8B75A3DC-33D2-42E6-9440-7A1BECF6D031} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{BB33D5F5-D7EF-41F9-A0C1-0A3064D53BD4} : NameServer = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2011-9-10 13440]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-4-14 15672]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2012-4-4 146904]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-3-2 296336]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-16 242240]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2011-10-13 9600]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-14 221784]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-14 78936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-2-16 87368]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-7-2 298824]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IDSyncService;IDSyncService;c:\idsync\IDSyncService.exe [2012-3-2 144856]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-15 654408]
R2 MegacloudVSSService;Megacloud VSS Service;c:\program files\megacloud\VSSService.exe [2012-3-16 157920]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2012-2-2 214896]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 SZASSIST;SecretZone Assist Service;c:\program files\clarus\samsung secretzone\SZAssistSVC.exe [2012-3-20 90112]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2011-8-29 464224]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2011-8-29 189792]
R2 wrapper;theSkyNet;c:\program files\theskynet\wrapper-windows-x86-32.exe [2011-5-26 431896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-15 22344]
R3 mdf16;mdf16;c:\program files\clarus\samsung secretzone\mdf16.sys [2012-3-20 18288]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-13 30576]
R3 mvd22;mvd22;c:\program files\clarus\samsung secretzone\mvd22.sys [2012-3-20 70512]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S1 eanhcosu;eanhcosu;c:\windows\system32\drivers\eanhcosu.sys [2012-4-17 42960]
S1 qbgpwvsl;qbgpwvsl;c:\windows\system32\drivers\qbgpwvsl.sys [2012-4-17 42960]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\fabs.exe /disableui --> c:\program files\common files\magix services\database\bin\FABS.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
S2 LRMINIPORT;ISAMSvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-1 2214504]
S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-10-13 49152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;"c:\program files\common files\magix services\database\bin\fbserver.exe" --> c:\program files\common files\magix services\database\bin\fbserver.exe [?]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-1-25 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-8 11008]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-25 15872]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-14 94040]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-25 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune1\WMZuneComm.exe [2011-8-5 268512]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-17 01:08:57 -------- d-----w- c:\users\cheung\appdata\local\{C930C657-C4D5-419A-BDCE-CCDE68B3A091}
2012-04-17 01:06:21 42960 ----a-w- c:\windows\system32\drivers\eanhcosu.sys
2012-04-17 00:55:58 42960 ----a-w- c:\windows\system32\drivers\qbgpwvsl.sys
2012-04-17 00:41:14 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f0fe51ab-033b-4c45-ac20-9938fd6a1f4d}\offreg.dll
2012-04-17 00:33:03 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f0fe51ab-033b-4c45-ac20-9938fd6a1f4d}\mpengine.dll
2012-04-16 13:48:32 -------- d-----w- c:\users\cheung\appdata\local\{1B72F4AF-DAFA-47C1-B040-23068B05EC36}
2012-04-16 09:23:20 -------- d-----w- c:\users\cheung\appdata\local\{48D69A34-2EEC-4C24-A449-A56634FB87D6}
2012-04-16 08:00:30 -------- d-----w- c:\program files\FileHippo.com
2012-04-16 05:31:33 -------- d-----w- c:\users\cheung\appdata\local\{D2D99226-CC43-4594-957D-0B2643789272}
2012-04-16 02:29:05 -------- d-----w- c:\users\cheung\appdata\local\{BF4A0660-038F-4325-BD0C-301A2B0796D6}
2012-04-15 12:23:02 -------- d-----w- c:\users\cheung\appdata\local\{C79FA9A6-6601-4446-BFC2-B73ABCA802FD}
2012-04-15 10:02:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 10:02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-15 09:53:53 -------- d-----w- c:\users\cheung\appdata\local\{3F0BF5B6-C2C6-468D-A253-B5F897315C2E}
2012-04-14 10:40:03 -------- d-----w- c:\users\cheung\appdata\local\{A5B6A3D7-C0BB-402D-A787-D607CEED761C}
2012-04-14 10:08:06 -------- d-----w- c:\users\cheung\appdata\local\adaware
2012-04-14 10:08:05 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-14 10:07:52 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-14 10:07:39 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-14 10:07:21 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-14 10:07:21 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-14 10:07:16 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-14 10:04:34 -------- d-----w- c:\users\cheung\appdata\roaming\Ad-Aware Antivirus
2012-04-14 09:21:32 -------- d-----w- c:\users\cheung\appdata\local\{1E392024-CDA3-49EC-93EB-B0DE7AF0972C}
2012-04-13 16:34:12 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-13 16:34:12 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-13 16:34:06 -------- d-----w- c:\program files\IObit
2012-04-13 16:29:38 -------- d-----w- c:\program files\OpenDrive
2012-04-13 16:25:40 -------- d-----w- c:\users\cheung\appdata\local\{D6112BD0-2AF7-4B0C-8E20-FAE1BB86F637}
2012-04-13 01:36:23 -------- d-----w- c:\users\cheung\appdata\roaming\Cocylu
2012-04-13 01:26:04 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-12 12:42:16 -------- d-----w- c:\users\cheung\appdata\local\{92DA621C-FF95-4BA4-ABA2-E7B205A5D782}
2012-04-12 09:08:12 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 09:08:12 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:08:12 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:08:12 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:05:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 09:05:40 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:04:38 -------- d--h--w- c:\windows\AxInstSV
2012-04-10 06:47:33 -------- d-sh--w- C:\~LD
2012-04-10 06:41:25 -------- d-----w- c:\users\cheung\appdata\local\{60169B06-6F8A-498A-A7B9-643FFF6D2957}
2012-04-09 12:47:08 -------- d-----w- c:\users\cheung\appdata\local\{D6EAA220-7A43-4177-A20E-7C8254733C84}
2012-04-08 07:46:52 -------- d-----w- c:\users\cheung\appdata\local\{6629C97C-6288-42A9-8761-BB259B2D4764}
2012-04-08 07:44:15 -------- d-----w- c:\users\cheung\appdata\local\{DF38BF77-5464-466A-9BAE-D5CE7F1B42DE}
2012-04-08 06:19:44 -------- d-----w- c:\users\cheung\appdata\local\PCM4Everio
2012-04-08 06:07:07 -------- d-----w- c:\users\cheung\appdata\local\{EC6D206D-3F26-43D4-AFD5-2218779EC910}
2012-04-08 06:04:15 -------- d-----w- c:\users\cheung\appdata\local\{1185EBEB-4016-40FB-AA88-495E84239EB3}
2012-04-04 08:37:06 -------- d-----w- C:\xampp
2012-04-04 05:26:30 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 04:17:30 146904 ----a-w- c:\windows\system32\drivers\cbfs.sys
2012-04-04 04:16:34 -------- d-----w- c:\users\cheung\appdata\local\Megacloud
2012-04-04 04:16:32 -------- d-----w- c:\program files\Megacloud
2012-04-04 04:08:42 -------- d-----w- c:\program files\Spectromancer
2012-04-04 03:29:13 -------- d-----w- c:\users\cheung\appdata\local\OpenDrive
2012-04-03 09:20:15 -------- d-----w- c:\users\cheung\appdata\roaming\Fiabee
2012-04-03 09:19:53 -------- d-----w- c:\program files\Tuso
2012-03-28 03:45:27 -------- d-----w- c:\program files\Evernote
2012-03-27 14:25:40 -------- d-----w- c:\users\cheung\appdata\local\{BCAA9F1D-1F32-4204-958A-78CE64E21FCF}
2012-03-26 08:13:15 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-03-26 07:56:44 -------- d-----w- c:\users\cheung\.gstreamer-0.10
2012-03-26 07:48:50 -------- d-----w- c:\programdata\Motorola Media Link
2012-03-26 07:48:48 -------- d-----w- c:\program files\Motorola Mobility
2012-03-26 07:45:56 -------- d-----w- c:\users\cheung\appdata\roaming\MotoCast
2012-03-22 15:10:04 -------- d-----w- c:\users\cheung\appdata\local\{B11F8463-3B3C-4EFA-922C-AD55657175C5}
2012-03-22 15:06:59 97280 --sha-r- c:\windows\system32\FLACDX.ax
2012-03-22 15:06:59 81920 --sha-r- c:\windows\system32\aac_parser.ax
2012-03-22 15:06:59 227328 --sha-r- c:\windows\system32\ac3DX.ax
2012-03-22 15:06:59 179200 --sha-r- c:\windows\system32\DiracSplitter.ax
2012-03-22 15:06:59 175104 --sha-r- c:\windows\system32\CoreAAC.ax
2012-03-22 15:06:59 123904 --sha-r- c:\windows\system32\AVCDX.ax
2012-03-22 14:30:17 -------- d-----w- c:\users\cheung\appdata\local\{367D2617-E872-4FEA-8773-9F8476790042}
.
==================== Find3M ====================
.
2012-04-14 10:20:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-16 01:48:42 1734368 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 01:58:29 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-14 04:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-09 14:43:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-09 14:43:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-09 14:43:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-09 14:43:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-09 14:43:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-09 14:43:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-09 14:43:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-09 14:43:00 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-09 14:43:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-09 14:43:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-09 14:43:00 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-09 14:43:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:58:00 23808 ----a-w- c:\windows\system32\drivers\Motousbnet.sys
2012-01-25 05:57:48 24192 ----a-w- c:\windows\system32\drivers\motmodem.sys
2012-01-25 05:57:44 8448 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2012-01-25 05:57:36 20864 ----a-w- c:\windows\system32\drivers\motccgp.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2006-05-03 03:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 04:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 06:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 16:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8709BFD0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x82E4C52A] -> \Device\Harddisk0\DR0[0x8681E530]
3 CLASSPNP[0x8BC0459E] -> ntkrnlpa!IofCallDriver[0x82E4C52A] -> [0x86EBCEF8]
\Driver\00000944[0x86EA3E90] -> IRP_MJ_CREATE -> 0x8709BFD0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 9:38:26.36 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 24/06/2011 2:39:00 PM
System Uptime: 17/04/2012 8:40:36 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KC
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2394/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 420 GiB total, 107.201 GiB free.
D: is FIXED (NTFS) - 512 GiB total, 134.981 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 71.265 GiB free.
F: is CDROM ()
H: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&18BA0AA4&0&00E5
Manufacturer: Atheros
Name: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
PNP Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&18BA0AA4&0&00E5
Service: AtcL001
.
==== System Restore Points ===================
.
RP303: 15/04/2012 7:31:01 PM - Windows Update
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Acrobat X Suite
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Captivate Quiz Results Analyzer
Adobe Captivate Reviewer
Adobe Community Help
Adobe Content Viewer
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe InDesign CS5.5
Adobe Media Player
Adobe Presenter 7
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AUSkey software 1.4.0.3
AUSkey software 1.4.0.6
Avi2Dvd 0.6.1
AviSynth 2.5
Bing Bar
Bing Bar Platform
blinkx beat
Bonjour
Box for Office
Bubble Ball Lite
Bubble Breaker
Bubblins 2
Bulk Rename Utility 2, 6, 1, 0
BurnAware Free 4.2
Business-in-a-Box
Canon Easy-WebPrint EX
Cool Remote Server
CoreAAC Audio Decoder (remove only)
CyberLink PowerCinema
D3DX10
DAEMON Tools Lite
DealScout for Internet Explorer
Deathrace
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeVeDe
doPDF 7.2 printer
Dropbox
Dulux MyColour4
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVDFab 8.1.1.2 (08/08/2011) Qt
e-Sword
e-tax 2011
Ekiga (remove only)
Evernote v. 4.5.4
ffdshow [rev 3299] [2010-03-03]
Fiabee Sync
FileHippo.com Update Checker
Firebird SQL Server - MAGIX Edition
Foxit Reader 5.1
Free ISO Create Wizard 4.3.9
FreeOnlineRadioPlayerRecorder Toolbar
GoBox
Google Calendar Sync
Google Chrome
Google Chrome Frame
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Google Video Uploader
GTK2-Runtime
Haali Media Splitter
Hotspot Shield 2.06
HP Photosmart Essential
IDriveSync version 1.0.1 November 18, 2011
IHF Handball Challenge 12
ImgBurn
Intel AppUp(SM) center
ISO Recorder
ISODisk 1.1
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Jello.Dashboard 5.25 beta (Astral)
Joukuu Lite
Junk Mail filter update
jZip
LAME v3.98.3 for Audacity
LCP 5.04
LinkedIn Internet Explorer Toolbar
Lyrics Plugin for iTunes
MAGIX Movie Edit Pro 17 Plus Download Version
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware version 1.61.0.1400
MangoApps Desktop
MegaCloud
Mesh Runtime
Messenger Companion
MFG Trader
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Advertising SDK for Windows Phone - ENU
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend 4 Add-in for Adobe FXG Import
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Blend SDK for Windows Phone 7
Microsoft Expression Blend SDK for Windows Phone OS 7.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 1.1
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft LifeCam
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Refresh
Microsoft XNA Game Studio 4.0 Refresh (ARP entry)
Microsoft XNA Game Studio 4.0 Refresh (Redists)
Microsoft XNA Game Studio 4.0 Refresh (Shared Components)
Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)
Microsoft XNA Game Studio Platform Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MotoCast
MotoHelper 2.1.40 Driver 5.5.0
MotoHelper MergeModules
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.2.0
Motorola Mobile Drivers Installation 5.5.0
MP3 Repair Tool v1.5.2
Mp3tag v2.49
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Little Artist
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
NoteBurner 2.35
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Update 1.3.5
NVIDIA Update Components
OpenAL
OpenDNS Updater 2.2.1
OpenDrive
Orbit Downloader
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PFPortChecker 1.0.39
Picasa 3
Portforward Static IP Address 1.0.47
Poxxle
Qlock Lite
QuickTime
RAR Password Recovery Magic v6.1.1.386
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RocketDock 1.3.5
Samsung Auto Backup
Samsung SecretZone
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Shufflr
Skype Click to Call
Skype™ 5.8
Smart Defrag 2
Spectromancer: Truth and Beauty
SugarSync for Outlook
SugarSync Manager
SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
SyncToy 2.1 (x86)
theSkyNet
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
TuneUp Companion 2.1.1
TwInbox (remove only)
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WCF Data Services SDK for Windows Phone
WebM Media Foundation Components
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Windows Phone Emulator - ENU
Windows Phone SDK 7.1 - ENU
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU
Windows Phone SDK 7.1 Assemblies
Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0
WinHTTrack Website Copier 3.44-1
WinRAR 4.01 (32-bit)
WPF Toolkit February 2010 (Version 3.5.50211.1)
Wuala
Wuala CBFS
Wuala OverlayIcons
X-Lite 3.0
XAMPP 1.7.7
Xvid Video Codec
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
Zune Lyrics
.
 
==== Event Viewer Messages From Past Week ========
.
17/04/2012 9:35:36 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
17/04/2012 9:35:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
17/04/2012 9:33:25 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
17/04/2012 9:13:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.
17/04/2012 9:13:39 AM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/04/2012 9:11:32 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
17/04/2012 9:10:24 AM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Hang Exception code: Resource: file:C:\Windows\System32\rdnaoflsvc.dll
17/04/2012 9:08:42 AM, Error: Service Control Manager [7023] - The Ssoftservice service terminated with the following error: Access is denied.
17/04/2012 9:07:10 AM, Error: Service Control Manager [7023] - The Cbidf service terminated with the following error: Access is denied.
17/04/2012 9:06:10 AM, Error: Service Control Manager [7023] - The Awservice service terminated with the following error: Access is denied.
17/04/2012 9:05:10 AM, Error: Service Control Manager [7023] - The Slntamr service terminated with the following error: Access is denied.
17/04/2012 9:04:10 AM, Error: Service Control Manager [7023] - The Zpcache service terminated with the following error: Access is denied.
17/04/2012 9:03:10 AM, Error: Service Control Manager [7023] - The .netframework service terminated with the following error: Access is denied.
17/04/2012 9:02:10 AM, Error: Service Control Manager [7023] - The Bdss service terminated with the following error: Access is denied.
17/04/2012 9:01:10 AM, Error: Service Control Manager [7023] - The Cnxtdiag service terminated with the following error: Access is denied.
17/04/2012 9:00:10 AM, Error: Service Control Manager [7023] - The Akshhl service terminated with the following error: Access is denied.
17/04/2012 8:59:10 AM, Error: Service Control Manager [7023] - The Https-admserv61 service terminated with the following error: Access is denied.
17/04/2012 8:58:10 AM, Error: Service Control Manager [7023] - The CX23880 service terminated with the following error: Access is denied.
17/04/2012 8:57:10 AM, Error: Service Control Manager [7023] - The Anio service terminated with the following error: Access is denied.
17/04/2012 8:56:10 AM, Error: Service Control Manager [7023] - The S117nd5 service terminated with the following error: Access is denied.
17/04/2012 8:55:10 AM, Error: Service Control Manager [7023] - The Bcftdi service terminated with the following error: Access is denied.
17/04/2012 8:54:10 AM, Error: Service Control Manager [7023] - The Oracledbconsoleorcl service terminated with the following error: Access is denied.
17/04/2012 8:53:10 AM, Error: Service Control Manager [7023] - The Ma_cmidi_installerservice service terminated with the following error: Access is denied.
17/04/2012 8:52:10 AM, Error: Service Control Manager [7023] - The CYGF32X service terminated with the following error: Access is denied.
17/04/2012 8:51:10 AM, Error: Service Control Manager [7023] - The Nsynas32 service terminated with the following error: Access is denied.
17/04/2012 8:50:10 AM, Error: Service Control Manager [7023] - The Utscsi service terminated with the following error: Access is denied.
17/04/2012 8:49:10 AM, Error: Service Control Manager [7023] - The Cmdmon service terminated with the following error: Access is denied.
17/04/2012 8:48:10 AM, Error: Service Control Manager [7023] - The Protectionservice service terminated with the following error: Access is denied.
17/04/2012 8:47:10 AM, Error: Service Control Manager [7023] - The NEOFLTR_600_13319 service terminated with the following error: Access is denied.
17/04/2012 8:46:10 AM, Error: Service Control Manager [7023] - The Hibernation service terminated with the following error: Access is denied.
17/04/2012 8:45:10 AM, Error: Service Control Manager [7023] - The Picturetaker service terminated with the following error: Access is denied.
17/04/2012 8:44:10 AM, Error: Service Control Manager [7023] - The Pelusblf service terminated with the following error: Access is denied.
17/04/2012 8:43:47 AM, Error: Service Control Manager [7041] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the user has not been granted the requested logon type at this computer. Service: nvUpdatusService Domain and account: .\UpdatusUser This service account does not have the required user right "Log on as a service." User Action Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster. If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
17/04/2012 8:43:47 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
17/04/2012 8:43:10 AM, Error: Service Control Manager [7023] - The Appn service terminated with the following error: Access is denied.
17/04/2012 8:42:10 AM, Error: Service Control Manager [7023] - The Ovepstatusengine service terminated with the following error: Access is denied.
17/04/2012 8:42:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
17/04/2012 8:41:28 AM, Error: Service Control Manager [7023] - The ZDPSp50 service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:28 AM, Error: Service Control Manager [7023] - The Psdistributionagent service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:28 AM, Error: Service Control Manager [7023] - The A016mdfl service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Symc8xx service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The SMTPSVC service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The ROB_V service terminated with the following error: The system cannot find the file specified.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Rca service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Pop3d32 service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Oracleorahome92pagingserver service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Mdmxsdk service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Hpzius12 service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Gearsecurity service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The CTEXFIFX.DLL service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7023] - The Cmdagent service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
17/04/2012 8:41:27 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
17/04/2012 8:41:09 AM, Error: Service Control Manager [7023] - The Neokdss service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:09 AM, Error: Service Control Manager [7023] - The Mnsframework service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:09 AM, Error: Service Control Manager [7023] - The ISAMSvc service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:09 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
17/04/2012 8:41:08 AM, Error: Service Control Manager [7023] - The Fallback service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:08 AM, Error: Service Control Manager [7023] - The Arhidfltr service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Zpnodecollector service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Sscdserd service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Pinger service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The PBADRV service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Nvidesm service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The NETw4v32 service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The MSW_USB service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The EACSys service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The CnxtHdAudService service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Captureservice service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7023] - The Bt3cser service terminated with the following error: The specified module could not be found.
17/04/2012 8:41:03 AM, Error: Service Control Manager [7000] - The FABS - Helping agent for MAGIX media database service failed to start due to the following error: The system cannot find the file specified.
17/04/2012 8:41:01 AM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
17/04/2012 8:34:38 AM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
17/04/2012 8:34:21 AM, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2012 8:33:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
17/04/2012 8:33:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
17/04/2012 8:23:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
17/04/2012 8:23:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
16/04/2012 9:54:34 PM, Error: Service Control Manager [7023] - The Cmdagent service terminated with the following error: Access is denied.
16/04/2012 9:53:33 PM, Error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: Access is denied.
16/04/2012 9:52:33 PM, Error: Service Control Manager [7023] - The Gearsecurity service terminated with the following error: Access is denied.
16/04/2012 9:51:34 PM, Error: Service Control Manager [7023] - The ISAMSvc service terminated with the following error: Access is denied.
16/04/2012 9:50:37 PM, Error: Service Control Manager [7023] - The MSW_USB service terminated with the following error: Access is denied.
16/04/2012 9:49:49 PM, Error: Service Control Manager [7023] - The A016mdfl service terminated with the following error: Access is denied.
16/04/2012 9:48:51 PM, Error: Service Control Manager [7023] - The Oracleorahome92pagingserver service terminated with the following error: Access is denied.
16/04/2012 9:47:21 PM, Error: Service Control Manager [7023] - The Pop3d32 service terminated with the following error: The process cannot access the file because it is being used by another process.
16/04/2012 9:45:32 PM, Error: Service Control Manager [7023] - The NETw4v32 service terminated with the following error: Access is denied.
16/04/2012 9:45:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
16/04/2012 9:44:59 PM, Error: Service Control Manager [7034] - The TVEnhance Background Capture Service (TBCS) service terminated unexpectedly. It has done this 1 time(s).
16/04/2012 5:24:22 PM, Error: Service Control Manager [7023] - The Hpdj service terminated with the following error: Access is denied.
16/04/2012 5:23:38 PM, Error: Service Control Manager [7023] - The Https-nassry service terminated with the following error: Access is denied.
16/04/2012 5:22:31 PM, Error: Service Control Manager [7023] - The SWUMX51 service terminated with the following error: Access is denied.
16/04/2012 5:21:29 PM, Error: Service Control Manager [7023] - The Db2ntsecserver service terminated with the following error: Access is denied.
16/04/2012 5:20:29 PM, Error: Service Control Manager [7023] - The Bwsvc service terminated with the following error: Access is denied.
16/04/2012 5:19:29 PM, Error: Service Control Manager [7023] - The SE2Dmdfl service terminated with the following error: Access is denied.
16/04/2012 5:18:31 PM, Error: Service Control Manager [7023] - The Dvd_2K service terminated with the following error: Access is denied.
16/04/2012 5:17:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
16/04/2012 5:17:41 PM, Error: Service Control Manager [7023] - The Pacsptisvr service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The W800obex service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The TMHIDSRV service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The TcpipBM service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Service service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Savrt service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The S125obex service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The PTproct service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Lp6nds35 service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Jsdaemon service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The Bltrust service terminated with the following error: Access is denied.
16/04/2012 5:16:56 PM, Error: Service Control Manager [7023] - The AVerBDA service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Z800mdm service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Tb2RCAssist service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The S116mdm service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Rvscc service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The NWDNS service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The NETw5x32 service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Mqdmserd service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Ipcsvc service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Int15.sys service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Iftpsvc service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Idisw2km service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Hpn service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Genregistrar service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Fs_rec service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Foldersize service terminated with the following error: Access is denied.
16/04/2012 5:16:55 PM, Error: Service Control Manager [7023] - The Atitool service terminated with the following error: Access is denied.
16/04/2012 5:16:54 PM, Error: Service Control Manager [7023] - The Qbfcservice service terminated with the following error: Access is denied.
16/04/2012 5:16:54 PM, Error: Service Control Manager [7023] - The Epson_pm_rpcv4_01 service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Zntport service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The V124 service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The TryAndDecideService service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Symlcbrd service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Svcwmu service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Om518p service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Nwlnknb service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The MREMP50a64 service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Logmein service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The ICM10USB service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The E100b service terminated with the following error: Access is denied.
16/04/2012 5:16:51 PM, Error: Service Control Manager [7023] - The Admjoy service terminated with the following error: Access is denied.
16/04/2012 5:16:50 PM, Error: Service Control Manager [7023] - The Vproeventmonitor service terminated with the following error: Access is denied.
16/04/2012 5:16:50 PM, Error: Service Control Manager [7023] - The Mdvrmng service terminated with the following error: Access is denied.
16/04/2012 5:16:50 PM, Error: Service Control Manager [7023] - The Flutilssvc service terminated with the following error: Access is denied.
16/04/2012 5:16:50 PM, Error: Service Control Manager [7023] - The DynDNS_Updater_Service service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Vzcdbsvc service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Vci service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Tunnelguardservice service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Trufos service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Timounter service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The S24eventmonitor service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Rt2500usb service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The P1110vid service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Mfesmfk service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Lvpopflt service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Iisadmin service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The I81x service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Hsf_msft service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Flashcomadmin service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The El90xbc service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Dac960nt service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Cdvp service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The Ati service terminated with the following error: Access is denied.
16/04/2012 5:16:38 PM, Error: Service Control Manager [7023] - The AF15BDA service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Upsentry_smart service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Resourcemanagermail service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Pshost service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Pdlndlpb service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Lvsrvlauncher service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The LVPrcMon service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The JGOGO service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Imountsrv service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Enodpl service terminated with the following error: Access is denied.
16/04/2012 5:16:37 PM, Error: Service Control Manager [7023] - The Avpnnic service terminated with the following error: Access is denied.
16/04/2012 5:16:36 PM, Error: Service Control Manager [7023] - The Gpc service terminated with the following error: Access is denied.
16/04/2012 5:16:36 PM, Error: Service Control Manager [7023] - The Dmload service terminated with the following error: Access is denied.
16/04/2012 5:16:36 PM, Error: Service Control Manager [7023] - The Dlaudf_m service terminated with the following error: Access is denied.
16/04/2012 5:16:36 PM, Error: Service Control Manager [7023] - The CTERFXFX.DLL service terminated with the following error: Access is denied.
16/04/2012 4:41:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
16/04/2012 4:27:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\clisvc.dll;containerfile:_C:\Windows\system32\delldmi.dll;containerfile:_C:\Windows\System32\g400.dll;containerfile:_C:\Windows\System32\hpzid412.dll;containerfile:_C:\Windows\System32\LVVI500A.dll;containerfile:_C:\Windows\System32\MailService.dll;containerfile:_C:\Windows\System32\mksupdateint.dll;containerfile:_C:\Windows\System32\parport.dll;containerfile:_C:\Windows\System32\sf.dll;containerfile:_C:\Windows\system32\vmkbd.dll;file:_C:\Windows\System32\clisvc.dll->EWS->1.cod;file:_C:\Windows\system32\delldmi.dll->EWS->1.cod;file:_C:\Windows\System32\g400.dll->EWS->1.cod;file:_C:\Windows\System32\hpzid412.dll->EWS->1.cod;file:_C:\Windows\System32\LVVI500A.dll->EWS->1.cod;file:_C:\Windows\System32\MailService.dll->EWS->1.cod;file:_C:\Windows\System32\mksupdateint.dll->EWS->1.cod;file:_C:\Windows\System32\parport.dll->EWS->1.cod;file:_C:\Windows\System32\sf.dll->EWS->1.cod;file:_C:\Windows\system32\vmkbd.dll->EWS->1.cod;service:_drvmcdb;service:_firesvc;service:_iastor;ser Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.123.1823.0, AS: 1.123.1823.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8202.0, NIS: 0.0.0.0
16/04/2012 4:18:29 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
16/04/2012 4:17:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
16/04/2012 4:17:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
16/04/2012 4:16:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
16/04/2012 4:16:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
16/04/2012 4:16:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/04/2012 4:16:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/04/2012 4:16:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
16/04/2012 4:16:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CbFs cbfs3 discache ISODisk MpFilter spldr vmm Wanarpv6
16/04/2012 4:16:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
16/04/2012 4:02:59 PM, Error: Service Control Manager [7023] - The Iksyssec service terminated with the following error: Access is denied.
16/04/2012 3:50:19 PM, Error: Service Control Manager [7023] - The Ati service terminated with the following error: The specified procedure could not be found.
16/04/2012 3:36:00 PM, Error: Service Control Manager [7023] - The WmaCVideo32 service terminated with the following error: Access is denied.
16/04/2012 3:32:59 PM, Error: Service Control Manager [7023] - The Blueservice service terminated with the following error: Access is denied.
16/04/2012 3:25:59 PM, Error: Service Control Manager [7023] - The Fallback service terminated with the following error: Access is denied.
16/04/2012 3:21:02 PM, Error: Service Control Manager [7023] - The Pdagent service terminated with the following error: Access is denied.
16/04/2012 3:19:06 PM, Error: Service Control Manager [7023] - The Nwlnknb service terminated with the following error: The specified procedure could not be found.
16/04/2012 2:16:09 PM, Error: Service Control Manager [7023] - The Wmconnectcds service terminated with the following error: Access is denied.
 
16/04/2012 2:14:59 PM, Error: Service Control Manager [7023] - The Iomdisk service terminated with the following error: Access is denied.
16/04/2012 2:13:59 PM, Error: Service Control Manager [7023] - The AsusACPI service terminated with the following error: Access is denied.
16/04/2012 2:13:00 PM, Error: Service Control Manager [7023] - The AVCSTRM service terminated with the following error: Access is denied.
16/04/2012 2:12:00 PM, Error: Service Control Manager [7023] - The Tfsndrct service terminated with the following error: Access is denied.
16/04/2012 2:11:00 PM, Error: Service Control Manager [7023] - The Se44mdfl service terminated with the following error: Access is denied.
16/04/2012 2:10:00 PM, Error: Service Control Manager [7023] - The MRESP50a64 service terminated with the following error: Access is denied.
16/04/2012 2:08:59 PM, Error: Service Control Manager [7023] - The SE26obex service terminated with the following error: Access is denied.
16/04/2012 2:07:59 PM, Error: Service Control Manager [7023] - The Tfsncofs service terminated with the following error: Access is denied.
16/04/2012 2:06:59 PM, Error: Service Control Manager [7023] - The Toside service terminated with the following error: Access is denied.
16/04/2012 2:06:00 PM, Error: Service Control Manager [7023] - The Ql1280 service terminated with the following error: Access is denied.
16/04/2012 2:04:59 PM, Error: Service Control Manager [7023] - The Penclass service terminated with the following error: Access is denied.
16/04/2012 2:04:00 PM, Error: Service Control Manager [7023] - The Dlcq_device service terminated with the following error: Access is denied.
16/04/2012 2:02:59 PM, Error: Service Control Manager [7023] - The TMMEmu service terminated with the following error: Access is denied.
16/04/2012 2:01:59 PM, Error: Service Control Manager [7023] - The Arcltsrv service terminated with the following error: Access is denied.
16/04/2012 2:00:59 PM, Error: Service Control Manager [7023] - The I2omgmt service terminated with the following error: Access is denied.
16/04/2012 10:54:47 AM, Error: Service Control Manager [7023] - The ZD1211BU(ZyDAS) service terminated with the following error: Access is denied.
16/04/2012 10:39:47 AM, Error: Service Control Manager [7023] - The Ftrtsvc service terminated with the following error: Access is denied.
16/04/2012 10:32:40 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address B4-07-F9-04-2D-39. Network operations on this system may be disrupted as a result.
16/04/2012 10:29:57 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
16/04/2012 10:28:59 AM, Error: Service Control Manager [7023] - The HSFHWALI service terminated with the following error: Access is denied.
16/04/2012 10:28:48 AM, Error: Service Control Manager [7023] - The Mpfp service terminated with the following error: Access is denied.
16/04/2012 10:26:46 AM, Error: Service Control Manager [7023] - The Xpagentserver service terminated with the following error: Access is denied.
16/04/2012 10:25:46 AM, Error: Service Control Manager [7023] - The ADIDTSFiltService service terminated with the following error: Access is denied.
16/04/2012 10:24:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
16/04/2012 10:24:46 AM, Error: Service Control Manager [7023] - The Atinrvxx service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Websenselogserver service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Uim_IM service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Uclauncherservice service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Tfsnpool service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The TcUsb service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Sglfb service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The PSDNServ service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Procdd service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Perfnet service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Penrendezvous service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The P3 service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The NICM service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Mps9 service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The MKEMUSB service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Mfebopk service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Bridgemp service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Beatjamupnpmusicserver service terminated with the following error: Access is denied.
16/04/2012 10:24:18 AM, Error: Service Control Manager [7023] - The Aamqdispatcher service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Wwsecsvc service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Wpshelper service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Vncmirror service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Vmkbd service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The VAIOMediaPlatform-VideoServer-HTTP service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Symantecantibotagent service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The SQLAgent$LG_LP2 service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The SE2Emgmt service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Prfldsvc service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Pgsql-8.0 service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The PCISys service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Nvstor32 service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Ntrtscan service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The N558 service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The MS1000 service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Kmixer service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Intcazaudaddservice service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The EmAudio service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Eliservice service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The CTSYN service terminated with the following error: Access is denied.
16/04/2012 10:24:17 AM, Error: Service Control Manager [7023] - The Cpuz132 service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The ZuneBusEnum service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Zpaction service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The VSP1284D service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The U81xbus service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Tosrfcom service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Tmlisten service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The SGHIDI service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Rnadirmultiplexor service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Ptserial service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Pdlncbas service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Nscirda service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Netwg311 service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Lxcccustomerconnect service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Lwwlicenseservice service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The ICAM3NT5 service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The FiltUSBEMPIA service terminated with the following error: Access is denied.
16/04/2012 10:24:16 AM, Error: Service Control Manager [7023] - The Bdfsdrv service terminated with the following error: Access is denied.
16/04/2012 10:24:15 AM, Error: Service Control Manager [7023] - The S3savagemx service terminated with the following error: Access is denied.
16/04/2012 10:24:15 AM, Error: Service Control Manager [7023] - The Mvwebserver service terminated with the following error: Access is denied.
16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Wg111nd5 service terminated with the following error: Access is denied.
16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Prtg4service service terminated with the following error: Access is denied.
16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Pgpsdkservice service terminated with the following error: Access is denied.
16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Padfsvr service terminated with the following error: Access is denied.
16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Lightscribeservice service terminated with the following error: Access is denied.
16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Enecbpth service terminated with the following error: Access is denied.
16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The AMDPCI service terminated with the following error: Access is denied.
16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The Aawservice service terminated with the following error: Access is denied.
16/04/2012 10:23:59 AM, Error: Service Control Manager [7023] - The A8djavs service terminated with the following error: Access is denied.
16/04/2012 10:23:56 AM, Error: Service Control Manager [7023] - The Z800bus service terminated with the following error: Access is denied.
16/04/2012 10:23:56 AM, Error: Service Control Manager [7023] - The FGDSCSI service terminated with the following error: Access is denied.
16/04/2012 10:23:56 AM, Error: Service Control Manager [7023] - The Amusbprt service terminated with the following error: Access is denied.
16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The Vaiomediaplatform-integratedserver-upnp service terminated with the following error: Access is denied.
16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The P16X service terminated with the following error: Access is denied.
16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The Ngdbserv service terminated with the following error: Access is denied.
16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The Mssql$microsoftsmlbiz service terminated with the following error: Access is denied.
16/04/2012 10:23:55 AM, Error: Service Control Manager [7023] - The Dktknsrv service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Ypcservice service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The XTrapD12 service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Wpsnuio service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Wmp54gsvc service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Vpcnfltr service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Ultra66 service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Toscosrv service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Thpsrv service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Ss_mdfl service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Slservice service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Sleepy service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Si3114r5 service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Sgectl service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Rvsinst service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Rt2500 service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The RalinkRegistryWriter service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Mohfilt service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The IPassPeriodicUpdateApp service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Idrivert service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Hardlock service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Etoksrv service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The D-link_st3402 service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Automate6 service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Apfiltrservice service terminated with the following error: Access is denied.
16/04/2012 10:23:54 AM, Error: Service Control Manager [7023] - The Adsservice service terminated with the following error: Access is denied.
16/04/2012 10:23:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000008, 0x00000002, 0x00000000, 0x8c2f45b8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041612-27066-01.
16/04/2012 1:59:59 PM, Error: Service Control Manager [7023] - The Usbmate service terminated with the following error: Access is denied.
16/04/2012 1:58:59 PM, Error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: Access is denied.
16/04/2012 1:57:59 PM, Error: Service Control Manager [7023] - The Antivirservice service terminated with the following error: Access is denied.
16/04/2012 1:56:59 PM, Error: Service Control Manager [7023] - The Savrtpel service terminated with the following error: Access is denied.
16/04/2012 1:55:59 PM, Error: Service Control Manager [7023] - The IAimTV6 service terminated with the following error: Access is denied.
16/04/2012 1:55:00 PM, Error: Service Control Manager [7023] - The USB28xxBGA service terminated with the following error: Access is denied.
16/04/2012 1:53:59 PM, Error: Service Control Manager [7023] - The Tvs service terminated with the following error: Access is denied.
16/04/2012 1:51:59 PM, Error: Service Control Manager [7023] - The Protexislicensing service terminated with the following error: Access is denied.
16/04/2012 1:51:03 PM, Error: Service Control Manager [7023] - The Ispwdsvc service terminated with the following error: Access is denied.
16/04/2012 1:49:59 PM, Error: Service Control Manager [7023] - The USB11LDR service terminated with the following error: Access is denied.
16/04/2012 1:49:04 PM, Error: Service Control Manager [7023] - The Rpcnet service terminated with the following error: Access is denied.
16/04/2012 1:48:00 PM, Error: Service Control Manager [7023] - The StkScan service terminated with the following error: Access is denied.
16/04/2012 1:47:00 PM, Error: Service Control Manager [7023] - The Pcdrndisuio service terminated with the following error: Access is denied.
16/04/2012 1:45:59 PM, Error: Service Control Manager [7023] - The Hprfdev service terminated with the following error: Access is denied.
16/04/2012 1:44:59 PM, Error: Service Control Manager [7023] - The Sympxsvc service terminated with the following error: Access is denied.
16/04/2012 1:43:59 PM, Error: Service Control Manager [7023] - The DCamUSBSQTECH service terminated with the following error: Access is denied.
16/04/2012 1:41:59 PM, Error: Service Control Manager [7023] - The Smbusp service terminated with the following error: Access is denied.
16/04/2012 1:40:59 PM, Error: Service Control Manager [7023] - The Ldap service terminated with the following error: Access is denied.
16/04/2012 1:39:59 PM, Error: Service Control Manager [7023] - The Svcwrsssdk service terminated with the following error: Access is denied.
16/04/2012 1:39:01 PM, Error: Service Control Manager [7023] - The ZTEusbnmea service terminated with the following error: Access is denied.
16/04/2012 1:37:03 PM, Error: Service Control Manager [7023] - The Anbmservice service terminated with the following error: Access is denied.
16/04/2012 1:36:08 PM, Error: Service Control Manager [7023] - The Se45mdfl service terminated with the following error: Access is denied.
16/04/2012 1:35:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
16/04/2012 1:34:59 PM, Error: Service Control Manager [7023] - The Netmdsb service terminated with the following error: Access is denied.
16/04/2012 1:34:01 PM, Error: Service Control Manager [7023] - The Ftpds service terminated with the following error: Access is denied.
16/04/2012 1:33:03 PM, Error: Service Control Manager [7023] - The Rp_fws service terminated with the following error: Access is denied.
16/04/2012 1:32:07 PM, Error: Service Control Manager [7023] - The Usprserv service terminated with the following error: Access is denied.
16/04/2012 1:31:34 PM, Error: Service Control Manager [7023] - The RSAFAL service terminated with the following error: Access is denied.
16/04/2012 1:31:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
16/04/2012 1:31:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
16/04/2012 1:31:09 PM, Error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/04/2012 1:30:00 PM, Error: Service Control Manager [7023] - The Sansaservice service terminated with the following error: Access is denied.
16/04/2012 1:28:59 PM, Error: Service Control Manager [7023] - The Qcmerced service terminated with the following error: Access is denied.
16/04/2012 1:28:03 PM, Error: Service Control Manager [7023] - The Vmx86 service terminated with the following error: Access is denied.
16/04/2012 1:26:59 PM, Error: Service Control Manager [7023] - The Qbposdbservices service terminated with the following error: Access is denied.
16/04/2012 1:26:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
16/04/2012 1:26:16 PM, Error: Service Control Manager [7023] - The Dmisrv service terminated with the following error: Access is denied.
16/04/2012 1:26:11 PM, Error: Service Control Manager [7023] - The AVerBDA service terminated with the following error: The specified module could not be found.
16/04/2012 1:26:09 PM, Error: Service Control Manager [7023] - The Uphclean service terminated with the following error: Access is denied.
16/04/2012 1:26:09 PM, Error: Service Control Manager [7023] - The SE2Bmgmt service terminated with the following error: Access is denied.
16/04/2012 1:26:09 PM, Error: Service Control Manager [7023] - The LEX_AS_NIC_SERVICE_YNOS service terminated with the following error: Access is denied.
16/04/2012 1:26:09 PM, Error: Service Control Manager [7023] - The Agentsrv service terminated with the following error: Access is denied.
16/04/2012 1:26:04 PM, Error: Service Control Manager [7023] - The NVNET service terminated with the following error: Access is denied.
16/04/2012 1:26:04 PM, Error: Service Control Manager [7023] - The NetwareWorkstation service terminated with the following error: Access is denied.
16/04/2012 1:26:04 PM, Error: Service Control Manager [7023] - The AlteraByteBlaster service terminated with the following error: Access is denied.
16/04/2012 1:26:03 PM, Error: Service Control Manager [7023] - The Cdrbsvsd service terminated with the following error: Access is denied.
15/04/2012 9:26:33 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
15/04/2012 8:21:25 PM, Error: Service Control Manager [7023] - The Atmeltpm service terminated with the following error: Access is denied.
15/04/2012 8:19:19 PM, Error: Service Control Manager [7023] - The S616mdfl service terminated with the following error: Access is denied.
15/04/2012 8:18:19 PM, Error: Service Control Manager [7023] - The Ibmsmbus service terminated with the following error: Access is denied.
15/04/2012 8:17:19 PM, Error: Service Control Manager [7023] - The ATIBTCAP service terminated with the following error: Access is denied.
15/04/2012 8:15:19 PM, Error: Service Control Manager [7023] - The Enum1394 service terminated with the following error: Access is denied.
15/04/2012 8:14:19 PM, Error: Service Control Manager [7023] - The Websensepolicyserver service terminated with the following error: Access is denied.
15/04/2012 8:13:19 PM, Error: Service Control Manager [7023] - The Cvslock service terminated with the following error: Access is denied.
15/04/2012 8:12:19 PM, Error: Service Control Manager [7023] - The FireTDI service terminated with the following error: Access is denied.
15/04/2012 8:11:19 PM, Error: Service Control Manager [7023] - The StickyMesger service terminated with the following error: Access is denied.
15/04/2012 8:10:19 PM, Error: Service Control Manager [7023] - The Datasvr2 service terminated with the following error: Access is denied.
15/04/2012 8:09:19 PM, Error: Service Control Manager [7023] - The Matlabserver service terminated with the following error: Access is denied.
15/04/2012 8:08:19 PM, Error: Service Control Manager [7023] - The Avgascln service terminated with the following error: Access is denied.
15/04/2012 8:07:19 PM, Error: Service Control Manager [7023] - The Uscbs108 service terminated with the following error: Access is denied.
15/04/2012 8:05:19 PM, Error: Service Control Manager [7023] - The Battc service terminated with the following error: Access is denied.
15/04/2012 8:04:19 PM, Error: Service Control Manager [7023] - The Vaiomediaplatform-photoserver-appserver service terminated with the following error: Access is denied.
15/04/2012 8:03:19 PM, Error: Service Control Manager [7023] - The Ibmfilter service terminated with the following error: Access is denied.
15/04/2012 8:02:19 PM, Error: Service Control Manager [7023] - The Ifxspmgtsrv service terminated with the following error: Access is denied.
15/04/2012 8:01:19 PM, Error: Service Control Manager [7023] - The Tng-doba service terminated with the following error: Access is denied.
15/04/2012 8:00:19 PM, Error: Service Control Manager [7023] - The Marvinbus service terminated with the following error: Access is denied.
15/04/2012 7:59:19 PM, Error: Service Control Manager [7023] - The Vaiomediaplatform-mobile-gateway service terminated with the following error: Access is denied.
15/04/2012 7:58:19 PM, Error: Service Control Manager [7023] - The LMS service terminated with the following error: Access is denied.
15/04/2012 7:57:19 PM, Error: Service Control Manager [7023] - The Nvstor64 service terminated with the following error: Access is denied.
15/04/2012 7:56:19 PM, Error: Service Control Manager [7023] - The SIODRV service terminated with the following error: Access is denied.
15/04/2012 7:55:19 PM, Error: Service Control Manager [7023] - The Se44obex service terminated with the following error: Access is denied.
15/04/2012 7:54:19 PM, Error: Service Control Manager [7023] - The MREMP50 service terminated with the following error: Access is denied.
15/04/2012 7:53:19 PM, Error: Service Control Manager [7023] - The Nmsaccess service terminated with the following error: Access is denied.
15/04/2012 7:52:19 PM, Error: Service Control Manager [7023] - The Freebsd service terminated with the following error: Access is denied.
15/04/2012 7:51:19 PM, Error: Service Control Manager [7023] - The S7oppitx service terminated with the following error: Access is denied.
15/04/2012 7:50:19 PM, Error: Service Control Manager [7023] - The Logonsvcid service terminated with the following error: Access is denied.
15/04/2012 7:49:19 PM, Error: Service Control Manager [7023] - The Avfilter service terminated with the following error: Access is denied.
15/04/2012 7:48:19 PM, Error: Service Control Manager [7023] - The SlWdmSup service terminated with the following error: Access is denied.
15/04/2012 7:47:19 PM, Error: Service Control Manager [7023] - The SrvcEPIOMngr service terminated with the following error: Access is denied.
15/04/2012 7:46:19 PM, Error: Service Control Manager [7023] - The Contentindex service terminated with the following error: Access is denied.
15/04/2012 7:45:19 PM, Error: Service Control Manager [7023] - The Snoopfree service terminated with the following error: Access is denied.
15/04/2012 7:44:19 PM, Error: Service Control Manager [7023] - The W700mgmt service terminated with the following error: Access is denied.
15/04/2012 7:43:19 PM, Error: Service Control Manager [7023] - The Traprcvr service terminated with the following error: Access is denied.
15/04/2012 7:42:19 PM, Error: Service Control Manager [7023] - The Queuemgr service terminated with the following error: Access is denied.
15/04/2012 7:41:19 PM, Error: Service Control Manager [7023] - The EMATCORE service terminated with the following error: Access is denied.
15/04/2012 7:40:19 PM, Error: Service Control Manager [7023] - The STV680m service terminated with the following error: Access is denied.
15/04/2012 7:39:19 PM, Error: Service Control Manager [7023] - The Ifp800 service terminated with the following error: Access is denied.
15/04/2012 7:38:19 PM, Error: Service Control Manager [7023] - The NVTCP service terminated with the following error: Access is denied.
15/04/2012 7:37:19 PM, Error: Service Control Manager [7023] - The MRENDIS5 service terminated with the following error: Access is denied.
15/04/2012 7:36:19 PM, Error: Service Control Manager [7023] - The IASJet service terminated with the following error: Access is denied.
15/04/2012 7:35:20 PM, Error: Service Control Manager [7023] - The Lxbu_device service terminated with the following error: Access is denied.
15/04/2012 7:34:19 PM, Error: Service Control Manager [7023] - The Backuplauncher service terminated with the following error: Access is denied.
15/04/2012 7:33:19 PM, Error: Service Control Manager [7023] - The Amdk77 service terminated with the following error: Access is denied.
15/04/2012 7:32:19 PM, Error: Service Control Manager [7023] - The Wacommousefilter service terminated with the following error: Access is denied.
 
15/04/2012 7:31:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
15/04/2012 7:31:19 PM, Error: Service Control Manager [7023] - The RVIEG01 service terminated with the following error: Access is denied.
15/04/2012 7:30:19 PM, Error: Service Control Manager [7023] - The V0080Dev service terminated with the following error: Access is denied.
15/04/2012 7:29:19 PM, Error: Service Control Manager [7023] - The DKbFltr service terminated with the following error: Access is denied.
15/04/2012 7:28:19 PM, Error: Service Control Manager [7023] - The Dell1100_FUService service terminated with the following error: Access is denied.
15/04/2012 7:27:19 PM, Error: Service Control Manager [7023] - The Hpqddsvc service terminated with the following error: Access is denied.
15/04/2012 7:26:19 PM, Error: Service Control Manager [7023] - The SWUMX20 service terminated with the following error: Access is denied.
15/04/2012 7:25:19 PM, Error: Service Control Manager [7023] - The Centennialclientagent service terminated with the following error: Access is denied.
15/04/2012 7:24:19 PM, Error: Service Control Manager [7023] - The A016mdm service terminated with the following error: Access is denied.
15/04/2012 7:23:19 PM, Error: Service Control Manager [7023] - The Vulfnths service terminated with the following error: Access is denied.
15/04/2012 7:22:19 PM, Error: Service Control Manager [7023] - The Pavsrv service terminated with the following error: Access is denied.
15/04/2012 7:21:19 PM, Error: Service Control Manager [7023] - The IAimFP7 service terminated with the following error: Access is denied.
15/04/2012 7:20:19 PM, Error: Service Control Manager [7023] - The Bt3cusb service terminated with the following error: Access is denied.
15/04/2012 7:19:19 PM, Error: Service Control Manager [7023] - The Crystaloutputfileserver service terminated with the following error: Access is denied.
15/04/2012 7:15:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
15/04/2012 7:14:40 PM, Error: Service Control Manager [7023] - The FireHook service terminated with the following error: Access is denied.
15/04/2012 7:14:37 PM, Error: Service Control Manager [7023] - The Nvstor32 service terminated with the following error: The specified module could not be found.
15/04/2012 7:14:37 PM, Error: Service Control Manager [7023] - The HWSCtrl service terminated with the following error: Access is denied.
15/04/2012 7:14:31 PM, Error: Service Control Manager [7023] - The Houdiniserver service terminated with the following error: Access is denied.
15/04/2012 7:14:30 PM, Error: Service Control Manager [7023] - The Sqlserveragent service terminated with the following error: Access is denied.
15/04/2012 7:06:02 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
15/04/2012 7:05:51 PM, Error: Service Control Manager [7023] - The XAudio service terminated with the following error: Access is denied.
15/04/2012 5:53:16 PM, Error: Service Control Manager [7023] - The Ac97intc service terminated with the following error: Access is denied.
15/04/2012 5:53:07 PM, Error: Service Control Manager [7023] - The Sbservice service terminated with the following error: Access is denied.
15/04/2012 5:50:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
15/04/2012 5:50:51 PM, Error: Service Control Manager [7023] - The Cpqdfw service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Webrootspysweeperservice service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The W810mdm service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Vsapint service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Usbscan service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Tomcatcws3 service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Tfsnifs service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The SNTIE service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Slapd-config52 service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Sisnic service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The SECYPUSB service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Se58bus service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Se27nd5 service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The SABProcEnum service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Regservice service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Pctoolsfirewallplus service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The NWSNS service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The NWADI service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The MRV6X32P service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Meraksmtp service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The M2500 service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Lxbs_device service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Ctxcpuusync service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Ctmmfilt service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The C-Dilla service terminated with the following error: Access is denied.
15/04/2012 5:50:00 PM, Error: Service Control Manager [7023] - The Adobeversioncue service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Webcompserver service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The VirtualFD service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The VIAPFD service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The SE2Eobex service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The S616mgmt service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Rtport service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The RivaTuner32 service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Pserve service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The PDExchange service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Pcidump service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Nvnetbus service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The MTC0001_ESB service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Lxdm_device service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Ibmcicstransactiongateway service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The F700imd service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Elbycdio service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Cwcwdm service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The CdaD10BA service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Bb-run service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Avsinc service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The Avg7alrt service terminated with the following error: Access is denied.
15/04/2012 5:49:59 PM, Error: Service Control Manager [7023] - The ATNT40K service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Zebrmdmc service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Wlluc48b service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The W550mdm service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The SMCB000 service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Slabser service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Service1 service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The S716mgmt service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Raysat3_4_6_18server service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Oracle_load_balancer_60_server-forms6i service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Msgsrvservice service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Mgactrl service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The LHidUsbK service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Knobserv service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Ifxtcs service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Enethusb service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The Bgmainsvc service terminated with the following error: Access is denied.
15/04/2012 5:49:58 PM, Error: Service Control Manager [7023] - The 3combootp service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Wanminiportservice service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Vpn5000service service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Usnjsvc service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Uleadburninghelper service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Stllssvr service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Sfman service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The SE2Bobex service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The S125mdfl service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Qbreminderflash service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Qbposdbextservices service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Mssql$sqlexpress service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Mssql$microsoftbcm service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The LXARScan service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Lvmvdrv service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Isapisearch service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The IPFilter service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The GetPlusHelper service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The Eamon service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The DLH5X service terminated with the following error: Access is denied.
15/04/2012 5:49:57 PM, Error: Service Control Manager [7023] - The BCM43XV service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The VX1000 service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Vhidmini service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The S217mdm service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The RAPIProtocol service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Pctspk service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Olregcap service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Lhidflt2 service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Iviregmgr service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Irda service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The HabuFltr service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The CTAudSvcService service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Cpqfcalm service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Cics.region1 service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Bridge service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Arrayssl_vpn_service3,0,1,9 service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Alim1541 service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Alcaudsl service terminated with the following error: Access is denied.
15/04/2012 5:49:56 PM, Error: Service Control Manager [7023] - The Adobeactivefilemonitor5.0 service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The WimFltr service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Vcommmgr service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Tossmbnt service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Symevent service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Suservice service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Sscdserd service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Se58obex service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The S7otranx service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Rt61 service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The RESMGR service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Pdlnctdl service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The NOWMEMDF service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Msfwsvc service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Lvprcsrv service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Icraplus service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The GTWModem service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Cdralw2k service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Backupexecjobengine service terminated with the following error: Access is denied.
15/04/2012 5:49:55 PM, Error: Service Control Manager [7023] - The Atitunep service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Vcsw service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Spcsutilityservice service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Se45obex service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The S716bus service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The S616unic service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Racsvc service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Mcupdmgr.exe service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Mclogmanagerservice service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Iwebmsg service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The HPSLPSVC service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Hdthermal service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Deltafw service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Cis1284 service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Besclient service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Beatjammusicstreamingserver service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Bc_filter service terminated with the following error: Access is denied.
15/04/2012 5:49:54 PM, Error: Service Control Manager [7023] - The Aksusb service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Zpsc service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The XilinxPC4Driver service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The SrvcTPIOMngr service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Serialkeys service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Pdlnecfg service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Nwlnkfwd service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Nod32krn service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Nmindexingservice service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Naimagent32 service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Mcnasvc service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Mcdbus service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Mbmiodrvr service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The IPassP service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Fsaua service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Elosystemservice service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The CTDevice_Srv service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The Cfosspeeds service terminated with the following error: Access is denied.
15/04/2012 5:49:53 PM, Error: Service Control Manager [7023] - The BCMModem service terminated with the following error: Access is denied.
15/04/2012 10:07:20 PM, Error: Service Control Manager [7023] - The ROB_V service terminated with the following error: Access is denied.
15/04/2012 10:00:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
14/04/2012 8:30:05 PM, Error: Service Control Manager [7023] - The Pinger service terminated with the following error: Access is denied.
14/04/2012 8:29:08 PM, Error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: Access is denied.
14/04/2012 8:26:05 PM, Error: Service Control Manager [7023] - The Mnsframework service terminated with the following error: Access is denied.
14/04/2012 8:25:06 PM, Error: Service Control Manager [7023] - The Relational service terminated with the following error: Access is denied.
14/04/2012 8:24:07 PM, Error: Service Control Manager [7023] - The Arhidfltr service terminated with the following error: Access is denied.
14/04/2012 8:23:05 PM, Error: Service Control Manager [7023] - The Captureservice service terminated with the following error: Access is denied.
14/04/2012 8:22:05 PM, Error: Service Control Manager [7023] - The Mdmxsdk service terminated with the following error: Access is denied.
14/04/2012 8:19:06 PM, Error: Service Control Manager [7023] - The Neokdss service terminated with the following error: Access is denied.
14/04/2012 8:15:06 PM, Error: Service Control Manager [7023] - The Vetmsgnt service terminated with the following error: Access is denied.
14/04/2012 8:14:05 PM, Error: Service Control Manager [7023] - The Psdistributionagent service terminated with the following error: Access is denied.
14/04/2012 8:13:05 PM, Error: Service Control Manager [7023] - The CnxtHdAudService service terminated with the following error: Access is denied.
14/04/2012 8:11:05 PM, Error: Service Control Manager [7023] - The Rca service terminated with the following error: Access is denied.
14/04/2012 8:09:05 PM, Error: Service Control Manager [7023] - The CTEXFIFX.DLL service terminated with the following error: Access is denied.
14/04/2012 8:06:06 PM, Error: Service Control Manager [7023] - The Digirefresh service terminated with the following error: Access is denied.
14/04/2012 8:04:06 PM, Error: Service Control Manager [7023] - The Vrfwsvc service terminated with the following error: Access is denied.
14/04/2012 8:03:05 PM, Error: Service Control Manager [7023] - The Mail2ec service terminated with the following error: Access is denied.
14/04/2012 8:02:05 PM, Error: Service Control Manager [7023] - The De_serv service terminated with the following error: Access is denied.
14/04/2012 8:01:06 PM, Error: Service Control Manager [7023] - The Digisptiservice service terminated with the following error: Access is denied.
14/04/2012 8:00:05 PM, Error: Service Control Manager [7023] - The Vusbbus service terminated with the following error: Access is denied.
14/04/2012 7:59:06 PM, Error: Service Control Manager [7023] - The Netmnt service terminated with the following error: Access is denied.
14/04/2012 7:57:05 PM, Error: Service Control Manager [7023] - The ESDCR service terminated with the following error: Access is denied.
14/04/2012 7:56:15 PM, Error: Service Control Manager [7023] - The Lexbces service terminated with the following error: Access is denied.
14/04/2012 7:55:05 PM, Error: Service Control Manager [7023] - The Si3132r5 service terminated with the following error: Access is denied.
14/04/2012 7:54:06 PM, Error: Service Control Manager [7023] - The Bcm4sbxp service terminated with the following error: Access is denied.
14/04/2012 7:53:05 PM, Error: Service Control Manager [7023] - The Ql2100 service terminated with the following error: Access is denied.
14/04/2012 7:51:07 PM, Error: Service Control Manager [7023] - The Hsxhwazl service terminated with the following error: Access is denied.
14/04/2012 7:50:05 PM, Error: Service Control Manager [7023] - The Ghostsec service terminated with the following error: Access is denied.
14/04/2012 7:49:06 PM, Error: Service Control Manager [7023] - The Winvnc service terminated with the following error: Access is denied.
14/04/2012 7:48:05 PM, Error: Service Control Manager [7023] - The Ssscsisv service terminated with the following error: Access is denied.
14/04/2012 7:47:05 PM, Error: Service Control Manager [7023] - The NeroMediaHomeService.4 service terminated with the following error: Access is denied.
14/04/2012 7:46:06 PM, Error: Service Control Manager [7023] - The Ezplay service terminated with the following error: Access is denied.
14/04/2012 7:45:05 PM, Error: Service Control Manager [7023] - The DevUpper service terminated with the following error: Access is denied.
14/04/2012 7:43:06 PM, Error: Service Control Manager [7023] - The SED133x service terminated with the following error: Access is denied.
14/04/2012 7:41:06 PM, Error: Service Control Manager [7023] - The NETGEAR_MA111 service terminated with the following error: Access is denied.
14/04/2012 7:40:09 PM, Error: Service Control Manager [7023] - The Amsmpu4p service terminated with the following error: Access is denied.
14/04/2012 7:39:05 PM, Error: Service Control Manager [7023] - The Z525mdm service terminated with the following error: Access is denied.
14/04/2012 7:38:05 PM, Error: Service Control Manager [7023] - The Mpe service terminated with the following error: Access is denied.
14/04/2012 7:37:05 PM, Error: Service Control Manager [7023] - The DcPTP service terminated with the following error: Access is denied.
14/04/2012 7:36:05 PM, Error: Service Control Manager [7023] - The 6to4 service terminated with the following error: Access is denied.
14/04/2012 7:35:05 PM, Error: Service Control Manager [7023] - The Gdrv service terminated with the following error: Access is denied.
14/04/2012 7:34:05 PM, Error: Service Control Manager [7023] - The Enxpsvc service terminated with the following error: Access is denied.
14/04/2012 7:33:05 PM, Error: Service Control Manager [7023] - The Wmp54gv4svc service terminated with the following error: Access is denied.
14/04/2012 7:32:05 PM, Error: Service Control Manager [7023] - The Mwstick service terminated with the following error: Access is denied.
14/04/2012 7:31:05 PM, Error: Service Control Manager [7023] - The MR97310_USB_DUAL_CAMERA service terminated with the following error: Access is denied.
14/04/2012 7:30:05 PM, Error: Service Control Manager [7023] - The SE27obex service terminated with the following error: Access is denied.
14/04/2012 7:29:06 PM, Error: Service Control Manager [7023] - The Hamachi service terminated with the following error: Access is denied.
14/04/2012 7:28:05 PM, Error: Service Control Manager [7023] - The Driverhardwarev2 service terminated with the following error: Access is denied.
14/04/2012 7:27:06 PM, Error: Service Control Manager [7023] - The PdiPorts service terminated with the following error: Access is denied.
14/04/2012 7:26:05 PM, Error: Service Control Manager [7023] - The Pimsgss service terminated with the following error: Access is denied.
14/04/2012 7:25:05 PM, Error: Service Control Manager [7023] - The CAMFLT service terminated with the following error: Access is denied.
14/04/2012 7:24:06 PM, Error: Service Control Manager [7023] - The VRcore service terminated with the following error: Access is denied.
14/04/2012 7:23:05 PM, Error: Service Control Manager [7023] - The Spcflt service terminated with the following error: Access is denied.
14/04/2012 7:21:06 PM, Error: Service Control Manager [7023] - The Lxbt_device service terminated with the following error: Access is denied.
14/04/2012 7:20:06 PM, Error: Service Control Manager [7023] - The Cq_mem service terminated with the following error: Access is denied.
14/04/2012 7:19:06 PM, Error: Service Control Manager [7023] - The Dpc_srv_webcast service terminated with the following error: Access is denied.
14/04/2012 7:18:05 PM, Error: Service Control Manager [7023] - The Amsint service terminated with the following error: Access is denied.
14/04/2012 7:17:06 PM, Error: Service Control Manager [7023] - The VRADFIL service terminated with the following error: Access is denied.
14/04/2012 7:15:06 PM, Error: Service Control Manager [7023] - The SNPSTD3 service terminated with the following error: Access is denied.
14/04/2012 7:14:05 PM, Error: Service Control Manager [7023] - The Ulcdrhlp service terminated with the following error: Access is denied.
14/04/2012 7:12:05 PM, Error: Service Control Manager [7023] - The Sagefserver service terminated with the following error: Access is denied.
14/04/2012 7:11:06 PM, Error: Service Control Manager [7023] - The Z800mgmt service terminated with the following error: Access is denied.
14/04/2012 7:10:05 PM, Error: Service Control Manager [7023] - The Ar5211 service terminated with the following error: Access is denied.
14/04/2012 7:09:14 PM, Error: Service Control Manager [7023] - The CX88ENC service terminated with the following error: Access is denied.
14/04/2012 7:08:05 PM, Error: Service Control Manager [7023] - The Symc810 service terminated with the following error: Access is denied.
14/04/2012 7:07:06 PM, Error: Service Control Manager [7023] - The Ipassconnectengine service terminated with the following error: Access is denied.
14/04/2012 7:06:05 PM, Error: Service Control Manager [7023] - The Olapserver service terminated with the following error: Access is denied.
14/04/2012 7:04:06 PM, Error: Service Control Manager [7023] - The SE2Bmdfl service terminated with the following error: Access is denied.
14/04/2012 7:03:05 PM, Error: Service Control Manager [7023] - The Lvtuner service terminated with the following error: Access is denied.
14/04/2012 7:01:06 PM, Error: Service Control Manager [7023] - The Emu10k1 service terminated with the following error: Access is denied.
14/04/2012 6:59:06 PM, Error: Service Control Manager [7023] - The W200mdfl service terminated with the following error: Access is denied.
14/04/2012 6:58:06 PM, Error: Service Control Manager [7023] - The Rtl8185 service terminated with the following error: Access is denied.
14/04/2012 6:57:05 PM, Error: Service Control Manager [7023] - The Nmraapache service terminated with the following error: Access is denied.
14/04/2012 6:56:06 PM, Error: Service Control Manager [7023] - The Winvnc4 service terminated with the following error: Access is denied.
14/04/2012 6:55:05 PM, Error: Service Control Manager [7023] - The Hotkey service terminated with the following error: Access is denied.
14/04/2012 6:54:05 PM, Error: Service Control Manager [7023] - The UWProSys service terminated with the following error: Access is denied.
14/04/2012 6:53:06 PM, Error: Service Control Manager [7023] - The Steamdvr service terminated with the following error: Access is denied.
14/04/2012 6:52:05 PM, Error: Service Control Manager [7023] - The Lxcr_device service terminated with the following error: Access is denied.
14/04/2012 6:51:06 PM, Error: Service Control Manager [7023] - The CVPND service terminated with the following error: Access is denied.
14/04/2012 6:49:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
14/04/2012 6:48:06 PM, Error: Service Control Manager [7023] - The Emupia service terminated with the following error: Access is denied.
14/04/2012 6:46:06 PM, Error: Service Control Manager [7023] - The Mtlstrm service terminated with the following error: Access is denied.
14/04/2012 6:45:05 PM, Error: Service Control Manager [7023] - The Icepack service terminated with the following error: Access is denied.
14/04/2012 6:44:06 PM, Error: Service Control Manager [7023] - The Axskbus service terminated with the following error: Access is denied.
14/04/2012 6:42:06 PM, Error: Service Control Manager [7023] - The LKbdFlt2 service terminated with the following error: Access is denied.
14/04/2012 6:41:23 PM, Error: Service Control Manager [7023] - The Ceepwrsvc service terminated with the following error: Access is denied.
14/04/2012 6:38:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
14/04/2012 6:37:21 PM, Error: Service Control Manager [7023] - The Mqdmserd service terminated with the following error: The specified module could not be found.
14/04/2012 6:11:27 PM, Error: Service Control Manager [7023] - The PBADRV service terminated with the following error: Access is denied.
14/04/2012 5:56:27 PM, Error: Service Control Manager [7023] - The Sshrmd service terminated with the following error: Access is denied.
14/04/2012 5:41:27 PM, Error: Service Control Manager [7023] - The Symc8xx service terminated with the following error: Access is denied.
14/04/2012 5:26:27 PM, Error: Service Control Manager [7023] - The Zpnodecollector service terminated with the following error: Access is denied.
14/04/2012 5:19:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
14/04/2012 5:11:27 PM, Error: Service Control Manager [7023] - The Regmanserv service terminated with the following error: Access is denied.
14/04/2012 5:11:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
14/04/2012 5:10:51 PM, Error: Service Control Manager [7023] - The Thinkpadmodemservice service terminated with the following error: Access is denied.
14/04/2012 2:23:49 AM, Error: Service Control Manager [7023] - The Rimmptsk service terminated with the following error: Access is denied.
14/04/2012 2:08:49 AM, Error: Service Control Manager [7023] - The Hpzius12 service terminated with the following error: Access is denied.
14/04/2012 12:53:49 AM, Error: Service Control Manager [7023] - The Ksthunk service terminated with the following error: Access is denied.
14/04/2012 12:38:49 AM, Error: Service Control Manager [7023] - The Nvidesm service terminated with the following error: Access is denied.
14/04/2012 12:29:16 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
14/04/2012 12:23:49 AM, Error: Service Control Manager [7023] - The EACSys service terminated with the following error: Access is denied.
14/04/2012 12:23:26 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
14/04/2012 11:14:05 PM, Error: Service Control Manager [7023] - The Rtl8029 service terminated with the following error: Access is denied.
14/04/2012 10:50:06 PM, Error: Service Control Manager [7023] - The Ntsecure service terminated with the following error: Access is denied.
14/04/2012 10:37:06 PM, Error: Service Control Manager [7023] - The Oraclewebassistant service terminated with the following error: Access is denied.
14/04/2012 1:53:49 AM, Error: Service Control Manager [7023] - The Bufserv service terminated with the following error: Access is denied.
14/04/2012 1:48:41 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
14/04/2012 1:38:49 AM, Error: Service Control Manager [7023] - The ZDPSp50 service terminated with the following error: Access is denied.
13/04/2012 9:31:05 AM, Error: Service Control Manager [7023] - The Maxbackserviceint service terminated with the following error: Access is denied.
13/04/2012 9:27:05 AM, Error: Service Control Manager [7023] - The A4S2600 service terminated with the following error: Access is denied.
13/04/2012 9:26:05 AM, Error: Service Control Manager [7023] - The Bt3cser service terminated with the following error: Access is denied.
13/04/2012 6:02:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
13/04/2012 4:30:21 PM, Error: Schannel [36887] - The following fatal alert was received: 48.
12/04/2012 8:34:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/04/2012 8:15:45 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
11:03:01.0748 9336 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:03:02.0750 9336 ============================================================
11:03:02.0750 9336 Current date / time: 2012/04/17 11:03:02.0750
11:03:02.0750 9336 SystemInfo:
11:03:02.0750 9336
11:03:02.0750 9336 OS Version: 6.1.7601 ServicePack: 1.0
11:03:02.0750 9336 Product type: Workstation
11:03:02.0750 9336 ComputerName: CHEUNG-DESKTOP
11:03:02.0751 9336 UserName: Cheung
11:03:02.0751 9336 Windows directory: C:\Windows
11:03:02.0751 9336 System windows directory: C:\Windows
11:03:02.0751 9336 Processor architecture: Intel x86
11:03:02.0751 9336 Number of processors: 4
11:03:02.0751 9336 Page size: 0x1000
11:03:02.0751 9336 Boot type: Normal boot
11:03:02.0751 9336 ============================================================
11:03:05.0201 9336 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:03:11.0725 9336 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:03:11.0775 9336 \Device\Harddisk0\DR0:
11:03:11.0818 9336 MBR used
11:03:11.0818 9336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3FF0B7D8
11:03:11.0818 9336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3FF0B817, BlocksNum 0x347FA1AA
11:03:11.0818 9336 \Device\Harddisk1\DR1:
11:03:11.0818 9336 MBR used
11:03:11.0818 9336 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
11:03:12.0071 9336 Initialize success
11:03:12.0071 9336 ============================================================
11:03:16.0583 10868 ============================================================
11:03:16.0583 10868 Scan started
11:03:16.0584 10868 Mode: Manual;
11:03:16.0584 10868 ============================================================
11:03:18.0665 10868 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:03:18.0714 10868 1394ohci - ok
11:03:18.0958 10868 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:03:18.0972 10868 ACPI - ok
11:03:19.0243 10868 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:03:19.0258 10868 AcpiPmi - ok
11:03:19.0433 10868 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
11:03:19.0442 10868 Ad-Aware Service - ok
11:03:19.0590 10868 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:03:19.0590 10868 AdobeARMservice - ok
11:03:19.0759 10868 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:03:19.0762 10868 AdobeFlashPlayerUpdateSvc - ok
11:03:19.0820 10868 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:03:19.0825 10868 adp94xx - ok
11:03:19.0894 10868 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:03:19.0918 10868 adpahci - ok
11:03:20.0005 10868 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:03:20.0008 10868 adpu320 - ok
11:03:20.0129 10868 ADSMService - ok
11:03:20.0179 10868 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:03:20.0207 10868 AeLookupSvc - ok
11:03:20.0440 10868 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:03:20.0444 10868 AFD - ok
11:03:20.0495 10868 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:03:20.0497 10868 agp440 - ok
11:03:20.0545 10868 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:03:20.0548 10868 aic78xx - ok
11:03:20.0727 10868 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
11:03:20.0728 10868 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
11:03:20.0739 10868 Akamai ( HiddenFile.Multi.Generic ) - warning
11:03:20.0739 10868 Akamai - detected HiddenFile.Multi.Generic (1)
11:03:20.0945 10868 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:03:20.0974 10868 ALG - ok
11:03:21.0088 10868 algpxihc - ok
11:03:21.0174 10868 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:03:21.0184 10868 aliide - ok
11:03:21.0287 10868 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:03:21.0289 10868 amdagp - ok
11:03:21.0317 10868 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:03:21.0319 10868 amdide - ok
11:03:21.0387 10868 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:03:21.0388 10868 AmdK8 - ok
11:03:21.0405 10868 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:03:21.0407 10868 AmdPPM - ok
11:03:21.0462 10868 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:03:21.0464 10868 amdsata - ok
11:03:21.0484 10868 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:03:21.0487 10868 amdsbs - ok
11:03:21.0507 10868 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:03:21.0508 10868 amdxata - ok
11:03:21.0527 10868 anfrxscr - ok
11:03:21.0553 10868 anrxzaes - ok
11:03:21.0594 10868 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:03:21.0595 10868 AppID - ok
11:03:21.0678 10868 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:03:21.0679 10868 AppIDSvc - ok
11:03:21.0792 10868 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:03:21.0795 10868 Appinfo - ok
11:03:21.0907 10868 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:03:21.0908 10868 Apple Mobile Device - ok
11:03:21.0940 10868 application - ok
11:03:21.0974 10868 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:03:21.0989 10868 AppMgmt - ok
11:03:22.0112 10868 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:03:22.0113 10868 arc - ok
11:03:22.0123 10868 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:03:22.0125 10868 arcsas - ok
11:03:22.0217 10868 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:03:22.0257 10868 aspnet_state - ok
11:03:22.0289 10868 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:03:22.0290 10868 AsyncMac - ok
11:03:22.0402 10868 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:03:22.0403 10868 atapi - ok
11:03:22.0435 10868 AtcL001 (20b956a7d7484915b647fa13569ab557) C:\Windows\system32\DRIVERS\l160x86.sys
11:03:22.0437 10868 AtcL001 - ok
11:03:22.0492 10868 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
11:03:22.0504 10868 athr - ok
11:03:22.0640 10868 atierecord (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\mxnic.dll
11:03:22.0797 10868 Suspicious file (NoAccess): C:\Windows\system32\mxnic.dll. md5: 11028c6a84a967070cb1286550f2058f
11:03:22.0797 10868 atierecord ( Backdoor.Multi.ZAccess.gen ) - infected
11:03:22.0797 10868 atierecord - detected Backdoor.Multi.ZAccess.gen (0)
11:03:23.0224 10868 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:03:23.0260 10868 AudioEndpointBuilder - ok
11:03:23.0318 10868 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:03:23.0320 10868 Audiosrv - ok
11:03:23.0482 10868 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:03:23.0492 10868 AxInstSV - ok
11:03:23.0582 10868 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:03:23.0588 10868 b06bdrv - ok
11:03:23.0629 10868 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:03:23.0633 10868 b57nd60x - ok
11:03:23.0747 10868 Bcim - ok
11:03:23.0787 10868 bcykqxnd - ok
11:03:23.0830 10868 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:03:23.0839 10868 BDESVC - ok
11:03:23.0922 10868 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:03:23.0934 10868 Beep - ok
11:03:23.0974 10868 bfeazglf - ok
11:03:24.0018 10868 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
11:03:24.0058 10868 BITS - ok
11:03:24.0179 10868 bkasepal - ok
11:03:24.0225 10868 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:03:24.0227 10868 blbdrive - ok
11:03:24.0320 10868 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
11:03:24.0323 10868 Bonjour Service - ok
11:03:24.0489 10868 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:03:24.0508 10868 bowser - ok
11:03:24.0639 10868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:03:24.0640 10868 BrFiltLo - ok
11:03:24.0664 10868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:03:24.0665 10868 BrFiltUp - ok
11:03:24.0770 10868 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:03:24.0773 10868 Browser - ok
11:03:24.0815 10868 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:03:24.0819 10868 Brserid - ok
11:03:24.0855 10868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:03:24.0857 10868 BrSerWdm - ok
11:03:24.0878 10868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:03:24.0878 10868 BrUsbMdm - ok
11:03:24.0899 10868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:03:24.0900 10868 BrUsbSer - ok
11:03:24.0957 10868 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
11:03:24.0968 10868 BTCFilterService - ok
11:03:25.0108 10868 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
11:03:25.0119 10868 BthEnum - ok
11:03:25.0282 10868 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:03:25.0308 10868 BTHMODEM - ok
11:03:25.0619 10868 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
11:03:25.0648 10868 BthPan - ok
11:03:25.0845 10868 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
11:03:25.0867 10868 BTHPORT - ok
11:03:25.0964 10868 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:03:25.0982 10868 bthserv - ok
11:03:26.0142 10868 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
11:03:26.0143 10868 BTHUSB - ok
11:03:26.0194 10868 btkrnl - ok
11:03:26.0272 10868 CbFs (a975187f3c8867f8d00a698a5282672b) C:\Windows\system32\drivers\cbfs.sys
11:03:26.0304 10868 CbFs - ok
11:03:26.0410 10868 cbfs3 (ee04be5ff8bf34aff89c2df9bc94f173) C:\Windows\system32\drivers\cbfs3.sys
11:03:26.0430 10868 cbfs3 - ok
11:03:26.0598 10868 ccevtmgr - ok
11:03:26.0775 10868 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:03:26.0777 10868 cdfs - ok
11:03:26.0835 10868 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:03:26.0838 10868 cdrom - ok
11:03:26.0890 10868 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:03:26.0897 10868 CertPropSvc - ok
11:03:27.0009 10868 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:03:27.0022 10868 circlass - ok
11:03:27.0147 10868 cisvc - ok
11:03:27.0222 10868 cleqxnfr - ok
11:03:27.0279 10868 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:03:27.0283 10868 CLFS - ok
11:03:27.0343 10868 clrpisck - ok
11:03:27.0542 10868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:03:27.0600 10868 clr_optimization_v2.0.50727_32 - ok
11:03:27.0814 10868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:03:28.0049 10868 clr_optimization_v4.0.30319_32 - ok
11:03:28.0169 10868 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:03:28.0170 10868 CmBatt - ok
11:03:28.0245 10868 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:03:28.0247 10868 cmdide - ok
11:03:28.0292 10868 cmfxxesp - ok
11:03:28.0384 10868 cnbqyxod - ok
11:03:28.0504 10868 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:03:28.0529 10868 CNG - ok
11:03:28.0588 10868 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:03:28.0589 10868 Compbatt - ok
11:03:28.0827 10868 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:03:28.0839 10868 CompositeBus - ok
11:03:28.0957 10868 COMSysApp - ok
11:03:29.0014 10868 cqumwyqr - ok
11:03:29.0169 10868 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:03:29.0180 10868 crcdisk - ok
11:03:29.0427 10868 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
11:03:29.0433 10868 CryptSvc - ok
11:03:29.0618 10868 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:03:29.0640 10868 CscService - ok
11:03:29.0707 10868 ctdvda2k - ok
11:03:29.0814 10868 cvoosfih - ok
11:03:29.0932 10868 dc3d (90f8539fa0de4aafe4fdbe7f95d6a512) C:\Windows\system32\DRIVERS\dc3d.sys
11:03:29.0948 10868 dc3d - ok
11:03:30.0115 10868 DCamUSBMke - ok
11:03:30.0174 10868 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:03:30.0181 10868 DcomLaunch - ok
11:03:30.0234 10868 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:03:30.0237 10868 defragsvc - ok
11:03:30.0374 10868 DeviceMonitorService (6824007c0ecec46edd64d7a9d86eba84) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
11:03:30.0376 10868 DeviceMonitorService - ok
11:03:30.0422 10868 dfjlravi - ok
11:03:30.0512 10868 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:03:30.0513 10868 DfsC - ok
11:03:30.0526 10868 dgxwxhoi - ok
11:03:30.0652 10868 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:03:30.0669 10868 Dhcp - ok
11:03:30.0749 10868 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:03:30.0751 10868 discache - ok
11:03:30.0853 10868 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:03:30.0854 10868 Disk - ok
11:03:30.0871 10868 dlacdbhm - ok
11:03:30.0902 10868 dmboot - ok
11:03:30.0946 10868 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:03:30.0958 10868 Dnscache - ok
11:03:30.0992 10868 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:03:30.0996 10868 dot3svc - ok
11:03:31.0023 10868 dot4scan - ok
11:03:31.0167 10868 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:03:31.0197 10868 DPS - ok
11:03:31.0496 10868 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:03:31.0497 10868 drmkaud - ok
11:03:31.0617 10868 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:03:31.0628 10868 dtsoftbus01 - ok
11:03:31.0746 10868 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:03:31.0753 10868 DXGKrnl - ok
11:03:31.0812 10868 eanhcosu (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\eanhcosu.sys
11:03:31.0813 10868 eanhcosu - ok
11:03:31.0849 10868 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:03:31.0852 10868 EapHost - ok
11:03:31.0971 10868 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:03:32.0004 10868 ebdrv - ok
11:03:32.0013 10868 echtgppb - ok
11:03:32.0104 10868 efctuwcc - ok
11:03:32.0158 10868 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:03:32.0159 10868 EFS - ok
11:03:32.0223 10868 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:03:32.0231 10868 ehRecvr - ok
11:03:32.0262 10868 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:03:32.0264 10868 ehSched - ok
11:03:32.0341 10868 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:03:32.0347 10868 elxstor - ok
11:03:32.0443 10868 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:03:32.0443 10868 ErrDev - ok
11:03:32.0464 10868 eudmlcgx - ok
11:03:32.0508 10868 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:03:32.0512 10868 EventSystem - ok
11:03:32.0533 10868 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:03:32.0536 10868 exfat - ok
11:03:32.0558 10868 FA312 - ok
11:03:32.0607 10868 Fabs - ok
11:03:32.0713 10868 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:03:32.0747 10868 fastfat - ok
11:03:32.0829 10868 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:03:32.0836 10868 Fax - ok
11:03:32.0853 10868 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:03:32.0854 10868 fdc - ok
11:03:32.0886 10868 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:03:32.0887 10868 fdPHost - ok
11:03:32.0913 10868 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:03:32.0914 10868 FDResPub - ok
11:03:32.0923 10868 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:03:32.0924 10868 FileInfo - ok
11:03:32.0938 10868 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:03:32.0938 10868 Filetrace - ok
11:03:33.0009 10868 FirebirdServerMAGIXInstance - ok
11:03:33.0047 10868 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:03:33.0203 10868 FLEXnet Licensing Service - ok
11:03:33.0322 10868 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:03:33.0339 10868 flpydisk - ok
11:03:33.0392 10868 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:03:33.0394 10868 FltMgr - ok
11:03:33.0441 10868 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:03:33.0449 10868 FontCache - ok
11:03:33.0506 10868 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:03:33.0506 10868 FontCache3.0.0.0 - ok
11:03:33.0538 10868 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:03:33.0541 10868 FsDepends - ok
11:03:33.0582 10868 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
11:03:33.0583 10868 fssfltr - ok
11:03:33.0707 10868 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:03:33.0733 10868 fsssvc - ok
11:03:33.0831 10868 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
11:03:33.0832 10868 Fs_Rec - ok
11:03:33.0876 10868 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:03:33.0889 10868 fvevol - ok
11:03:33.0938 10868 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:03:33.0941 10868 gagp30kx - ok
11:03:34.0012 10868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:03:34.0013 10868 GEARAspiWDM - ok
11:03:34.0088 10868 gimxcwch - ok
11:03:34.0098 10868 gmwhdabk - ok
11:03:34.0143 10868 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:03:34.0151 10868 gpsvc - ok
11:03:34.0224 10868 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:03:34.0227 10868 gupdate - ok
11:03:34.0271 10868 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:03:34.0271 10868 gupdatem - ok
11:03:34.0323 10868 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:03:34.0326 10868 gusvc - ok
11:03:34.0413 10868 gyzsnjch - ok
11:03:34.0453 10868 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:03:34.0454 10868 hcw85cir - ok
11:03:34.0473 10868 hcwPVRP2 - ok
11:03:34.0586 10868 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:03:34.0611 10868 HdAudAddService - ok
11:03:34.0812 10868 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:03:34.0819 10868 HDAudBus - ok
11:03:34.0897 10868 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:03:34.0904 10868 HidBatt - ok
11:03:34.0973 10868 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:03:34.0986 10868 HidBth - ok
11:03:35.0226 10868 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:03:35.0228 10868 HidIr - ok
11:03:35.0281 10868 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:03:35.0287 10868 hidserv - ok
11:03:35.0403 10868 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:03:35.0408 10868 HidUsb - ok
11:03:35.0583 10868 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:03:35.0606 10868 hkmsvc - ok
11:03:35.0677 10868 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:03:35.0681 10868 HomeGroupListener - ok
11:03:35.0737 10868 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:03:35.0759 10868 HomeGroupProvider - ok
11:03:35.0907 10868 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:03:35.0926 10868 HpSAMD - ok
11:03:36.0014 10868 hshld (27cb54c0346efd7b0536b0cb610131ae) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
11:03:36.0017 10868 hshld - ok
11:03:36.0201 10868 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
11:03:36.0209 10868 HssDrv - ok
11:03:36.0343 10868 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
11:03:36.0346 10868 HssSrv - ok
11:03:36.0387 10868 HssTrayService (92b08e09a54485f18959161686e4b65f) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
11:03:36.0406 10868 HssTrayService - ok
11:03:36.0438 10868 HssWd - ok
11:03:36.0539 10868 htsxjlkq (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\htsxjlkq.sys
11:03:36.0541 10868 htsxjlkq - ok
11:03:36.0599 10868 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:03:36.0606 10868 HTTP - ok
11:03:36.0641 10868 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:03:36.0641 10868 hwpolicy - ok
11:03:36.0691 10868 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:03:36.0693 10868 i8042prt - ok
11:03:36.0713 10868 iastor - ok
11:03:36.0768 10868 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:03:36.0772 10868 iaStorV - ok
11:03:36.0852 10868 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:03:36.0861 10868 idsvc - ok
11:03:36.0994 10868 IDSyncService (666bef960200517df9c56fd019d8047d) C:\IDSync\IDSyncService.exe
11:03:36.0996 10868 IDSyncService - ok
11:03:37.0208 10868 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:03:37.0232 10868 iirsp - ok
11:03:37.0373 10868 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:03:37.0382 10868 IKEEXT - ok
11:03:37.0441 10868 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:03:37.0442 10868 intelide - ok
11:03:37.0632 10868 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:03:37.0634 10868 intelppm - ok
11:03:37.0693 10868 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:03:37.0717 10868 IPBusEnum - ok
11:03:37.0751 10868 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:03:37.0752 10868 IpFilterDriver - ok
11:03:37.0801 10868 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:03:37.0804 10868 IPMIDRV - ok
11:03:37.0833 10868 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:03:37.0859 10868 IPNAT - ok
11:03:37.0954 10868 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
11:03:37.0963 10868 iPod Service - ok
11:03:38.0048 10868 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:03:38.0051 10868 IRENUM - ok
11:03:38.0216 10868 irqarmaw - ok
11:03:38.0333 10868 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:03:38.0347 10868 isapnp - ok
11:03:38.0381 10868 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:03:38.0417 10868 iScsiPrt - ok
11:03:38.0554 10868 ISODisk (96f2f5884d02535e2d4dfc849836f4a6) C:\Windows\system32\drivers\ISODisk.sys
11:03:38.0556 10868 ISODisk - ok
11:03:38.0723 10868 iviaspi - ok
11:03:38.0863 10868 jgubkche - ok
11:03:38.0902 10868 jnlvhsra - ok
11:03:38.0949 10868 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:03:38.0951 10868 kbdclass - ok
11:03:39.0019 10868 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:03:39.0032 10868 kbdhid - ok
11:03:39.0074 10868 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:03:39.0076 10868 KeyIso - ok
11:03:39.0171 10868 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:03:39.0174 10868 KSecDD - ok
11:03:39.0222 10868 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:03:39.0224 10868 KSecPkg - ok
11:03:39.0319 10868 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:03:39.0354 10868 KtmRm - ok
11:03:39.0432 10868 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
11:03:39.0451 10868 LanmanServer - ok
11:03:39.0542 10868 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:03:39.0592 10868 LanmanWorkstation - ok
11:03:39.0689 10868 LC7981 - ok
11:03:39.0713 10868 lkqtjhjr - ok
11:03:39.0759 10868 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:03:39.0767 10868 lltdio - ok
11:03:39.0809 10868 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:03:39.0814 10868 lltdsvc - ok
11:03:39.0823 10868 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:03:39.0826 10868 lmhosts - ok
11:03:39.0859 10868 LRMINIPORT - ok
11:03:39.0892 10868 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:03:39.0893 10868 LSI_FC - ok
11:03:39.0921 10868 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:03:39.0922 10868 LSI_SAS - ok
11:03:40.0102 10868 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:03:40.0103 10868 LSI_SAS2 - ok
11:03:40.0133 10868 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:03:40.0136 10868 LSI_SCSI - ok
11:03:40.0177 10868 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:03:40.0178 10868 luafv - ok
11:03:40.0288 10868 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
11:03:40.0289 10868 MBAMProtector - ok
11:03:40.0374 10868 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:03:40.0378 10868 MBAMService - ok
11:03:40.0504 10868 mcaayfmg - ok
11:03:40.0608 10868 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:03:40.0624 10868 Mcx2Svc - ok
11:03:40.0876 10868 mdf16 (b066b4b2910c670530b63d5e924e8a2b) C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys
11:03:40.0882 10868 mdf16 - ok
11:03:41.0048 10868 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:03:41.0052 10868 MDM - ok
11:03:41.0152 10868 MegacloudVSSService (cf4f14c068e9393f6321198ab9c7adbb) C:\Program Files\Megacloud\VSSService.exe
11:03:41.0152 10868 MegacloudVSSService - ok
11:03:41.0342 10868 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:03:41.0354 10868 megasas - ok
11:03:41.0512 10868 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:03:41.0554 10868 MegaSR - ok
11:03:41.0674 10868 Microsoft SharePoint Workspace Audit Service - ok
11:03:41.0746 10868 mjjbyqgs - ok
11:03:41.0787 10868 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:03:41.0789 10868 MMCSS - ok
11:03:41.0834 10868 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:03:41.0836 10868 Modem - ok
11:03:41.0874 10868 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:03:41.0876 10868 monitor - ok
11:03:41.0917 10868 motccgp (0bc43805b6da0d7d4f99c737839fc9ec) C:\Windows\system32\DRIVERS\motccgp.sys
11:03:41.0918 10868 motccgp - ok
11:03:42.0083 10868 motccgpfl (1b3720c4d16904756d49ef306706b978) C:\Windows\system32\DRIVERS\motccgpfl.sys
11:03:42.0084 10868 motccgpfl - ok
11:03:42.0136 10868 motmodem (11b8118f538b579488e7645b2578e544) C:\Windows\system32\DRIVERS\motmodem.sys
11:03:42.0138 10868 motmodem - ok
11:03:42.0258 10868 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
11:03:42.0259 10868 MotoHelper - ok
11:03:42.0303 10868 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
11:03:42.0304 10868 MotoSwitchService - ok
11:03:42.0376 10868 Motousbnet (5073ed2d13d77f89df99caaa72e23526) C:\Windows\system32\DRIVERS\Motousbnet.sys
11:03:42.0377 10868 Motousbnet - ok
11:03:42.0456 10868 motusbdevice (f780c53d98a0aad28f5b7403b184aea1) C:\Windows\system32\DRIVERS\motusbdevice.sys
11:03:42.0457 10868 motusbdevice - ok
11:03:42.0498 10868 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:03:42.0499 10868 mouclass - ok
11:03:42.0536 10868 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:03:42.0537 10868 mouhid - ok
11:03:42.0566 10868 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:03:42.0567 10868 mountmgr - ok
11:03:42.0622 10868 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
11:03:42.0624 10868 MpFilter - ok
11:03:42.0673 10868 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:03:42.0676 10868 mpio - ok
11:03:42.0732 10868 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:03:42.0736 10868 MpNWMon - ok
11:03:42.0792 10868 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:03:42.0793 10868 mpsdrv - ok
11:03:42.0833 10868 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:03:42.0836 10868 MRxDAV - ok
11:03:42.0887 10868 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:03:42.0888 10868 mrxsmb - ok
11:03:42.0947 10868 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:03:42.0949 10868 mrxsmb10 - ok
11:03:42.0963 10868 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:03:42.0964 10868 mrxsmb20 - ok
11:03:43.0002 10868 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:03:43.0003 10868 msahci - ok
11:03:43.0121 10868 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
11:03:43.0122 10868 MSCamSvc - ok
11:03:43.0228 10868 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:03:43.0229 10868 msdsm - ok
11:03:43.0283 10868 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:03:43.0287 10868 MSDTC - ok
11:03:43.0334 10868 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:03:43.0336 10868 Msfs - ok
11:03:43.0351 10868 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:03:43.0352 10868 mshidkmdf - ok
11:03:43.0404 10868 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\Windows\system32\Drivers\nx6000.sys
11:03:43.0406 10868 MSHUSBVideo - ok
11:03:43.0448 10868 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:03:43.0449 10868 msisadrv - ok
11:03:43.0512 10868 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:03:43.0514 10868 MSiSCSI - ok
11:03:43.0522 10868 msiserver - ok
11:03:43.0572 10868 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:03:43.0573 10868 MSKSSRV - ok
11:03:43.0644 10868 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
11:03:43.0646 10868 MsMpSvc - ok
11:03:43.0676 10868 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:03:43.0677 10868 MSPCLOCK - ok
11:03:43.0704 10868 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:03:43.0706 10868 MSPQM - ok
11:03:43.0763 10868 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:03:43.0766 10868 MsRPC - ok
11:03:43.0797 10868 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:03:43.0798 10868 mssmbios - ok
11:03:43.0814 10868 MSSQL$AUTODESKVAULT - ok
11:03:43.0868 10868 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:03:43.0869 10868 MSTEE - ok
11:03:43.0929 10868 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:03:43.0931 10868 MTConfig - ok
11:03:43.0993 10868 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
11:03:43.0994 10868 MTsensor - ok
11:03:44.0008 10868 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:03:44.0009 10868 Mup - ok
11:03:44.0099 10868 mvd22 (8405a99d3e250eb017fe7a0dc3a9ffc0) C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys
11:03:44.0101 10868 mvd22 - ok
11:03:44.0116 10868 myhxbxgn - ok
11:03:44.0126 10868 mzmslejl - ok
11:03:44.0163 10868 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:03:44.0168 10868 napagent - ok
11:03:44.0228 10868 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:03:44.0232 10868 NativeWifiP - ok
11:03:44.0313 10868 ndassvc - ok
11:03:44.0342 10868 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:03:44.0349 10868 NDIS - ok
11:03:44.0366 10868 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:03:44.0367 10868 NdisCap - ok
11:03:44.0424 10868 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:03:44.0426 10868 NdisTapi - ok
11:03:44.0467 10868 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:03:44.0468 10868 Ndisuio - ok
11:03:44.0506 10868 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:03:44.0508 10868 NdisWan - ok
11:03:44.0566 10868 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:03:44.0567 10868 NDProxy - ok
11:03:44.0593 10868 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:03:44.0594 10868 NetBIOS - ok
11:03:44.0628 10868 NetBT (7f52ab76dccbab60c8a8337f400dbbc6) C:\Windows\system32\DRIVERS\netbt.sys
11:03:44.0632 10868 NetBT ( Virus.Win32.ZAccess.k ) - infected
11:03:44.0632 10868 NetBT - detected Virus.Win32.ZAccess.k (0)
11:03:44.0674 10868 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:03:44.0676 10868 Netlogon - ok
11:03:44.0733 10868 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:03:44.0738 10868 Netman - ok
11:03:44.0859 10868 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:03:44.0886 10868 NetMsmqActivator - ok
11:03:44.0908 10868 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:03:44.0909 10868 NetPipeActivator - ok
11:03:44.0991 10868 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:03:44.0997 10868 netprofm - ok
11:03:45.0038 10868 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:03:45.0039 10868 NetTcpActivator - ok
11:03:45.0046 10868 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:03:45.0047 10868 NetTcpPortSharing - ok
11:03:45.0121 10868 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:03:45.0122 10868 nfrd960 - ok
11:03:45.0132 10868 nglygumz - ok
11:03:45.0166 10868 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:03:45.0167 10868 NisDrv - ok
11:03:45.0218 10868 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
 
11:03:45.0219 10868 NisSrv - ok
11:03:45.0258 10868 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:03:45.0262 10868 NlaSvc - ok
11:03:45.0313 10868 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys
11:03:45.0314 10868 nmwcd - ok
11:03:45.0437 10868 nmwcdc (7312987b6ccde6f6cee32c14bed1ca2e) C:\Windows\system32\drivers\ccdcmbo.sys
11:03:45.0446 10868 nmwcdc - ok
11:03:45.0518 10868 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:03:45.0519 10868 Npfs - ok
11:03:45.0552 10868 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:03:45.0554 10868 nsi - ok
11:03:45.0594 10868 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:03:45.0596 10868 nsiproxy - ok
11:03:45.0653 10868 ntcdrdrv (a5627bf1b0f901e66ce0b3ec657cbf25) C:\Windows\system32\DRIVERS\ntcdrdrv.sys
11:03:45.0654 10868 ntcdrdrv - ok
11:03:45.0731 10868 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:03:45.0744 10868 Ntfs - ok
11:03:45.0893 10868 NuidFltr (9620a1d8160a550f064bbaf48d0f97cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
11:03:45.0894 10868 NuidFltr - ok
11:03:45.0926 10868 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:03:45.0926 10868 Null - ok
11:03:45.0942 10868 nvcap - ok
11:03:45.0977 10868 nvedavt (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\nipsvc.dll
11:03:46.0029 10868 Suspicious file (NoAccess): C:\Windows\system32\nipsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
11:03:46.0029 10868 nvedavt ( Backdoor.Multi.ZAccess.gen ) - infected
11:03:46.0029 10868 nvedavt - detected Backdoor.Multi.ZAccess.gen (0)
11:03:46.0461 10868 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:03:46.0613 10868 nvlddmkm - ok
11:03:46.0738 10868 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:03:46.0742 10868 nvraid - ok
11:03:46.0765 10868 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:03:46.0767 10868 nvstor - ok
11:03:46.0818 10868 NVSvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
11:03:46.0825 10868 NVSvc - ok
11:03:47.0001 10868 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:03:47.0047 10868 nvUpdatusService - ok
11:03:47.0218 10868 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:03:47.0222 10868 nv_agp - ok
11:03:47.0231 10868 nwlnkipx - ok
11:03:47.0248 10868 odrjidqo - ok
11:03:47.0261 10868 oentpmve - ok
11:03:47.0290 10868 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:03:47.0291 10868 ohci1394 - ok
11:03:47.0307 10868 ohtgvpls - ok
11:03:47.0375 10868 omnfwvux - ok
11:03:47.0381 10868 oostygzp - ok
11:03:47.0482 10868 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:03:47.0485 10868 ose - ok
11:03:47.0628 10868 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:03:47.0672 10868 osppsvc - ok
11:03:47.0787 10868 p2k (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\fastfat.dll
11:03:47.0795 10868 Suspicious file (NoAccess): C:\Windows\system32\fastfat.dll. md5: 11028c6a84a967070cb1286550f2058f
11:03:47.0795 10868 p2k ( Backdoor.Multi.ZAccess.gen ) - infected
11:03:47.0795 10868 p2k - detected Backdoor.Multi.ZAccess.gen (0)
11:03:47.0853 10868 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:03:47.0860 10868 p2pimsvc - ok
11:03:47.0881 10868 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:03:47.0887 10868 p2psvc - ok
11:03:47.0926 10868 paamsrv - ok
11:03:47.0967 10868 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:03:47.0970 10868 Parport - ok
11:03:48.0068 10868 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:03:48.0070 10868 partmgr - ok
11:03:48.0083 10868 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:03:48.0085 10868 Parvdm - ok
11:03:48.0121 10868 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:03:48.0125 10868 PcaSvc - ok
11:03:48.0190 10868 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
11:03:48.0191 10868 pccsmcfd - ok
11:03:48.0231 10868 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:03:48.0233 10868 pci - ok
11:03:48.0251 10868 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:03:48.0252 10868 pciide - ok
11:03:48.0261 10868 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:03:48.0263 10868 pcmcia - ok
11:03:48.0281 10868 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:03:48.0282 10868 pcw - ok
11:03:48.0390 10868 pcx1nd5 - ok
11:03:48.0448 10868 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:03:48.0455 10868 PEAUTH - ok
11:03:48.0526 10868 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:03:48.0541 10868 PeerDistSvc - ok
11:03:48.0707 10868 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:03:48.0732 10868 pla - ok
11:03:48.0955 10868 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:03:48.0967 10868 PlugPlay - ok
11:03:49.0098 10868 Pml Driver HPZ12 (379f7a0ec9fbe07629fd3f244d3e3e44) C:\Windows\system32\HPZipm12.dll
11:03:49.0101 10868 Pml Driver HPZ12 - ok
11:03:49.0162 10868 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:03:49.0176 10868 PNRPAutoReg - ok
11:03:49.0227 10868 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:03:49.0231 10868 PNRPsvc - ok
11:03:49.0421 10868 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
11:03:49.0431 10868 Point32 - ok
11:03:49.0527 10868 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:03:49.0562 10868 PolicyAgent - ok
11:03:49.0676 10868 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:03:49.0685 10868 Power - ok
11:03:49.0811 10868 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:03:49.0822 10868 PptpMiniport - ok
11:03:50.0055 10868 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:03:50.0066 10868 Processor - ok
11:03:50.0108 10868 procexp100 - ok
11:03:50.0195 10868 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
11:03:50.0206 10868 ProfSvc - ok
11:03:50.0325 10868 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:03:50.0326 10868 ProtectedStorage - ok
11:03:50.0475 10868 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:03:50.0491 10868 Psched - ok
11:03:50.0537 10868 pxctjdxj - ok
11:03:50.0586 10868 qbgpwvsl (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\qbgpwvsl.sys
11:03:50.0592 10868 qbgpwvsl - ok
11:03:50.0771 10868 qhyymwib - ok
11:03:51.0051 10868 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:03:51.0081 10868 ql2300 - ok
11:03:51.0291 10868 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:03:51.0305 10868 ql40xx - ok
11:03:51.0512 10868 qmhwivaz - ok
11:03:51.0585 10868 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:03:51.0636 10868 QWAVE - ok
11:03:51.0830 10868 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:03:51.0832 10868 QWAVEdrv - ok
11:03:51.0916 10868 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:03:51.0926 10868 RasAcd - ok
11:03:52.0056 10868 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:03:52.0061 10868 RasAgileVpn - ok
11:03:52.0171 10868 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:03:52.0202 10868 RasAuto - ok
11:03:52.0330 10868 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:03:52.0338 10868 Rasl2tp - ok
11:03:52.0472 10868 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:03:52.0487 10868 RasMan - ok
11:03:52.0773 10868 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:03:52.0785 10868 RasPppoe - ok
11:03:52.0948 10868 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:03:52.0961 10868 RasSstp - ok
11:03:53.0107 10868 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:03:53.0111 10868 rdbss - ok
11:03:53.0312 10868 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:03:53.0325 10868 rdpbus - ok
11:03:53.0448 10868 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:03:53.0473 10868 RDPCDD - ok
11:03:53.0517 10868 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:03:53.0532 10868 RDPDR - ok
11:03:53.0605 10868 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:03:53.0620 10868 RDPENCDD - ok
11:03:53.0712 10868 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:03:53.0717 10868 RDPREFMP - ok
11:03:53.0831 10868 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:03:53.0840 10868 RdpVideoMiniport - ok
11:03:53.0898 10868 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
11:03:53.0907 10868 RDPWD - ok
11:03:54.0108 10868 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:03:54.0111 10868 rdyboost - ok
11:03:54.0226 10868 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:03:54.0238 10868 RemoteAccess - ok
11:03:54.0306 10868 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:03:54.0311 10868 RemoteRegistry - ok
11:03:54.0347 10868 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
11:03:54.0363 10868 RFCOMM - ok
11:03:54.0522 10868 RichVideo (788bc2196086cc830442ec2d6d847666) C:\Program Files\CyberLink\Shared files\RichVideo.exe
11:03:54.0523 10868 RichVideo - ok
11:03:54.0637 10868 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:03:54.0653 10868 RpcEptMapper - ok
11:03:54.0752 10868 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:03:54.0770 10868 RpcLocator - ok
11:03:54.0816 10868 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:03:54.0820 10868 RpcSs - ok
11:03:54.0922 10868 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:03:54.0938 10868 rspndr - ok
11:03:54.0996 10868 ruvxtwxa - ok
11:03:55.0012 10868 rzgttibq - ok
11:03:55.0090 10868 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:03:55.0102 10868 s3cap - ok
11:03:55.0191 10868 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:03:55.0192 10868 SamSs - ok
11:03:55.0443 10868 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
11:03:55.0500 10868 SBAMSvc - ok
11:03:55.0612 10868 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys
11:03:55.0613 10868 sbapifs - ok
11:03:55.0690 10868 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
11:03:55.0698 10868 SbFw - ok
11:03:55.0735 10868 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
11:03:55.0737 10868 SBFWIMCL - ok
11:03:55.0755 10868 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
11:03:55.0756 10868 SBFWIMCLMP - ok
11:03:55.0798 10868 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
11:03:55.0800 10868 sbhips - ok
11:03:56.0023 10868 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:03:56.0036 10868 sbp2port - ok
11:03:56.0157 10868 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
11:03:56.0163 10868 SBRE - ok
11:03:56.0362 10868 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
11:03:56.0375 10868 SbTis - ok
11:03:56.0465 10868 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:03:56.0481 10868 SCardSvr - ok
11:03:56.0587 10868 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:03:56.0588 10868 scfilter - ok
11:03:56.0670 10868 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:03:56.0691 10868 Schedule - ok
11:03:56.0723 10868 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:03:56.0725 10868 SCPolicySvc - ok
11:03:56.0861 10868 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:03:56.0876 10868 SDRSVC - ok
11:03:56.0940 10868 se59unic - ok
11:03:57.0036 10868 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:03:57.0038 10868 SeaPort - ok
11:03:57.0230 10868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:03:57.0231 10868 secdrv - ok
11:03:57.0288 10868 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:03:57.0305 10868 seclogon - ok
11:03:57.0348 10868 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:03:57.0362 10868 SENS - ok
11:03:57.0376 10868 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:03:57.0392 10868 SensrSvc - ok
11:03:57.0442 10868 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:03:57.0443 10868 Serenum - ok
11:03:57.0493 10868 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:03:57.0495 10868 Serial - ok
11:03:57.0546 10868 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:03:57.0547 10868 sermouse - ok
11:03:57.0730 10868 ServiceLayer (12b41d84a4d058adc60853c365dbfcca) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:03:57.0825 10868 ServiceLayer - ok
11:03:57.0998 10868 servidor - ok
11:03:58.0058 10868 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:03:58.0070 10868 SessionEnv - ok
11:03:58.0131 10868 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:03:58.0147 10868 sffdisk - ok
11:03:58.0217 10868 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:03:58.0232 10868 sffp_mmc - ok
11:03:58.0330 10868 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:03:58.0333 10868 sffp_sd - ok
11:03:58.0391 10868 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:03:58.0392 10868 sfloppy - ok
11:03:58.0430 10868 SGIR (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\tbiosdrv.dll
11:03:58.0443 10868 Suspicious file (NoAccess): C:\Windows\system32\tbiosdrv.dll. md5: 11028c6a84a967070cb1286550f2058f
11:03:58.0443 10868 SGIR ( Backdoor.Multi.ZAccess.gen ) - infected
11:03:58.0443 10868 SGIR - detected Backdoor.Multi.ZAccess.gen (0)
11:03:58.0502 10868 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:03:58.0507 10868 SharedAccess - ok
11:03:58.0577 10868 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:03:58.0583 10868 ShellHWDetection - ok
11:03:58.0645 10868 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:03:58.0646 10868 sisagp - ok
11:03:58.0713 10868 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:03:58.0715 10868 SiSRaid2 - ok
11:03:58.0738 10868 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:03:58.0740 10868 SiSRaid4 - ok
11:03:58.0851 10868 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
11:03:58.0868 10868 SkypeUpdate - ok
11:03:59.0105 10868 SmartDefragDriver (bf302072dc8374cf4e118fd88aa817a2) C:\Windows\system32\Drivers\SmartDefragDriver.sys
11:03:59.0107 10868 SmartDefragDriver - ok
11:03:59.0178 10868 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:03:59.0193 10868 Smb - ok
11:03:59.0431 10868 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:03:59.0463 10868 SNMPTRAP - ok
11:03:59.0581 10868 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:03:59.0583 10868 spldr - ok
11:03:59.0677 10868 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:03:59.0682 10868 Spooler - ok
11:03:59.0828 10868 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:03:59.0862 10868 sppsvc - ok
11:03:59.0941 10868 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:03:59.0955 10868 sppuinotify - ok
11:04:00.0040 10868 sprtsvc_dellsupportcenter - ok
11:04:00.0103 10868 srkqcgyr - ok
11:04:00.0208 10868 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:04:00.0215 10868 srv - ok
11:04:00.0323 10868 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:04:00.0330 10868 srv2 - ok
11:04:00.0448 10868 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:04:00.0457 10868 srvnet - ok
11:04:00.0575 10868 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:04:00.0578 10868 SSDPSRV - ok
11:04:00.0633 10868 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:04:00.0637 10868 SstpSvc - ok
11:04:00.0703 10868 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:04:00.0705 10868 stexstor - ok
11:04:00.0768 10868 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:04:00.0776 10868 StiSvc - ok
11:04:00.0847 10868 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:04:00.0863 10868 storflt - ok
11:04:00.0953 10868 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:04:00.0955 10868 storvsc - ok
11:04:01.0026 10868 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:04:01.0027 10868 swenum - ok
11:04:01.0225 10868 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:04:01.0322 10868 SwitchBoard - ok
11:04:01.0530 10868 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:04:01.0552 10868 swprv - ok
11:04:01.0646 10868 Synth3dVsc - ok
11:04:01.0752 10868 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:04:01.0772 10868 SysMain - ok
11:04:01.0991 10868 SZASSIST (2902b85d0dc9ce43d76660c128d8908a) C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
11:04:01.0991 10868 SZASSIST - ok
11:04:02.0370 10868 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:04:02.0402 10868 TabletInputService - ok
11:04:02.0501 10868 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
11:04:02.0512 10868 taphss - ok
11:04:02.0668 10868 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:04:02.0702 10868 TapiSrv - ok
11:04:02.0791 10868 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:04:02.0801 10868 TBS - ok
11:04:02.0901 10868 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:04:02.0927 10868 Tcpip - ok
11:04:03.0010 10868 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:04:03.0022 10868 TCPIP6 - ok
11:04:03.0116 10868 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:04:03.0119 10868 tcpipreg - ok
11:04:03.0171 10868 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:04:03.0174 10868 TDPIPE - ok
11:04:03.0236 10868 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:04:03.0244 10868 TDTCP - ok
11:04:03.0344 10868 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:04:03.0346 10868 tdx - ok
11:04:03.0381 10868 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:04:03.0384 10868 TermDD - ok
11:04:03.0429 10868 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:04:03.0437 10868 TermService - ok
11:04:03.0471 10868 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:04:03.0475 10868 Themes - ok
11:04:03.0511 10868 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:04:03.0514 10868 THREADORDER - ok
11:04:03.0596 10868 tmyeytbk - ok
11:04:03.0772 10868 tm_cfw - ok
11:04:03.0894 10868 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
11:04:03.0895 10868 TomTomHOMEService - ok
11:04:03.0944 10868 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:04:03.0964 10868 TrkWks - ok
11:04:04.0027 10868 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:04:04.0030 10868 TrustedInstaller - ok
11:04:04.0149 10868 tsdhd (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\KMW_SYS.dll
11:04:04.0156 10868 Suspicious file (NoAccess): C:\Windows\system32\KMW_SYS.dll. md5: 11028c6a84a967070cb1286550f2058f
11:04:04.0156 10868 tsdhd ( Backdoor.Multi.ZAccess.gen ) - infected
11:04:04.0156 10868 tsdhd - detected Backdoor.Multi.ZAccess.gen (0)
11:04:04.0190 10868 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:04:04.0191 10868 tssecsrv - ok
11:04:04.0239 10868 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:04:04.0241 10868 TsUsbFlt - ok
11:04:04.0249 10868 tsusbhub - ok
11:04:04.0435 10868 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:04:04.0437 10868 tunnel - ok
11:04:04.0579 10868 TVECapSvc (ad4ec2140d66f0259ee018d2b759217a) C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
11:04:04.0582 10868 TVECapSvc - ok
11:04:04.0589 10868 TVESched (7efaad0edfa32d9fe0ccad24008fcad9) C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
11:04:04.0590 10868 TVESched - ok
11:04:04.0651 10868 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:04:04.0654 10868 uagp35 - ok
11:04:04.0746 10868 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:04:04.0755 10868 udfs - ok
11:04:04.0824 10868 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:04:04.0836 10868 UI0Detect - ok
11:04:04.0845 10868 ujpmglgd - ok
11:04:04.0904 10868 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:04:04.0905 10868 uliagpkx - ok
11:04:05.0015 10868 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
11:04:05.0016 10868 umbus - ok
11:04:05.0059 10868 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:04:05.0060 10868 UmPass - ok
11:04:05.0142 10868 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:04:05.0162 10868 UmRdpService - ok
11:04:05.0289 10868 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
11:04:05.0289 10868 UnlockerDriver5 - ok
11:04:05.0415 10868 unrealircd - ok
11:04:05.0501 10868 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:04:05.0516 10868 upnphost - ok
11:04:05.0659 10868 upperdev (7062ed67a10f1c83b2ab951736e24f11) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
11:04:05.0660 10868 upperdev - ok
11:04:05.0699 10868 uqgovcpe - ok
11:04:05.0769 10868 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
11:04:05.0770 10868 usbaudio - ok
11:04:05.0810 10868 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:04:05.0812 10868 usbccgp - ok
11:04:05.0856 10868 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:04:05.0857 10868 usbcir - ok
11:04:05.0877 10868 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:04:05.0880 10868 usbehci - ok
11:04:05.0911 10868 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:04:05.0914 10868 usbhub - ok
11:04:05.0937 10868 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:04:05.0939 10868 usbohci - ok
11:04:05.0989 10868 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:04:05.0990 10868 usbprint - ok
11:04:06.0046 10868 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
11:04:06.0049 10868 usbser - ok
11:04:06.0105 10868 UsbserFilt (b76d8039f5b595c4ca551b3d5dd15a98) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
11:04:06.0107 10868 UsbserFilt - ok
11:04:06.0140 10868 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:04:06.0142 10868 USBSTOR - ok
11:04:06.0189 10868 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:04:06.0191 10868 usbuhci - ok
11:04:06.0270 10868 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
11:04:06.0272 10868 usbvideo - ok
11:04:06.0329 10868 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:04:06.0331 10868 UxSms - ok
11:04:06.0342 10868 uywyvisi - ok
11:04:06.0374 10868 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:04:06.0375 10868 VaultSvc - ok
11:04:06.0422 10868 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:04:06.0424 10868 vdrvroot - ok
11:04:06.0467 10868 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:04:06.0475 10868 vds - ok
11:04:06.0510 10868 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:04:06.0511 10868 vga - ok
11:04:06.0577 10868 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:04:06.0579 10868 VgaSave - ok
11:04:06.0614 10868 VGPU - ok
11:04:06.0650 10868 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:04:06.0652 10868 vhdmp - ok
11:04:06.0695 10868 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:04:06.0697 10868 viaagp - ok
11:04:06.0722 10868 viaagp1 - ok
11:04:06.0765 10868 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:04:06.0766 10868 ViaC7 - ok
11:04:06.0804 10868 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:04:06.0805 10868 viaide - ok
11:04:06.0860 10868 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:04:06.0861 10868 vmbus - ok
11:04:06.0890 10868 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:04:06.0891 10868 VMBusHID - ok
11:04:06.0937 10868 vmm (c01604eaea9c89035cff58cdb322476c) C:\Windows\system32\Drivers\vmm.sys
11:04:06.0941 10868 vmm - ok
11:04:06.0965 10868 vmskvhis - ok
11:04:06.0984 10868 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:04:06.0986 10868 volmgr - ok
11:04:07.0035 10868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:04:07.0039 10868 volmgrx - ok
11:04:07.0161 10868 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:04:07.0177 10868 volsnap - ok
11:04:07.0322 10868 vsdatant - ok
11:04:07.0432 10868 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:04:07.0435 10868 vsmraid - ok
11:04:07.0481 10868 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:04:07.0492 10868 VSS - ok
11:04:07.0509 10868 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:04:07.0510 10868 vwifibus - ok
11:04:07.0669 10868 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:04:07.0682 10868 vwififlt - ok
11:04:07.0822 10868 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
11:04:07.0824 10868 vwifimp - ok
11:04:07.0877 10868 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:04:07.0884 10868 W32Time - ok
11:04:07.0931 10868 W700mdfl (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\modemcsa.dll
11:04:07.0942 10868 Suspicious file (NoAccess): C:\Windows\system32\modemcsa.dll. md5: 11028c6a84a967070cb1286550f2058f
11:04:07.0942 10868 W700mdfl ( Backdoor.Multi.ZAccess.gen ) - infected
11:04:07.0942 10868 W700mdfl - detected Backdoor.Multi.ZAccess.gen (0)
11:04:07.0997 10868 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:04:07.0999 10868 WacomPen - ok
11:04:08.0039 10868 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:04:08.0040 10868 WANARP - ok
11:04:08.0044 10868 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:04:08.0045 10868 Wanarpv6 - ok
11:04:08.0097 10868 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:04:08.0111 10868 wbengine - ok
11:04:08.0157 10868 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:04:08.0162 10868 WbioSrvc - ok
11:04:08.0231 10868 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:04:08.0247 10868 wcncsvc - ok
11:04:08.0441 10868 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:04:08.0451 10868 WcsPlugInService - ok
11:04:08.0561 10868 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:04:08.0562 10868 Wd - ok
11:04:08.0614 10868 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
11:04:08.0615 10868 WDC_SAM - ok
11:04:08.0675 10868 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:04:08.0680 10868 Wdf01000 - ok
11:04:08.0730 10868 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:04:08.0734 10868 WdiServiceHost - ok
11:04:08.0737 10868 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:04:08.0740 10868 WdiSystemHost - ok
11:04:08.0775 10868 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:04:08.0780 10868 WebClient - ok
11:04:08.0797 10868 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:04:08.0802 10868 Wecsvc - ok
11:04:08.0846 10868 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:04:08.0855 10868 wercplsupport - ok
11:04:09.0042 10868 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:04:09.0046 10868 WerSvc - ok
11:04:09.0134 10868 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:04:09.0144 10868 WfpLwf - ok
11:04:09.0327 10868 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:04:09.0340 10868 WIMMount - ok
11:04:09.0382 10868 WinHttpAutoProxySvc - ok
11:04:09.0544 10868 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:04:09.0546 10868 Winmgmt - ok
11:04:09.0767 10868 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:04:09.0812 10868 WinRM - ok
11:04:10.0022 10868 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
11:04:10.0024 10868 WinUsb - ok
11:04:10.0070 10868 wiqcqshl - ok
11:04:10.0162 10868 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:04:10.0192 10868 Wlansvc - ok
11:04:10.0330 10868 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:04:10.0335 10868 wlcrasvc - ok
11:04:10.0540 10868 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:04:10.0550 10868 wlidsvc - ok
11:04:10.0679 10868 wluefyoa - ok
11:04:10.0721 10868 wmccds - ok
11:04:10.0762 10868 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:04:10.0772 10868 WmiAcpi - ok
11:04:10.0860 10868 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:04:10.0862 10868 wmiApSrv - ok
11:04:10.0987 10868 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:04:10.0994 10868 WMPNetworkSvc - ok
11:04:11.0079 10868 WMZuneComm (017695393afffed8de58abd1b085be6d) C:\Program Files\Zune1\WMZuneComm.exe
11:04:11.0085 10868 WMZuneComm - ok
11:04:11.0174 10868 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:04:11.0190 10868 WPCSvc - ok
11:04:11.0267 10868 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:04:11.0271 10868 WPDBusEnum - ok
11:04:11.0380 10868 wrapper (9e44162625028965c3a9880ba8dd1b25) C:\Program Files\theSkyNet\wrapper-windows-x86-32.exe
11:04:11.0384 10868 wrapper - ok
11:04:11.0445 10868 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:04:11.0446 10868 ws2ifsl - ok
11:04:11.0472 10868 WSearch - ok
11:04:11.0571 10868 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
11:04:11.0597 10868 wuauserv - ok
11:04:11.0646 10868 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:04:11.0647 10868 WudfPf - ok
11:04:11.0670 10868 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:04:11.0672 10868 WUDFRd - ok
11:04:11.0709 10868 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:04:11.0715 10868 wudfsvc - ok
11:04:11.0756 10868 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:04:11.0772 10868 WwanSvc - ok
11:04:11.0812 10868 xaaszano - ok
11:04:11.0850 10868 XAMPP (16a004d355467e44d217dc4df62ec1e4) C:\xampp\service.exe
11:04:11.0885 10868 XAMPP - ok
11:04:11.0929 10868 xcnkzzti - ok
11:04:11.0946 10868 zpcollector - ok
11:04:12.0119 10868 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) C:\Program Files\Zune1\ZuneNss.exe
11:04:12.0179 10868 ZuneNetworkSvc - ok
11:04:12.0210 10868 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) C:\Program Files\Zune1\ZuneWlanCfgSvc.exe
11:04:12.0216 10868 ZuneWlanCfgSvc - ok
11:04:12.0316 10868 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:04:12.0350 10868 \Device\Harddisk0\DR0 - ok
11:04:12.0354 10868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:04:12.0524 10868 \Device\Harddisk1\DR1 - ok
11:04:12.0529 10868 Boot (0x1200) (df8a36e91a02a833ee08ec9f4e49b167) \Device\Harddisk0\DR0\Partition0
11:04:12.0530 10868 \Device\Harddisk0\DR0\Partition0 - ok
11:04:12.0554 10868 Boot (0x1200) (f9fe329eab3f6046c6eb2c9599506830) \Device\Harddisk0\DR0\Partition1
11:04:12.0569 10868 \Device\Harddisk0\DR0\Partition1 - ok
11:04:12.0571 10868 Boot (0x1200) (96fa954e79f7cdd00338b9a91c845f86) \Device\Harddisk1\DR1\Partition0
11:04:12.0572 10868 \Device\Harddisk1\DR1\Partition0 - ok
11:04:12.0574 10868 ============================================================
11:04:12.0574 10868 Scan finished
11:04:12.0574 10868 ============================================================
11:04:12.0582 10632 Detected object count: 8
11:04:12.0582 10632 Actual detected object count: 8
11:05:23.0560 10632 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:05:23.0560 10632 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
11:05:23.0681 10632 C:\Windows\system32\mxnic.dll - copied to quarantine
11:05:23.0692 10632 HKLM\SYSTEM\ControlSet001\services\atierecord - will be deleted on reboot
11:05:23.0740 10632 HKLM\SYSTEM\ControlSet002\services\atierecord - will be deleted on reboot
11:05:23.0872 10632 C:\Windows\system32\mxnic.dll - will be deleted on reboot
11:05:23.0872 10632 atierecord ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
11:05:24.0021 10632 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
11:05:25.0380 10632 C:\Windows\$NtUninstallKB23404$\1048025828\@ - copied to quarantine
11:05:25.0414 10632 C:\Windows\$NtUninstallKB23404$\1048025828\L\xadqgnnk - copied to quarantine
11:05:25.0466 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$00000001 - copied to quarantine
11:05:25.0517 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$80000000 - copied to quarantine
11:05:25.0582 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$800000cb - copied to quarantine
11:05:25.0642 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$800000cf - copied to quarantine
11:05:25.0664 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000c0 - copied to quarantine
11:05:25.0724 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000cb - copied to quarantine
11:05:25.0819 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000cf - copied to quarantine
11:05:25.0861 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@800000c0 - copied to quarantine
11:05:25.0917 10632 C:\Windows\$NtUninstallKB42131$\1048025828\@ - copied to quarantine
11:05:25.0922 10632 C:\Windows\$NtUninstallKB42131$\1048025828\cfg.ini - copied to quarantine
11:05:25.0926 10632 C:\Windows\$NtUninstallKB42131$\1048025828\Desktop.ini - copied to quarantine
11:05:26.0001 10632 C:\Windows\$NtUninstallKB42131$\1048025828\L\xadqgnnk - copied to quarantine
11:05:26.0064 10632 C:\Windows\$NtUninstallKB42131$\1048025828\oemid - copied to quarantine
11:05:26.0084 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000001.@ - copied to quarantine
11:05:26.0102 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000002.@ - copied to quarantine
11:05:26.0127 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000004.@ - copied to quarantine
11:05:26.0150 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000000.@ - copied to quarantine
11:05:26.0186 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000004.@ - copied to quarantine
11:05:26.0206 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000032.@ - copied to quarantine
11:05:26.0261 10632 C:\Windows\$NtUninstallKB42131$\1048025828\version - copied to quarantine
11:05:26.0355 10632 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813
11:05:29.0535 10632 Backup copy found, using it..
11:05:29.0824 10632 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
11:05:32.0521 10632 C:\Windows\$NtUninstallKB23404$\1048025828\@ - will be deleted on reboot
11:05:32.0522 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$00000001 - will be deleted on reboot
11:05:32.0524 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$80000000 - will be deleted on reboot
11:05:32.0524 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$800000cb - will be deleted on reboot
11:05:32.0525 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\$800000cf - will be deleted on reboot
11:05:32.0525 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000c0 - will be deleted on reboot
11:05:32.0525 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000cb - will be deleted on reboot
11:05:32.0526 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@000000cf - will be deleted on reboot
11:05:32.0526 10632 C:\Windows\$NtUninstallKB23404$\1048025828\U\@800000c0 - will be deleted on reboot
11:05:32.0527 10632 C:\Windows\$NtUninstallKB23404$\2616922789 - will be deleted on reboot
11:05:32.0527 10632 C:\Windows\$NtUninstallKB42131$\1048025828\@ - will be deleted on reboot
11:05:32.0529 10632 C:\Windows\$NtUninstallKB42131$\1048025828\cfg.ini - will be deleted on reboot
11:05:32.0529 10632 C:\Windows\$NtUninstallKB42131$\1048025828\Desktop.ini - will be deleted on reboot
11:05:32.0530 10632 C:\Windows\$NtUninstallKB42131$\1048025828\oemid - will be deleted on reboot
11:05:32.0531 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000001.@ - will be deleted on reboot
11:05:32.0531 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000002.@ - will be deleted on reboot
11:05:32.0532 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\00000004.@ - will be deleted on reboot
11:05:32.0532 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000000.@ - will be deleted on reboot
11:05:32.0532 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000004.@ - will be deleted on reboot
11:05:32.0534 10632 C:\Windows\$NtUninstallKB42131$\1048025828\U\80000032.@ - will be deleted on reboot
11:05:32.0534 10632 C:\Windows\$NtUninstallKB42131$\1048025828\version - will be deleted on reboot
11:05:32.0535 10632 C:\Windows\$NtUninstallKB42131$\3279782550 - will be deleted on reboot
11:05:32.0536 10632 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
11:05:32.0652 10632 C:\Windows\system32\nipsvc.dll - copied to quarantine
11:05:32.0680 10632 HKLM\SYSTEM\ControlSet001\services\nvedavt - will be deleted on reboot
11:05:32.0681 10632 HKLM\SYSTEM\ControlSet002\services\nvedavt - will be deleted on reboot
11:05:32.0715 10632 C:\Windows\system32\nipsvc.dll - will be deleted on reboot
11:05:32.0715 10632 nvedavt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
11:05:32.0777 10632 C:\Windows\system32\fastfat.dll - copied to quarantine
11:05:32.0787 10632 HKLM\SYSTEM\ControlSet001\services\p2k - will be deleted on reboot
11:05:32.0792 10632 C:\Windows\system32\fastfat.dll - will be deleted on reboot
11:05:32.0792 10632 p2k ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
11:05:32.0839 10632 C:\Windows\system32\tbiosdrv.dll - copied to quarantine
11:05:32.0850 10632 HKLM\SYSTEM\ControlSet001\services\SGIR - will be deleted on reboot
11:05:32.0860 10632 HKLM\SYSTEM\ControlSet002\services\SGIR - will be deleted on reboot
11:05:32.0865 10632 C:\Windows\system32\tbiosdrv.dll - will be deleted on reboot
11:05:32.0865 10632 SGIR ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
11:05:32.0989 10632 C:\Windows\system32\KMW_SYS.dll - copied to quarantine
11:05:33.0000 10632 HKLM\SYSTEM\ControlSet001\services\tsdhd - will be deleted on reboot
11:05:33.0000 10632 HKLM\SYSTEM\ControlSet002\services\tsdhd - will be deleted on reboot
11:05:33.0004 10632 C:\Windows\system32\KMW_SYS.dll - will be deleted on reboot
11:05:33.0004 10632 tsdhd ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
11:05:33.0056 10632 C:\Windows\system32\modemcsa.dll - copied to quarantine
11:05:33.0066 10632 HKLM\SYSTEM\ControlSet001\services\W700mdfl - will be deleted on reboot
11:05:33.0067 10632 HKLM\SYSTEM\ControlSet002\services\W700mdfl - will be deleted on reboot
11:05:33.0071 10632 C:\Windows\system32\modemcsa.dll - will be deleted on reboot
11:05:33.0071 10632 W700mdfl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
11:05:54.0286 10772 Deinitialize success
 
Since running TDSSKiller MSE has picked up other viruses/Trojans Conedex.A, Alurean.FP and Osram!ots all in TDS quarantine. It has then automatically removed them.
 
That's fine.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-17 11:55:38
-----------------------------
11:55:38.020 OS Version: Windows 6.1.7601 Service Pack 1
11:55:38.020 Number of processors: 4 586 0xF0B
11:55:38.024 ComputerName: CHEUNG-DESKTOP UserName: Cheung
11:55:42.225 Initialize success
12:01:46.862 AVAST engine defs: 12041601
12:02:25.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
12:02:25.475 Disk 0 Vendor: Size: 0MB BusType: 0
12:02:25.485 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6
12:02:25.488 Disk 1 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476940MB BusType: 3
12:02:25.516 Disk 0 MBR read successfully
12:02:25.521 Disk 0 MBR scan
12:02:25.638 Disk 0 Windows 7 default MBR code
12:02:25.688 Disk 0 MBR hidden
12:02:25.696 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 523798 MB offset 63
12:02:25.920 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 430068 MB offset 1072740375
12:02:26.174 Disk 0 scanning C:\Windows\system32\drivers
12:03:20.327 Service scanning
12:04:06.356 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
12:04:57.618 Modules scanning
12:05:12.555 Disk 0 trace - called modules:
12:05:12.579 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:05:12.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8681f030]
12:05:12.587 3 CLASSPNP.SYS[8bc0459e] -> nt!IofCallDriver -> [0x866de918]
12:05:12.590 5 ACPI.sys[83aba3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x866ca030]
12:05:14.074 AVAST engine scan C:\Windows
12:05:18.178 AVAST engine scan C:\Windows\system32
12:20:32.610 AVAST engine scan C:\Windows\system32\drivers
12:21:35.526 AVAST engine scan C:\Users\Cheung
13:30:11.180 AVAST engine scan C:\ProgramData
13:35:18.673 Scan finished successfully
16:01:37.252 Disk 0 MBR has been saved successfully to "C:\Users\Cheung\Desktop\MBR.dat"
16:01:37.328 The log file has been saved successfully to "C:\Users\Cheung\Desktop\aswMBR.txt"
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x0000007f`e1702e00
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...
 
Good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Combofix ran successfully but it took ages (more than 15 minutes) to produce the Report and the computer hanged before it could tell me the Report had been produced. What had been made (and the creation time was right at the beginning of the report preparation) is here:

ComboFix 12-04-17.01 - Cheung 18/04/2012 9:22:30.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2353 [GMT 8:00]
Running from: C:\Users\Cheung\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Blinkx
C:\Program Files\Blinkx\blinkx.ico
C:\Program Files\Blinkx\blinkxss.exe
C:\Program Files\Blinkx\blinkxstop.exe
C:\Program Files\Blinkx\lang.dll
C:\Program Files\Blinkx\templates\beat.ico
C:\Program Files\Blinkx\templates\index.html
C:\Program Files\Blinkx\templates\noflash.html
C:\Program Files\Blinkx\templates\offline.html
C:\Program Files\Blinkx\templates\offline.swf
C:\Program Files\Blinkx\templates\uninstall.exe
C:\Program Files\DealScout
C:\Program Files\DealScout\deALscout.dll
C:\Program Files\DealScout\installer.ico
C:\Program Files\DealScout\uninstall.exe
C:\Users\Cheung\AppData\Local\assembly\tmp
C:\Users\Cheung\AppData\Roaming\Cocylu
C:\Users\Cheung\AppData\Roaming\Cocylu\qouq.mai
C:\Users\Cheung\AppData\Roaming\Cocylu\qouq.tmp
C:\Windows\$NtUninstallKB23404$
C:\Windows\$NtUninstallKB23404$\1048025828\L\xadqgnnk
C:\Windows\$NtUninstallKB42131$
C:\Windows\$NtUninstallKB42131$\1048025828\L\xadqgnnk
C:\Windows\system32\dds_trash_log.cmd
C:\Windows\system32\tmp4A3F.tmp
C:\Windows\system32\tmp4A4F.tmp
C:\Windows\system32\tmp51FC.tmp
C:\Windows\system32\tmp523B.tmp
C:\Windows\XSxS
D:\autorun.inf

((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))

2012-04-18 01:33:56 . 2012-04-18 01:33:56 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-18 01:33:55 . 2012-04-18 01:33:55 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2012-04-17 12:42:50 . 2012-04-17 12:42:50 -------- d-----w- C:\Program Files\Common Files\Java
2012-04-17 12:42:24 . 2012-04-17 12:42:07 637848 ----a-w- C:\Windows\system32\npdeployJava1.dll
2012-04-17 12:30:30 . 2012-04-17 12:30:30 242240 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-04-17 12:30:18 . 2012-04-17 12:30:30 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2012-04-17 11:50:06 . 2012-04-18 01:35:44 56200 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84B0D504-B077-4239-9341-C5BA1A9D1218}\offreg.dll
2012-04-17 10:23:31 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84B0D504-B077-4239-9341-C5BA1A9D1218}\mpengine.dll
2012-04-17 03:05:23 . 2012-04-17 03:05:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 08:00:30 . 2012-04-16 08:00:30 -------- d-----w- C:\Program Files\FileHippo.com
2012-04-15 10:02:12 . 2012-04-04 07:56:40 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-15 10:02:11 . 2012-04-15 10:02:29 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-14 10:08:06 . 2012-04-14 10:08:10 -------- d-----w- C:\Users\Cheung\AppData\Local\adaware
2012-04-14 10:08:05 . 2012-04-14 10:08:07 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-14 10:07:52 . 2011-04-05 09:35:20 94040 ----a-w- C:\Windows\system32\drivers\sbhips.sys
2012-04-14 10:07:39 . 2011-04-05 09:35:20 78936 ----a-w- C:\Windows\system32\drivers\sbtis.sys
2012-04-14 10:07:21 . 2011-04-05 09:35:20 221784 ----a-w- C:\Windows\system32\drivers\SbFw.sys
2012-04-14 10:07:21 . 2011-02-08 01:14:22 69208 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
2012-04-14 10:07:17 . 2012-04-14 10:07:17 -------- d-----w- C:\ProgramData\Lavasoft
2012-04-14 10:07:16 . 2012-04-14 10:07:17 -------- d-----w- C:\Program Files\Ad-Aware Antivirus
2012-04-14 10:04:34 . 2012-04-16 09:24:07 -------- d-----w- C:\Users\Cheung\AppData\Roaming\Ad-Aware Antivirus
2012-04-13 16:34:12 . 2010-11-26 10:02:20 15672 ----a-w- C:\Windows\system32\drivers\SmartDefragDriver.sys
2012-04-13 16:34:06 . 2012-04-13 16:34:06 -------- d-----w- C:\Program Files\IObit
2012-04-13 16:29:38 . 2012-04-13 16:29:42 -------- d-----w- C:\Program Files\OpenDrive
2012-04-12 09:08:12 . 2012-03-01 05:46:57 19824 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 09:08:12 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-12 09:05:41 . 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-04-12 09:05:40 . 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-04-11 08:04:38 . 2012-04-11 08:04:38 -------- d--h--w- C:\Windows\AxInstSV
2012-04-11 07:39:40 . 2012-04-12 09:05:23 -------- d-----w- C:\Users\DB
2012-04-04 04:16:32 . 2012-04-04 04:17:28 -------- d-----w- C:\Program Files\Megacloud
2012-04-04 04:08:42 . 2012-04-04 04:09:21 -------- d-----w- C:\Program Files\Spectromancer
2012-04-04 03:29:13 . 2012-04-04 03:29:13 -------- d-----w- C:\Users\Cheung\AppData\Local\OpenDrive
2012-04-03 09:20:15 . 2012-04-18 02:00:21 -------- d-----w- C:\Users\Cheung\AppData\Roaming\Fiabee
2012-04-03 09:19:53 . 2012-04-03 09:19:53 -------- d-----w- C:\Program Files\Tuso
2012-03-28 03:45:27 . 2012-03-28 03:45:27 -------- d-----w- C:\Program Files\Evernote
2012-03-26 08:13:15 . 2012-03-26 08:13:15 5 ----a-w- C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-03-26 07:56:44 . 2012-04-18 00:33:49 -------- d-----w- C:\Users\Cheung\.gstreamer-0.10
2012-03-26 07:48:50 . 2012-03-26 07:48:50 -------- d-----w- C:\ProgramData\Motorola Media Link
2012-03-26 07:48:48 . 2012-03-26 07:48:48 -------- d-----w- C:\Program Files\Motorola Mobility
2012-03-26 07:45:56 . 2012-04-18 02:01:09 -------- d-----w- C:\Users\Cheung\AppData\Roaming\MotoCast
2012-03-22 19:12:12 . 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\system32\GPhotos.scr
2012-03-22 15:06:59 . 2006-09-12 04:46:24 227328 --sha-r- C:\Windows\system32\ac3DX.ax
2012-03-22 15:06:59 . 2006-08-16 07:53:32 175104 --sha-r- C:\Windows\system32\CoreAAC.ax
2012-03-22 15:06:59 . 2006-01-12 16:23:26 123904 --sha-r- C:\Windows\system32\AVCDX.ax
2012-03-22 15:06:59 . 2005-02-22 09:55:02 81920 --sha-r- C:\Windows\system32\aac_parser.ax
2012-03-22 15:06:59 . 2005-01-17 16:26:36 179200 --sha-r- C:\Windows\system32\DiracSplitter.ax
2012-03-22 15:06:59 . 2003-12-07 00:59:44 97280 --sha-r- C:\Windows\system32\FLACDX.ax
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-04-17 12:43:55 . 2011-06-26 00:41:06 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 12:42:07 . 2011-06-24 23:18:42 567696 ----a-w- C:\Windows\system32\deployJava1.dll
2012-04-17 03:08:46 . 2011-06-25 11:43:51 187904 ----a-w- C:\Windows\system32\drivers\netbt.sys
2012-03-16 01:48:42 . 2012-03-16 01:48:42 1734368 ----a-w- C:\Windows\system32\LivedriveControlPanel.cpl
2012-03-14 02:15:38 . 2011-06-25 03:24:14 6582328 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-01 05:37:41 . 2012-04-12 09:08:12 172544 ----a-w- C:\Windows\system32\wintrust.dll
2012-03-01 05:29:16 . 2012-04-12 09:08:12 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-02-28 01:11:07 . 2012-04-12 09:19:46 1127424 ----a-w- C:\Windows\system32\wininet.dll
2012-02-17 05:34:22 . 2012-03-14 13:14:01 919040 ----a-w- C:\Windows\system32\rdpcorets.dll
2012-02-17 05:34:22 . 2012-03-14 13:14:01 826880 ----a-w- C:\Windows\system32\rdpcore.dll
2012-02-17 04:14:08 . 2012-03-14 13:14:00 183808 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 . 2012-03-14 13:14:01 24576 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-02-14 04:09:44 . 2012-02-14 04:09:44 1070352 ----a-w- C:\Windows\system32\MSCOMCTL.OCX
2012-02-10 09:40:56 . 2012-02-10 09:41:26 713784 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20863C96-A9D1-4B85-BB1A-D10691BC006B}\gapaengine.dll
2012-02-10 05:38:43 . 2012-03-14 13:19:28 1077248 ----a-w- C:\Windows\system32\DWrite.dll
2012-02-09 14:43:00 . 2012-02-09 14:43:00 881984 ----a-w- C:\Windows\system32\nvgenco32.dll
2012-02-09 14:43:00 . 2012-02-09 14:43:00 61248 ----a-w- C:\Windows\system32\OpenCL.dll
2012-02-09 14:43:00 . 2012-02-09 14:43:00 5892928 ----a-w- C:\Windows\system32\nvcuda.dll
2012-02-09 14:43:00 . 2012-02-09 14:43:00 2517312 ----a-w- C:\Windows\system32\nvcuvid.dll
2012-02-09 14:43:00 . 2012-02-09 14:43:00 2437440 ----a-w- C:\Windows\system32\nvcuvenc.dll
2012-02-09 14:43:00 . 2012-02-09 14:43:00 19443520 ----a-w- C:\Windows\system32\nvoglv32.dll
2012-02-09 14:43:00 . 2012-02-09 14:43:00 17543488 ----a-w- C:\Windows\system32\nvcompiler.dll
2012-02-09 14:43:00 . 2012-02-09 14:43:00 15009600 ----a-w- C:\Windows\system32\nvd3dum.dll
2012-02-09 14:43:00 . 2012-02-09 14:43:00 10816832 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2012-02-09 14:43:00 . 2012-02-09 14:43:00 1000256 ----a-w- C:\Windows\system32\nvdispco32.dll
2012-02-09 14:43:00 . 2011-02-22 18:57:00 2301248 ----a-w- C:\Windows\system32\nvapi.dll
2012-02-09 14:43:00 . 2009-07-13 22:09:18 7713088 ----a-w- C:\Windows\system32\nvwgf2um.dll
2012-02-03 03:54:27 . 2012-03-14 13:19:30 2343424 ----a-w- C:\Windows\system32\win32k.sys
2012-01-31 12:44:05 . 2011-06-24 09:19:05 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-01-25 05:58:00 . 2012-01-25 05:58:00 23808 ----a-w- C:\Windows\system32\drivers\Motousbnet.sys
2012-01-25 05:57:48 . 2012-01-25 05:57:48 24192 ----a-w- C:\Windows\system32\drivers\motmodem.sys
2012-01-25 05:57:44 . 2012-01-25 05:57:44 8448 ----a-w- C:\Windows\system32\drivers\motccgpfl.sys
2012-01-25 05:57:36 . 2012-01-25 05:57:36 20864 ----a-w- C:\Windows\system32\drivers\motccgp.sys
2012-01-25 05:32:35 . 2012-03-14 13:13:58 58880 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-01-25 05:32:34 . 2012-03-14 13:13:58 129536 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 . 2012-03-14 13:13:58 8192 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2006-05-03 03:06:54 163328 --sha-r- C:\Windows\System32\flvDX.dll
2007-02-21 04:47:16 31232 --sha-r- C:\Windows\System32\msfDX.dll
2008-03-16 06:30:52 216064 --sha-r- C:\Windows\System32\nbDX.dll
2010-01-06 16:00:00 107520 --sha-r- C:\Windows\System32\TAKDSDecoder.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 08:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AEC5D7C-9BA0-4A13-AB5D-244E4276FC09}]
2012-01-28 06:44:53 760136 ----a-w- C:\Windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1B5498A8-C09C-43DD-89FC-67803840387E}"= "C:\Windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll" [2012-01-28 06:44:53 760136]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 08:49:38 176936]
"{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "C:\Program Files\GoBox\gobox.dll" [2012-03-02 02:35:38 311296]
[HKEY_CLASSES_ROOT\clsid\{1b5498a8-c09c-43dd-89fc-67803840387e}]
[HKEY_CLASSES_ROOT\PrimaDeskPlugin.PrimadeskToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{FC7DF02D-B3FD-440D-B35C-EF63E4EEFB23}]
[HKEY_CLASSES_ROOT\PrimaDeskPlugin.Primadesk]
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 08:49:38 176936]
"{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "C:\Program Files\GoBox\gobox.dll" [2012-03-02 02:35:38 311296]
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSOComplete]
@="{F0DEA1E7-0A07-490d-A2F8-6E711A576463}"
[HKEY_CLASSES_ROOT\CLSID\{F0DEA1E7-0A07-490d-A2F8-6E711A576463}]
2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSODownloading]
@="{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}"
[HKEY_CLASSES_ROOT\CLSID\{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}]
2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03_TUSOInProgress]
@="{342DF534-1707-4bcb-A8AE-12790BB89C8E}"
[HKEY_CLASSES_ROOT\CLSID\{342DF534-1707-4bcb-A8AE-12790BB89C8E}]
2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04_TUSOSharedComplete]
@="{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}"
[HKEY_CLASSES_ROOT\CLSID\{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}]
2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05_TUSODefault]
@="{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}"
[HKEY_CLASSES_ROOT\CLSID\{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}]
2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06_TUSOLink]
@="{5FD2AA18-24C0-4A27-9824-AC5AF745369E}"
[HKEY_CLASSES_ROOT\CLSID\{5FD2AA18-24C0-4A27-9824-AC5AF745369E}]
2012-03-27 07:12:26 3795456 ----a-w- C:\Program Files\Tuso\Fiabee Sync\ShellExtension.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-04-11 07:06:44 221840 ----a-w- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0OpenDrive_ShellOverlayIcon]
@="{3268FFAC-39F2-4058-BE09-7396DB121F4A}"
[HKEY_CLASSES_ROOT\CLSID\{3268FFAC-39F2-4058-BE09-7396DB121F4A}]
2012-03-10 04:04:14 3153584 ----a-w- C:\Program Files\OpenDrive\OpenDrive.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:07:40 559104 ----a-w- C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:07:40 559104 ----a-w- C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:07:40 559104 ----a-w- C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:07:40 559104 ----a-w- C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{0367BF0F-7636-43AF-A152-E935D61A0203}"
[HKEY_CLASSES_ROOT\CLSID\{0367BF0F-7636-43AF-A152-E935D61A0203}]
2011-12-02 10:37:10 158224 ----a-w- C:\Windows\System32\CbFsMntNtf3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt1]
@="{A30768B3-9C38-4810-AAC3-422B73A0B25C}"
[HKEY_CLASSES_ROOT\CLSID\{A30768B3-9C38-4810-AAC3-422B73A0B25C}]
2011-09-15 09:25:30 573440 ----a-w- C:\IDSync\IDSyncIcon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt2]
@="{906E4756-73EC-4A58-A3B1-461B759D8F7B}"
[HKEY_CLASSES_ROOT\CLSID\{906E4756-73EC-4A58-A3B1-461B759D8F7B}]
2011-09-15 09:25:30 573440 ----a-w- C:\IDSync\IDSyncIcon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt3]
@="{5DF1669E-DBBC-4C36-918E-8E470774D7AF}"
[HKEY_CLASSES_ROOT\CLSID\{5DF1669E-DBBC-4C36-918E-8E470774D7AF}]
2011-09-15 09:25:30 573440 ----a-w- C:\IDSync\IDSyncIcon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-04-11 07:06:44 221840 ----a-w- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-04-11 07:06:44 221840 ----a-w- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-12-02 10:37:10 158224 ----a-w- C:\Windows\System32\CbFsMntNtf3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2012-03-16 01:48:56 1008328 ----a-w- C:\Program Files\Megacloud\LivedriveExtensions.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:29:44 365648 ----a-w- C:\Program Files\SugarSync\SugarSyncShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:29:44 365648 ----a-w- C:\Program Files\SugarSync\SugarSyncShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:29:44 365648 ----a-w- C:\Program Files\SugarSync\SugarSyncShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:29:44 365648 ----a-w- C:\Program Files\SugarSync\SugarSyncShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 05:58:52 495616]
"SugarSync"="C:\Program Files\SugarSync\SugarSyncManager.exe" [2012-03-19 20:32:24 9413712]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 15:07:38 718720]
"BIBLauncher"="C:\Program Files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 06:02:05 901600]
"OpenDNS Updater"="C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 21:42:58 839680]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 06:28:48 39408]
"WLSync"="C:\Program Files\Windows Live\Mesh\WLSync.exe" [2011-05-13 07:23:02 1449312]
"Akamai NetSession Interface"="C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe" [2012-03-12 21:37:52 3331872]
"Xvid"="C:\Program Files\Xvid\CheckUpdate.exe" [2011-01-17 19:41:43 8192]
"IDSyncStartup"="C:\IDSync\IDSyncStartup.exe" [2011-09-14 10:44:28 95704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2012-04-05 03:41:28 17356424]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 04:43:08 247728]
"MotoCast"="C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-03-26 08:14:18 1981]
"Livedrive"="C:\Program Files\Megacloud\Livedrive.exe" [2012-03-16 01:45:40 1636864]
"FileHippo.com"="C:\Program Files\FileHippo.com\UpdateChecker.exe" [2012-03-26 07:34:22 306688]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 09:54:22 3672384]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 12:17:41 1174016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"TrayServer"="C:\PROGRA~1\MAGIX\MOVIE_~1\TrayServer_en.exe" [2008-11-13 04:52:48 90112]
"Zune Launcher"="C:\Program Files\Zune1\ZuneLauncher.exe" [2011-08-05 04:29:56 159456]
"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 05:37:14 517096]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-07-05 10:36:48 421888]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [2011-06-08 09:00:36 5694792]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 07:16:48 997920]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 06:54:26 91520]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 06:37:46 135536]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 07:57:34 1313672]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 07:56:42 1821576]
"Intel AppUp(SM) center"="C:\Program Files\IntelAppUp\IntelAppStore\bin\serviceManager.lnk" [2011-06-24 10:47:20 1311]
"TVEService"="C:\Program Files\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 09:56:04 226536]
"PCMAgent"="C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 03:34:02 148776]
"PlayMovie"="C:\Program Files\CyberLink\PlayMovie\PMVService.exe" [2009-09-08 10:07:24 177384]
"CLMLServer"="C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 03:34:20 202024]
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 09:42:18 499608]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 23:08:56 1523360]
"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 14:10:47 402432]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 05:53:56 36760]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 05:53:56 815512]
"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2011-11-30 00:43:27 296056]
"Fiabee"="C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe" [2012-03-27 07:19:50 9892336]
"OpenDrive Tray"="C:\Program Files\OpenDrive\OpenDrive_Tray.exe" [2012-03-10 04:03:56 4341424]
"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 09:09:36 198032]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 07:56:38 462408]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 03:07:54 252296]
C:\Users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Cheung\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24242056]
C:\Users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
EvernoteTray.lnk - C:\Program Files\Evernote\Evernote\EvernoteTray.exe [2012-3-22 391008]
GoBox.lnk - C:\Program Files\GoBox\gobox_desktop.exe [2012-3-2 491520]
IDriveSync Tray.lnk - C:\IDSync\IDSyncTray.exe [2012-3-2 1775064]
MangoApps Desktop.lnk - C:\Program Files\MangoApps Desktop\MangoApps Desktop.exe [2012-3-9 142336]
MegaCloud.lnk - C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe [2011-11-28 10755728]
Microsoft SharePoint Workspace.lnk - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
PortableApps.lnk - C:\Portable Apps\Start.exe [2011-12-8 145920]
qlock.lnk - C:\Program Files\Qlock\qlock.exe [2009-2-14 4142080]
Samsung Auto Backup Guage.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-6-27 888832]
Samsung Auto Backup Real-Time Daemon.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-6-27 77824]
Samsung Auto Backup Scheduler.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-6-27 102400]
Windows Live Mesh.lnk - C:\Program Files\Windows Live\Mesh\WLSync.exe [2011-5-13 1449312]
Wuala.lnk - C:\Users\Cheung\AppData\Roaming\Wuala\Wuala.exe [2012-2-27 451504]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
 
That log is incomplete.
Check C:\combofix.txt file to see if there is more than you posted.

If not you have to re-run Combofix.
 
when it was preparing report, it said to not start any programs, but the restart meant that all my startup and system tray items started. Would this be the cause?
 
ComboFix 12-04-17.01 - Cheung 18/04/2012 12:19:45.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.1551 [GMT 8:00]
Running from: c:\users\Cheung\Desktop\ComboFix1.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 04:29 . 2012-04-18 04:29--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-04-18 04:29 . 2012-04-18 04:29--------d-----w-c:\users\Dropbox2\AppData\Local\temp
2012-04-18 04:29 . 2012-04-18 04:29--------d-----w-c:\users\Dropbox1\AppData\Local\temp
2012-04-18 04:29 . 2012-04-18 04:29--------d-----w-c:\users\Default\AppData\Local\temp
2012-04-18 03:57 . 2012-04-18 03:5756200----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55EF27BB-B2D7-488F-B92B-74475F11E9CB}\offreg.dll
2012-04-18 02:34 . 2012-03-14 02:156582328----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55EF27BB-B2D7-488F-B92B-74475F11E9CB}\mpengine.dll
2012-04-18 01:02 . 2012-04-18 03:00--------d-----w-C:\ComboFix
2012-04-17 12:42 . 2012-04-17 12:42--------d-----w-c:\program files\Common Files\Java
2012-04-17 12:42 . 2012-04-17 12:42637848----a-w-c:\windows\system32\npdeployJava1.dll
2012-04-17 12:30 . 2012-04-17 12:30242240----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-17 12:30 . 2012-04-17 12:30--------d-----w-c:\program files\DAEMON Tools Lite
2012-04-17 03:05 . 2012-04-17 03:05--------d-----w-C:\TDSSKiller_Quarantine
2012-04-16 08:00 . 2012-04-16 08:00--------d-----w-c:\program files\FileHippo.com
2012-04-15 10:02 . 2012-04-04 07:5622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-15 10:02 . 2012-04-15 10:02--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-04-14 10:08 . 2012-04-14 10:08--------d-----w-c:\users\Cheung\AppData\Local\adaware
2012-04-14 10:08 . 2012-04-14 10:08--------d-----w-c:\programdata\Ad-Aware Browsing Protection
2012-04-14 10:07 . 2011-04-05 09:3594040----a-w-c:\windows\system32\drivers\sbhips.sys
2012-04-14 10:07 . 2011-04-05 09:3578936----a-w-c:\windows\system32\drivers\sbtis.sys
2012-04-14 10:07 . 2011-04-05 09:35221784----a-w-c:\windows\system32\drivers\SbFw.sys
2012-04-14 10:07 . 2011-02-08 01:1469208----a-w-c:\windows\system32\drivers\SbFwIm.sys
2012-04-14 10:07 . 2012-04-14 10:07--------d-----w-c:\programdata\Lavasoft
2012-04-14 10:07 . 2012-04-14 10:07--------d-----w-c:\program files\Ad-Aware Antivirus
2012-04-14 10:04 . 2012-04-16 09:24--------d-----w-c:\users\Cheung\AppData\Roaming\Ad-Aware Antivirus
2012-04-13 16:34 . 2011-12-16 09:2129016----a-w-c:\windows\system32\SmartDefragBootTime.exe
2012-04-13 16:34 . 2010-11-26 10:0215672----a-w-c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-13 16:34 . 2012-04-13 16:34--------d-----w-c:\program files\IObit
2012-04-13 16:29 . 2012-04-13 16:29--------d-----w-c:\program files\OpenDrive
2012-04-12 09:08 . 2012-03-01 05:4619824----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:08 . 2012-03-01 05:37172544----a-w-c:\windows\system32\wintrust.dll
2012-04-12 09:08 . 2012-03-01 05:33159232----a-w-c:\windows\system32\imagehlp.dll
2012-04-12 09:08 . 2012-03-01 05:295120----a-w-c:\windows\system32\wmi.dll
2012-04-12 09:05 . 2012-03-06 05:593968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-04-12 09:05 . 2012-03-06 05:593913072----a-w-c:\windows\system32\ntoskrnl.exe
2012-04-11 08:04 . 2012-04-11 08:04--------d--h--w-c:\windows\AxInstSV
2012-04-11 07:39 . 2012-04-12 09:05--------d-----w-c:\users\DB
2012-04-04 04:16 . 2012-04-04 04:17--------d-----w-c:\program files\Megacloud
2012-04-04 04:08 . 2012-04-04 04:09--------d-----w-c:\program files\Spectromancer
2012-04-04 03:29 . 2012-04-04 03:29--------d-----w-c:\users\Cheung\AppData\Local\OpenDrive
2012-04-03 09:20 . 2012-04-18 03:02--------d-----w-c:\users\Cheung\AppData\Roaming\Fiabee
2012-04-03 09:19 . 2012-04-03 09:19--------d-----w-c:\program files\Tuso
2012-03-28 03:45 . 2012-03-28 03:45--------d-----w-c:\program files\Evernote
2012-03-26 08:13 . 2012-03-26 08:135----a-w-c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-03-26 07:56 . 2012-04-18 04:02--------d-----w-c:\users\Cheung\.gstreamer-0.10
2012-03-26 07:48 . 2012-03-26 07:48--------d-----w-c:\programdata\Motorola Media Link
2012-03-26 07:48 . 2012-03-26 07:48--------d-----w-c:\program files\Motorola Mobility
2012-03-26 07:45 . 2012-04-18 04:17--------d-----w-c:\users\Cheung\AppData\Roaming\MotoCast
2012-03-22 19:12 . 2012-03-22 19:124435968----a-w-c:\windows\system32\GPhotos.scr
2012-03-22 15:06 . 2006-09-12 04:46227328--sha-r-c:\windows\system32\ac3DX.ax
2012-03-22 15:06 . 2006-08-16 07:53175104--sha-r-c:\windows\system32\CoreAAC.ax
2012-03-22 15:06 . 2006-01-12 16:23123904--sha-r-c:\windows\system32\AVCDX.ax
2012-03-22 15:06 . 2005-02-22 09:5581920--sha-r-c:\windows\system32\aac_parser.ax
2012-03-22 15:06 . 2005-01-17 16:26179200--sha-r-c:\windows\system32\DiracSplitter.ax
2012-03-22 15:06 . 2003-12-07 00:5997280--sha-r-c:\windows\system32\FLACDX.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 12:43 . 2011-06-26 00:4170304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 12:42 . 2011-06-24 23:18567696----a-w-c:\windows\system32\deployJava1.dll
2012-04-17 03:08 . 2011-06-25 11:43187904----a-w-c:\windows\system32\drivers\netbt.sys
2012-03-16 01:48 . 2012-03-16 01:481734368----a-w-c:\windows\system32\LivedriveControlPanel.cpl
2012-03-14 02:15 . 2011-06-25 03:246582328----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-17 05:34 . 2012-03-14 13:14919040----a-w-c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 13:14826880----a-w-c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 13:14183808----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 13:1424576----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-02-14 04:09 . 2012-02-14 04:091070352----a-w-c:\windows\system32\MSCOMCTL.OCX
2012-02-10 09:40 . 2012-02-10 09:41713784------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20863C96-A9D1-4B85-BB1A-D10691BC006B}\gapaengine.dll
2012-02-10 05:38 . 2012-03-14 13:191077248----a-w-c:\windows\system32\DWrite.dll
2012-02-09 14:43 . 2012-02-09 14:43881984----a-w-c:\windows\system32\nvgenco32.dll
2012-02-09 14:43 . 2012-02-09 14:4361248----a-w-c:\windows\system32\OpenCL.dll
2012-02-09 14:43 . 2012-02-09 14:435892928----a-w-c:\windows\system32\nvcuda.dll
2012-02-09 14:43 . 2012-02-09 14:432517312----a-w-c:\windows\system32\nvcuvid.dll
2012-02-09 14:43 . 2012-02-09 14:432437440----a-w-c:\windows\system32\nvcuvenc.dll
2012-02-09 14:43 . 2012-02-09 14:4319443520----a-w-c:\windows\system32\nvoglv32.dll
2012-02-09 14:43 . 2012-02-09 14:4317543488----a-w-c:\windows\system32\nvcompiler.dll
2012-02-09 14:43 . 2012-02-09 14:4315009600----a-w-c:\windows\system32\nvd3dum.dll
2012-02-09 14:43 . 2012-02-09 14:4310816832----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-02-09 14:43 . 2012-02-09 14:431000256----a-w-c:\windows\system32\nvdispco32.dll
2012-02-09 14:43 . 2011-02-22 18:572301248----a-w-c:\windows\system32\nvapi.dll
2012-02-09 14:43 . 2009-07-13 22:097713088----a-w-c:\windows\system32\nvwgf2um.dll
2012-02-03 03:54 . 2012-03-14 13:192343424----a-w-c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-06-24 09:19237072------w-c:\windows\system32\MpSigStub.exe
2012-01-25 05:58 . 2012-01-25 05:5823808----a-w-c:\windows\system32\drivers\Motousbnet.sys
2012-01-25 05:57 . 2012-01-25 05:5724192----a-w-c:\windows\system32\drivers\motmodem.sys
2012-01-25 05:57 . 2012-01-25 05:578448----a-w-c:\windows\system32\drivers\motccgpfl.sys
2012-01-25 05:57 . 2012-01-25 05:5720864----a-w-c:\windows\system32\drivers\motccgp.sys
2012-01-25 05:32 . 2012-03-14 13:1358880----a-w-c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 13:13129536----a-w-c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 13:138192----a-w-c:\windows\system32\rdrmemptylst.exe
2006-05-03 03:06163328--sha-r-c:\windows\System32\flvDX.dll
2007-02-21 04:4731232--sha-r-c:\windows\System32\msfDX.dll
2008-03-16 06:30216064--sha-r-c:\windows\System32\nbDX.dll
2010-01-06 16:00107520--sha-r-c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AEC5D7C-9BA0-4A13-AB5D-244E4276FC09}]
2012-01-28 06:44760136----a-w-c:\windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-05-09 08:49176936----a-w-c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1B5498A8-C09C-43DD-89FC-67803840387E}"= "c:\windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll" [2012-01-28 760136]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
"{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\GoBox\gobox.dll" [2012-03-02 311296]
.
[HKEY_CLASSES_ROOT\clsid\{1b5498a8-c09c-43dd-89fc-67803840387e}]
[HKEY_CLASSES_ROOT\PrimaDeskPlugin.PrimadeskToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{FC7DF02D-B3FD-440D-B35C-EF63E4EEFB23}]
[HKEY_CLASSES_ROOT\PrimaDeskPlugin.Primadesk]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
"{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\GoBox\gobox.dll" [2012-03-02 311296]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSOComplete]
@="{F0DEA1E7-0A07-490d-A2F8-6E711A576463}"
[HKEY_CLASSES_ROOT\CLSID\{F0DEA1E7-0A07-490d-A2F8-6E711A576463}]
2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSODownloading]
@="{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}"
[HKEY_CLASSES_ROOT\CLSID\{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}]
2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03_TUSOInProgress]
@="{342DF534-1707-4bcb-A8AE-12790BB89C8E}"
[HKEY_CLASSES_ROOT\CLSID\{342DF534-1707-4bcb-A8AE-12790BB89C8E}]
2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04_TUSOSharedComplete]
@="{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}"
[HKEY_CLASSES_ROOT\CLSID\{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}]
2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05_TUSODefault]
@="{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}"
[HKEY_CLASSES_ROOT\CLSID\{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}]
2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06_TUSOLink]
@="{5FD2AA18-24C0-4A27-9824-AC5AF745369E}"
[HKEY_CLASSES_ROOT\CLSID\{5FD2AA18-24C0-4A27-9824-AC5AF745369E}]
2012-03-27 07:123795456----a-w-c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-04-11 07:06221840----a-w-c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0OpenDrive_ShellOverlayIcon]
@="{3268FFAC-39F2-4058-BE09-7396DB121F4A}"
[HKEY_CLASSES_ROOT\CLSID\{3268FFAC-39F2-4058-BE09-7396DB121F4A}]
2012-03-10 04:043153584----a-w-c:\program files\OpenDrive\OpenDrive.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:07559104----a-w-c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:07559104----a-w-c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:07559104----a-w-c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:07559104----a-w-c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{0367BF0F-7636-43AF-A152-E935D61A0203}"
[HKEY_CLASSES_ROOT\CLSID\{0367BF0F-7636-43AF-A152-E935D61A0203}]
2011-12-02 10:37158224----a-w-c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt1]
@="{A30768B3-9C38-4810-AAC3-422B73A0B25C}"
[HKEY_CLASSES_ROOT\CLSID\{A30768B3-9C38-4810-AAC3-422B73A0B25C}]
2011-09-15 09:25573440----a-w-c:\idsync\IDSyncIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt2]
@="{906E4756-73EC-4A58-A3B1-461B759D8F7B}"
[HKEY_CLASSES_ROOT\CLSID\{906E4756-73EC-4A58-A3B1-461B759D8F7B}]
2011-09-15 09:25573440----a-w-c:\idsync\IDSyncIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt3]
@="{5DF1669E-DBBC-4C36-918E-8E470774D7AF}"
[HKEY_CLASSES_ROOT\CLSID\{5DF1669E-DBBC-4C36-918E-8E470774D7AF}]
2011-09-15 09:25573440----a-w-c:\idsync\IDSyncIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-04-11 07:06221840----a-w-c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-04-11 07:06221840----a-w-c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-12-02 10:37158224----a-w-c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2012-03-16 01:481008328----a-w-c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:29365648----a-w-c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:29365648----a-w-c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:29365648----a-w-c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:29365648----a-w-c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]
"Akamai NetSession Interface"="c:\users\Cheung\AppData\Local\Akamai\netsession_win.exe" [2012-03-12 3331872]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"IDSyncStartup"="c:\idsync\IDSyncStartup.exe" [2011-09-14 95704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-03-26 1981]
"Livedrive"="c:\program files\Megacloud\Livedrive.exe" [2012-03-16 1636864]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"TrayServer"="c:\progra~1\MAGIX\MOVIE_~1\TrayServer_en.exe" [2008-11-13 90112]
"Zune Launcher"="c:\program files\Zune1\ZuneLauncher.exe" [2011-08-05 159456]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2011-06-08 5694792]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Intel AppUp(SM) center"="c:\program files\IntelAppUp\IntelAppStore\bin\serviceManager.lnk" [2011-06-24 1311]
"TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 226536]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 148776]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2009-09-08 177384]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 202024]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-30 296056]
"Fiabee"="c:\program files\Tuso\Fiabee Sync\Fiabee.exe" [2012-03-27 9892336]
"OpenDrive Tray"="c:\program files\OpenDrive\OpenDrive_Tray.exe" [2012-03-10 4341424]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cheung\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24242056]
.
c:\users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
EvernoteTray.lnk - c:\program files\Evernote\Evernote\EvernoteTray.exe [2012-3-22 391008]
GoBox.lnk - c:\program files\GoBox\gobox_desktop.exe [2012-3-2 491520]
IDriveSync Tray.lnk - c:\idsync\IDSyncTray.exe [2012-3-2 1775064]
MangoApps Desktop.lnk - c:\program files\MangoApps Desktop\MangoApps Desktop.exe [2012-3-9 142336]
MegaCloud.lnk - c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe [2011-11-28 10755728]
Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
PortableApps.lnk - c:\portable apps\Start.exe [2011-12-8 145920]
qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-14 4142080]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-6-27 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-6-27 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-6-27 102400]
Windows Live Mesh.lnk - c:\program files\Windows Live\Mesh\WLSync.exe [2011-5-13 1449312]
Wuala.lnk - c:\users\Cheung\AppData\Roaming\Wuala\Wuala.exe [2012-2-27 451504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Cheung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Cheung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:543672384----a-w-c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 17:07421736----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-05-20 08:56724536----a-w-c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 05:58495616----a-w-c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync]
2012-03-19 20:329413712----a-w-c:\program files\SugarSync\SugarSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-07-22 06:2839408----a-w-c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-30 00:43296056----a-w-c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZuneLyricsHelper]
2009-09-06 03:1961952----a-w-c:\program files\Zune Addons\Zune Lyrics\ZuneNowPlaying.exe
 
.
R1 algpxihc;algpxihc;c:\windows\system32\drivers\algpxihc.sys [x]
R1 anfrxscr;anfrxscr;c:\windows\system32\drivers\anfrxscr.sys [x]
R1 anrxzaes;anrxzaes;c:\windows\system32\drivers\anrxzaes.sys [x]
R1 bcykqxnd;bcykqxnd;c:\windows\system32\drivers\bcykqxnd.sys [x]
R1 bfeazglf;bfeazglf;c:\windows\system32\drivers\bfeazglf.sys [x]
R1 bizvasmp;bizvasmp;c:\windows\system32\drivers\bizvasmp.sys [x]
R1 bkasepal;bkasepal;c:\windows\system32\drivers\bkasepal.sys [x]
R1 bynjmlee;bynjmlee;c:\windows\system32\drivers\bynjmlee.sys [x]
R1 cleqxnfr;cleqxnfr;c:\windows\system32\drivers\cleqxnfr.sys [x]
R1 clrpisck;clrpisck;c:\windows\system32\drivers\clrpisck.sys [x]
R1 cmfxxesp;cmfxxesp;c:\windows\system32\drivers\cmfxxesp.sys [x]
R1 cnbqyxod;cnbqyxod;c:\windows\system32\drivers\cnbqyxod.sys [x]
R1 cnivisli;cnivisli;c:\windows\system32\drivers\cnivisli.sys [x]
R1 cqumwyqr;cqumwyqr;c:\windows\system32\drivers\cqumwyqr.sys [x]
R1 crlwsgkt;crlwsgkt;c:\windows\system32\drivers\crlwsgkt.sys [x]
R1 crogquxg;crogquxg;c:\windows\system32\drivers\crogquxg.sys [x]
R1 cvoosfih;cvoosfih;c:\windows\system32\drivers\cvoosfih.sys [x]
R1 dfjlravi;dfjlravi;c:\windows\system32\drivers\dfjlravi.sys [x]
R1 dgxwxhoi;dgxwxhoi;c:\windows\system32\drivers\dgxwxhoi.sys [x]
R1 doavittn;doavittn;c:\windows\system32\drivers\doavittn.sys [x]
R1 dobsrzzr;dobsrzzr;c:\windows\system32\drivers\dobsrzzr.sys [x]
R1 echtgppb;echtgppb;c:\windows\system32\drivers\echtgppb.sys [x]
R1 efctuwcc;efctuwcc;c:\windows\system32\drivers\efctuwcc.sys [x]
R1 ejswrmjj;ejswrmjj;c:\windows\system32\drivers\ejswrmjj.sys [x]
R1 eudmlcgx;eudmlcgx;c:\windows\system32\drivers\eudmlcgx.sys [x]
R1 feskqxkv;feskqxkv;c:\windows\system32\drivers\feskqxkv.sys [x]
R1 fvemleed;fvemleed;c:\windows\system32\drivers\fvemleed.sys [x]
R1 fyqgcqyx;fyqgcqyx;c:\windows\system32\drivers\fyqgcqyx.sys [x]
R1 gaiyrthq;gaiyrthq;c:\windows\system32\drivers\gaiyrthq.sys [x]
R1 gimxcwch;gimxcwch;c:\windows\system32\drivers\gimxcwch.sys [x]
R1 glewgrop;glewgrop;c:\windows\system32\drivers\glewgrop.sys [x]
R1 gmwhdabk;gmwhdabk;c:\windows\system32\drivers\gmwhdabk.sys [x]
R1 gyzsnjch;gyzsnjch;c:\windows\system32\drivers\gyzsnjch.sys [x]
R1 hbxpeivb;hbxpeivb;c:\windows\system32\drivers\hbxpeivb.sys [x]
R1 hcaktcpj;hcaktcpj;c:\windows\system32\drivers\hcaktcpj.sys [x]
R1 hspvpogo;hspvpogo;c:\windows\system32\drivers\hspvpogo.sys [x]
R1 iiiribdp;iiiribdp;c:\windows\system32\drivers\iiiribdp.sys [x]
R1 inzhyahc;inzhyahc;c:\windows\system32\drivers\inzhyahc.sys [x]
R1 iqbjmgih;iqbjmgih;c:\windows\system32\drivers\iqbjmgih.sys [x]
R1 irqarmaw;irqarmaw;c:\windows\system32\drivers\irqarmaw.sys [x]
R1 irubozzj;irubozzj;c:\windows\system32\drivers\irubozzj.sys [x]
R1 jgubkche;jgubkche;c:\windows\system32\drivers\jgubkche.sys [x]
R1 jjxcyfpq;jjxcyfpq;c:\windows\system32\drivers\jjxcyfpq.sys [x]
R1 jnlvhsra;jnlvhsra;c:\windows\system32\drivers\jnlvhsra.sys [x]
R1 kdcouwvd;kdcouwvd;c:\windows\system32\drivers\kdcouwvd.sys [x]
R1 kiosgusv;kiosgusv;c:\windows\system32\drivers\kiosgusv.sys [x]
R1 ldkoqbcv;ldkoqbcv;c:\windows\system32\drivers\ldkoqbcv.sys [x]
R1 lhhjelll;lhhjelll;c:\windows\system32\drivers\lhhjelll.sys [x]
R1 lkqtjhjr;lkqtjhjr;c:\windows\system32\drivers\lkqtjhjr.sys [x]
R1 lqotftju;lqotftju;c:\windows\system32\drivers\lqotftju.sys [x]
R1 mcaayfmg;mcaayfmg;c:\windows\system32\drivers\mcaayfmg.sys [x]
R1 mjjbyqgs;mjjbyqgs;c:\windows\system32\drivers\mjjbyqgs.sys [x]
R1 mjzygdsh;mjzygdsh;c:\windows\system32\drivers\mjzygdsh.sys [x]
R1 myhxbxgn;myhxbxgn;c:\windows\system32\drivers\myhxbxgn.sys [x]
R1 mzmslejl;mzmslejl;c:\windows\system32\drivers\mzmslejl.sys [x]
R1 ndjpqrgg;ndjpqrgg;c:\windows\system32\drivers\ndjpqrgg.sys [x]
R1 ndxkqvho;ndxkqvho;c:\windows\system32\drivers\ndxkqvho.sys [x]
R1 nghkpaca;nghkpaca;c:\windows\system32\drivers\nghkpaca.sys [x]
R1 nglygumz;nglygumz;c:\windows\system32\drivers\nglygumz.sys [x]
R1 nmlxqhad;nmlxqhad;c:\windows\system32\drivers\nmlxqhad.sys [x]
R1 odrjidqo;odrjidqo;c:\windows\system32\drivers\odrjidqo.sys [x]
R1 oentpmve;oentpmve;c:\windows\system32\drivers\oentpmve.sys [x]
R1 ohtgvpls;ohtgvpls;c:\windows\system32\drivers\ohtgvpls.sys [x]
R1 ojvnitvc;ojvnitvc;c:\windows\system32\drivers\ojvnitvc.sys [x]
R1 omnfwvux;omnfwvux;c:\windows\system32\drivers\omnfwvux.sys [x]
R1 oostygzp;oostygzp;c:\windows\system32\drivers\oostygzp.sys [x]
R1 osbtqxyg;osbtqxyg;c:\windows\system32\drivers\osbtqxyg.sys [x]
R1 oxmyyngw;oxmyyngw;c:\windows\system32\drivers\oxmyyngw.sys [x]
R1 oyqbyjxp;oyqbyjxp;c:\windows\system32\drivers\oyqbyjxp.sys [x]
R1 prhcxhri;prhcxhri;c:\windows\system32\drivers\prhcxhri.sys [x]
R1 pugrpfks;pugrpfks;c:\windows\system32\drivers\pugrpfks.sys [x]
R1 pxctjdxj;pxctjdxj;c:\windows\system32\drivers\pxctjdxj.sys [x]
R1 qdyrljwa;qdyrljwa;c:\windows\system32\drivers\qdyrljwa.sys [x]
R1 qhyymwib;qhyymwib;c:\windows\system32\drivers\qhyymwib.sys [x]
R1 qmhwivaz;qmhwivaz;c:\windows\system32\drivers\qmhwivaz.sys [x]
R1 rpkkgjox;rpkkgjox;c:\windows\system32\drivers\rpkkgjox.sys [x]
R1 rtvimyen;rtvimyen;c:\windows\system32\drivers\rtvimyen.sys [x]
R1 ruvxtwxa;ruvxtwxa;c:\windows\system32\drivers\ruvxtwxa.sys [x]
R1 rwtlydmu;rwtlydmu;c:\windows\system32\drivers\rwtlydmu.sys [x]
R1 rzgttibq;rzgttibq;c:\windows\system32\drivers\rzgttibq.sys [x]
R1 spzwunjo;spzwunjo;c:\windows\system32\drivers\spzwunjo.sys [x]
R1 srkqcgyr;srkqcgyr;c:\windows\system32\drivers\srkqcgyr.sys [x]
R1 tgvfsljd;tgvfsljd;c:\windows\system32\drivers\tgvfsljd.sys [x]
R1 tmyeytbk;tmyeytbk;c:\windows\system32\drivers\tmyeytbk.sys [x]
R1 tpiwwocw;tpiwwocw;c:\windows\system32\drivers\tpiwwocw.sys [x]
R1 ujpmglgd;ujpmglgd;c:\windows\system32\drivers\ujpmglgd.sys [x]
R1 uqgovcpe;uqgovcpe;c:\windows\system32\drivers\uqgovcpe.sys [x]
R1 uvyxiehq;uvyxiehq;c:\windows\system32\drivers\uvyxiehq.sys [x]
R1 uywyvisi;uywyvisi;c:\windows\system32\drivers\uywyvisi.sys [x]
R1 vmskvhis;vmskvhis;c:\windows\system32\drivers\vmskvhis.sys [x]
R1 wayrjbij;wayrjbij;c:\windows\system32\drivers\wayrjbij.sys [x]
R1 wiqcqshl;wiqcqshl;c:\windows\system32\drivers\wiqcqshl.sys [x]
R1 wlryfvmn;wlryfvmn;c:\windows\system32\drivers\wlryfvmn.sys [x]
R1 wluefyoa;wluefyoa;c:\windows\system32\drivers\wluefyoa.sys [x]
R1 wolwliit;wolwliit;c:\windows\system32\drivers\wolwliit.sys [x]
R1 wvsyfnkj;wvsyfnkj;c:\windows\system32\drivers\wvsyfnkj.sys [x]
R1 xaaszano;xaaszano;c:\windows\system32\drivers\xaaszano.sys [x]
R1 xcnkzzti;xcnkzzti;c:\windows\system32\drivers\xcnkzzti.sys [x]
R1 xjnzyttd;xjnzyttd;c:\windows\system32\drivers\xjnzyttd.sys [x]
R1 yaoqwpdl;yaoqwpdl;c:\windows\system32\drivers\yaoqwpdl.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
R2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 252576]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-12 49152]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 20864]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 8448]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 23808]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune1\WMZuneComm.exe [2011-08-05 268512]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2011-01-06 13440]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-16 146904]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-12-02 296336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-17 242240]
S1 ISODisk;ISODisk; [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 101720]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S2 IDSyncService;IDSyncService;c:\idsync\IDSyncService.exe [2011-06-09 144856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MegacloudVSSService;Megacloud VSS Service;c:\program files\Megacloud\VSSService.exe [2012-03-16 157920]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 74968]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-29 464224]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-29 189792]
S2 wrapper;theSkyNet;c:\program files\theSkyNet\wrapper-windows-x86-32.exe [2011-05-25 431896]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 45288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [2010-08-11 18288]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [2010-08-11 70512]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
btkrnl
ADSMService
viaagp1
pcx1nd5
dmboot
LC7981
DCamUSBMke
alcan5wn
Bcim
swupdtmr
SGHIDI
DcCam
pcctlcom
sis162u
ANC
logonsvcid
ftdisk
usnsvc
bdss
icraplus
F700ius
zebrceb
pxfhbus
s125mdfl
RDID1007
SetupSys
symappcore
iastor
btnetfilter
paamsrv
vsdatant
LRMINIPORT
procexp100
FA312
zpcollector
W700mdfl
tsdhd
nvedavt
p2k
ctxcpuusync
SGIR
atierecord
unrealircd
nwlnkipx
se59unic
servidor
ctdvda2k
ndassvc
application
CTERFXFX.DLL
dlaifs_m
autocomplete
AlKernel
msftesql
SbcpHid
cicsclient
vcommmgr
avhook
AcronisOSSReinstallSvc
SymIM
contentfilter
swmidi
ELmou
ZY202_XP
niorbk
adobeversioncue
dot4scan
iviaspi
hcwPVRP2
sprtsvc_dellsupportcenter
wmccds
nvcap
MSSQL$AUTODESKVAULT
cisvc
ccevtmgr
tm_cfw
dlacdbhm
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 12:43]
.
2012-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-07-22 11:01]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 05:40]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 05:40]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001Core.job
- c:\users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:17]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001UA.job
- c:\users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dreamerz.biz/home.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*;127.0.0.1:9421;<local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4 - c:\portable apps\PortableApps\EvernotePortable\App\Evernote\EvernoteIE.dll/204
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Linked&In Search - c:\program files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll/ContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8B75A3DC-33D2-42E6-9440-7A1BECF6D031}: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{BB33D5F5-D7EF-41F9-A0C1-0A3064D53BD4}: NameServer = 208.67.222.222,208.67.220.220
DPF: {1FAEED48-6C46-4AE6-9686-499858131F2E} - hxxps://www.primadesk.com/primadesk/plugin/npPrimaDeskPlugin.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-30810291.sys
MSConfigStartUp-TrayServer - c:\program files\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version1\TrayServer_en.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
AddRemove-DealScout - c:\program files\DealScout\uninstall.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-blinkx beat - c:\program files\Blinkx\templates\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4196)
c:\program files\Tuso\Fiabee Sync\LIBEAY32.dll
c:\program files\Tuso\Fiabee Sync\SSLEAY32.dll
c:\program files\Tuso\Fiabee Sync\iconv.dll
c:\program files\OpenDrive\OpenDrive.dll
c:\program files\OpenDrive\libssh2.dll
c:\program files\OpenDrive\zlibwapi.dll
c:\program files\Wuala OverlayIcons\OverlayIcon.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\idsync\IDSyncIcon.dll
c:\program files\Megacloud\LivedriveExtensions.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\CbFsNetRdr3.dll
.
Completion time: 2012-04-18 12:33:03
ComboFix-quarantined-files.txt 2012-04-18 04:33
.
Pre-Run: 129,162,366,976 bytes free
Post-Run: 128,882,073,600 bytes free
.
- - End Of File - - E6A997BE16D39885B3D1CFF6406694A3
 
Since running combofix, when i try to open ie it comes with error:

C:\Program Files\Internet Explorer\iexplore.exe

Illegal operation attempted on a registry key that has been marked for deletion.

I have had to use Chrome to post this. (Was already installed).
 
After the error it come up with the following option:

[Window Title]
Windows

[Main Instruction]
Can't open this item

[Content]
It might have been moved, renamed, or deleted. Do you want to remove this item?

[Yes] [No]
 
Explorer is getting the same error as IE. Actually any program that is in the registry is getting the error. (Chrome I am using is a Portable Version). Scared to reboot!!!
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back