RedBarron

Members
  • Content count

    13
  • Joined

  • Last visited

About RedBarron

  • Rank
    New Member
  1. Ok, so I thought I was good, then I got the same thing again: 2012/05/02 10:52:53 +0800 IP-BLOCK 122.70.141.101 (Type: outgoing, Port: 59021, Process: chrome.exe) Here is the OTL log: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Arne ->Java cache emptied: 10237700 bytes User: Default User: Default User User: Public Total Java Files Cleaned = 10.00 mb [EMPTYTEMP] User: All Users User: Arne ->Temp folder emptied: 56522282 bytes ->Temporary Internet Files folder emptied: 56483518 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 80288214 bytes ->Google Chrome cache emptied: 363081678 bytes ->Flash cache emptied: 112725 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 74464 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 531.00 mb OTL by OldTimer - Version 3.2.42.1 log created on 05032012_122652 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Here is the MBAM, ran a full scan: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.03.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 [administrator] Protection: Enabled 03.05.2012 13:29:15 mbam-log-2012-05-03 (13-29-15).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 293548 Time elapsed: 1 hour(s), 26 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  2. Hey, sorry I didn't see your last post, I will do it tomorrow.. btw. this is the last time Malwarebytes blocked anything: 2012/04/26 00:59:13 +0800 IP-BLOCK 60.190.222.181 (Type: outgoing, Port: 50196, Process: chrome.exe) so fingers crossed, maybe something helped along the way
  3. OTL logfile created on: 4/27/2012 11:53:35 PM - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Arne\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1013.30 Mb Total Physical Memory | 157.65 Mb Available Physical Memory | 15.56% Memory free 2.10 Gb Paging File | 0.61 Gb Available in Paging File | 28.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 150.27 Gb Total Space | 90.28 Gb Free Space | 60.08% Space Free | Partition Type: NTFS Drive D: | 67.51 Gb Total Space | 65.42 Gb Free Space | 96.90% Space Free | Partition Type: NTFS Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/27 23:52:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/09/29 20:13:22 | 000,771,640 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe PRC - [2011/09/29 20:13:19 | 001,181,240 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe PRC - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2011/01/17 18:37:40 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\scalc.exe PRC - [2010/11/23 14:26:41 | 000,503,808 | ---- | M] (Author - Igor Vigdorchik) -- C:\Program Files\Sticky Notes\StickyNotes.exe PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/11/20 12:01:36 | 002,247,168 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/10/26 19:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/10/02 23:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/10/02 23:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe ========== Modules (No Company Name) ========== MOD - [2012/04/12 15:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll MOD - [2012/04/12 15:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll MOD - [2012/04/12 15:36:18 | 000,544,240 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\libglesv2.dll MOD - [2012/04/12 15:36:17 | 000,117,744 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\libegl.dll MOD - [2012/04/12 15:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll MOD - [2012/04/12 15:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll MOD - [2012/04/12 15:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll MOD - [2012/04/12 14:51:55 | 008,743,584 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll MOD - [2011/09/29 20:13:22 | 000,771,640 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe MOD - [2011/03/15 20:40:00 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2011/03/15 20:40:00 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll ========== Win32 Services (SafeList) ========== SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2009/10/02 23:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Arne\AppData\Local\Temp\phoenix\PhnxBldr.sys -- (PhnxBuilder) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\HyperSpace\PhnxBldr.sys -- (PhnxBldr) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arne\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arne\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/04/27 08:15:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48200D8E-3AB9-437A-A139-7AE66C543B8C}\MpKsl61bf4070.sys -- (MpKsl61bf4070) DRV - [2012/04/25 22:52:35 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011/08/04 04:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/17 04:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2009/09/28 17:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/02 04:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009/05/01 18:11:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{4C7AABE8-8045-4207-926A-F5EE06FA9BD6}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{8B5AE1A3-BDD6-4CE8-8289-C5C05BBAAA7F}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "http://www.google.com/search?hl=en-GB&q=" FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.io8.org/autoproxy/e1.pac" FF - prefs.js..network.proxy.http: "http://proxy.io8.org/autoproxy/e1.pac" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/10 00:20:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/27 23:42:54 | 000,000,000 | ---D | M] [2010/07/02 20:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\Mozilla\Extensions [2012/02/25 21:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions [2012/02/19 14:49:05 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012/02/25 21:55:52 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions\chineseperakun@gmail.com [2010/10/24 00:05:57 | 000,001,632 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\firefox-add-ons.xml [2010/10/24 00:09:28 | 000,001,330 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\wikipedia-en.xml [2010/10/24 00:36:42 | 000,001,032 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\wikipedia-eng.xml [2012/04/27 23:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/27 23:43:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012/04/10 00:20:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/07/08 18:12:54 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: google.com (Default) (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&source=hp&biw=1228&bih=610&q={searchTerms}&btnG=Google+Search&aq=1&aqi=g10&aql=&oq=cowboy CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Offline Google Mail = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\ CHR - Extension: Google Calendar = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: Zhongwen: A Chinese-English Popup Dictionary = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde\3.2.1_0\ CHR - Extension: Google Play Books = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\ O1 HOSTS File: ([2012/04/26 00:22:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Google Pinyin 3 Autoupdater] C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe (Google Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk = C:\Program Files\Sticky Notes\StickyNotes.exe (Author - Igor Vigdorchik) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/04/27 23:52:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe [2012/04/27 23:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/04/26 10:16:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Arne\Desktop\aswMBR.exe [2012/04/26 00:28:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/04/26 00:27:57 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/04/26 00:21:51 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\temp [2012/04/26 00:05:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/04/26 00:05:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/04/26 00:05:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/04/26 00:05:10 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2012/04/26 00:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/25 23:56:45 | 004,475,034 | R--- | C] (Swearware) -- C:\Users\Arne\Desktop\ComboFix.exe [2012/04/25 22:52:28 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\RK_Quarantine [2012/04/23 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\igowin [2012/04/18 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft [2012/04/18 23:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft [2012/04/18 19:43:48 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Malwarebytes [2012/04/18 19:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/18 19:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/18 19:42:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/04/18 19:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/18 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\Arne\Documents\China Reading [2012/04/18 15:14:04 | 000,000,000 | ---D | C] -- C:\Users\Arne\.FBReader [2012/04/18 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows [2012/04/18 15:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows [2012/04/18 15:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\FBReader [2012/04/18 14:52:12 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\calibre [2012/04/12 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\German [2012/04/12 21:24:05 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\English [2012/04/11 19:48:59 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\bigword [2012/04/05 20:29:36 | 000,000,000 | ---D | C] -- C:\windows\Minidump ========== Files - Modified Within 30 Days ========== [2012/04/27 23:52:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe [2012/04/27 23:43:10 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job [2012/04/27 23:13:03 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/27 22:43:10 | 000,000,094 | -H-- | M] () -- C:\Users\Arne\Documents\.~lock.Plan.ods# [2012/04/27 22:43:04 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job [2012/04/27 20:13:01 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/27 18:28:19 | 000,037,637 | ---- | M] () -- C:\Users\Arne\Documents\Plan.ods [2012/04/27 16:45:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/04/26 16:31:18 | 000,649,912 | ---- | M] () -- C:\Users\Arne\Desktop\02.jpg [2012/04/26 16:29:54 | 000,301,135 | ---- | M] () -- C:\Users\Arne\Desktop\01.jpg [2012/04/26 10:49:37 | 000,254,651 | ---- | M] () -- C:\Users\Arne\Desktop\malware still there.jpg [2012/04/26 10:48:40 | 000,000,512 | ---- | M] () -- C:\Users\Arne\Desktop\MBR.dat [2012/04/26 10:17:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Arne\Desktop\aswMBR.exe [2012/04/26 00:22:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2012/04/25 23:57:15 | 004,475,034 | R--- | M] (Swearware) -- C:\Users\Arne\Desktop\ComboFix.exe [2012/04/25 23:51:07 | 000,194,984 | ---- | M] () -- C:\Users\Arne\Desktop\most recent malware.jpg [2012/04/25 22:52:35 | 000,013,824 | ---- | M] () -- C:\windows\System32\drivers\TrueSight.sys [2012/04/25 18:45:36 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/25 18:45:36 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/25 18:38:06 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys [2012/04/24 19:42:28 | 000,038,593 | ---- | M] () -- C:\Users\Arne\Desktop\outgoing malware small.jpg [2012/04/24 19:41:36 | 000,208,399 | ---- | M] () -- C:\Users\Arne\Desktop\outgoing malware.jpg [2012/04/24 13:02:27 | 154,344,779 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/04/19 00:03:58 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/04/19 00:03:58 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/04/18 19:43:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/18 15:09:40 | 000,001,835 | ---- | M] () -- C:\Users\Arne\Desktop\FBReader.lnk [2012/04/18 11:31:05 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/04/18 11:07:08 | 000,349,848 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/04/14 01:14:56 | 000,002,358 | ---- | M] () -- C:\Users\Arne\Desktop\Google Chrome.lnk [2012/04/08 23:14:32 | 011,364,790 | ---- | M] () -- C:\Users\Arne\Documents\671790WP0P127500China020300complete.pdf [2012/04/04 18:44:35 | 000,726,148 | ---- | M] () -- C:\Users\Arne\Documents\chinas_12th_five-year_plan.pdf [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/04/27 22:43:10 | 000,000,094 | -H-- | C] () -- C:\Users\Arne\Documents\.~lock.Plan.ods# [2012/04/26 16:24:36 | 000,301,135 | ---- | C] () -- C:\Users\Arne\Desktop\01.jpg [2012/04/26 16:24:19 | 000,649,912 | ---- | C] () -- C:\Users\Arne\Desktop\02.jpg [2012/04/26 10:49:36 | 000,254,651 | ---- | C] () -- C:\Users\Arne\Desktop\malware still there.jpg [2012/04/26 10:48:40 | 000,000,512 | ---- | C] () -- C:\Users\Arne\Desktop\MBR.dat [2012/04/26 00:05:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/04/26 00:05:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/04/26 00:05:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/04/26 00:05:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/04/26 00:05:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/04/25 23:51:07 | 000,194,984 | ---- | C] () -- C:\Users\Arne\Desktop\most recent malware.jpg [2012/04/25 22:52:35 | 000,013,824 | ---- | C] () -- C:\windows\System32\drivers\TrueSight.sys [2012/04/24 19:42:27 | 000,038,593 | ---- | C] () -- C:\Users\Arne\Desktop\outgoing malware small.jpg [2012/04/24 19:41:35 | 000,208,399 | ---- | C] () -- C:\Users\Arne\Desktop\outgoing malware.jpg [2012/04/18 19:43:13 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/18 15:09:40 | 000,001,835 | ---- | C] () -- C:\Users\Arne\Desktop\FBReader.lnk [2012/04/08 23:19:19 | 011,364,790 | ---- | C] () -- C:\Users\Arne\Documents\671790WP0P127500China020300complete.pdf [2012/04/05 20:29:31 | 154,344,779 | ---- | C] () -- C:\windows\MEMORY.DMP [2012/04/04 18:44:42 | 000,726,148 | ---- | C] () -- C:\Users\Arne\Documents\chinas_12th_five-year_plan.pdf [2011/09/29 20:13:23 | 000,305,720 | ---- | C] () -- C:\windows\System32\GooglePinyin3EnRes.dll [2011/09/25 15:47:48 | 000,018,760 | ---- | C] () -- C:\windows\System32\QQVistaHelper.dll [2011/09/02 15:11:11 | 000,004,608 | ---- | C] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/08/17 17:27:18 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat [2010/12/21 16:11:28 | 000,007,599 | ---- | C] () -- C:\Users\Arne\AppData\Local\Resmon.ResmonCfg [2010/11/23 14:57:24 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat [2010/11/23 14:57:24 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat [2010/11/23 14:57:24 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat [2010/11/23 14:57:23 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat [2010/08/25 21:14:55 | 000,000,000 | ---- | C] () -- C:\Users\Arne\AppData\Roaming\wklnhst.dat [2010/08/08 22:51:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/06/29 22:31:44 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini ========== LOP Check ========== [2012/02/11 17:32:06 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.anki [2012/02/11 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.matplotlib [2012/02/17 11:00:39 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Azureus [2012/04/18 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\calibre [2010/10/20 05:25:17 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DataCast [2010/10/03 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers [2012/01/19 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\mplayer [2010/08/25 06:36:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\OpenOffice.org [2010/08/11 20:04:09 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PDF reDirect [2011/02/09 18:45:53 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PlayFirst [2010/08/25 21:14:56 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Template [2011/09/25 16:01:12 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Tencent [2011/06/22 10:36:37 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Windows Live Writer [2012/04/24 13:02:44 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011/11/12 00:53:35 | 000,033,915 | ---- | M] ()(C:\Users\Arne\Documents\??????????????????????.docx) -- C:\Users\Arne\Documents\北京中医药大学国医堂中医门诊部专家出诊时间表.docx [2011/11/12 00:53:24 | 000,033,915 | ---- | C] ()(C:\Users\Arne\Documents\??????????????????????.docx) -- C:\Users\Arne\Documents\北京中医药大学国医堂中医门诊部专家出诊时间表.docx ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > OTL Extras logfile created on: 4/27/2012 11:53:36 PM - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Arne\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1013.30 Mb Total Physical Memory | 157.65 Mb Available Physical Memory | 15.56% Memory free 2.10 Gb Paging File | 0.61 Gb Available in Paging File | 28.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 150.27 Gb Total Space | 90.28 Gb Free Space | 60.08% Space Free | Partition Type: NTFS Drive D: | 67.51 Gb Total Space | 65.42 Gb Free Space | 96.90% Space Free | Partition Type: NTFS Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{172585EC-A1E4-4B74-830F-2D7C4C2C3E2C}" = lport=2869 | protocol=6 | dir=in | app=system | "{5E81CDA4-8FC7-4303-B7A7-E0909113DFEA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{668E2972-5AC1-42D4-B84C-5B1E4B780BC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6AD63518-332F-4098-8F62-AE4ED8AD1BDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{076C08A2-71AB-45FF-A705-794B0EF82BBA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{2595AB1F-AC01-4C45-A751-58A1CA407403}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E5C6471B-A467-490A-B202-30760FFAFA80}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{0FE0F6EF-5EFF-4946-ABAF-5156CD6BBFC4}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{73D83F21-1D89-4EBE-A2B6-3B61D17820C0}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client "{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager "{4725E135-CF7D-4906-B4D0-D9F5FED44254}" = PreSetup HyperSpace "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax "{C455C4E0-6D64-4CA8-9CE7-C50ADCE61674}" = Xtra Controller Pro "{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software "755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) "7-Zip" = 7-Zip 4.65 "8461-7759-5462-8226" = Vuze "A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Anki" = Anki "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "FBReader for Windows" = FBReader for Windows "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "GooglePinyin3" = 谷歌拼音输入法 3.0 "HDMI" = Intel® Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "PokerStars" = PokerStars "SynTPDeinstKey" = Synaptics Pointing Device Driver "TIPP10_is1" = TIPP10 Version 2.0.3 "Uninstall_is1" = Uninstall 1.0.0.1 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.5 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/11/2012 12:56:30 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 4/13/2012 12:52:02 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 4/13/2012 12:53:19 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 4/13/2012 12:55:04 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 4/13/2012 12:57:35 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 4/13/2012 12:57:41 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 4/13/2012 1:45:50 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 4/13/2012 1:47:21 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 4/16/2012 5:44:01 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 4/16/2012 9:14:17 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. [ Cisco AnyConnect VPN Client Events ] Error - 4/26/2012 7:44:21 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:21 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line: 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321 Invoked Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283 Invoked Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp Line: 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE [ System Events ] Error - 6/27/2011 2:38:53 AM | Computer Name = Arne-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR2. Error - 6/28/2011 12:28:51 AM | Computer Name = Arne-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.463.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 6/28/2011 6:36:30 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error - 6/29/2011 7:56:51 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error - 6/29/2011 8:00:55 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 7/3/2011 7:24:11 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service. Error - 7/3/2011 11:20:11 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. Error - 7/4/2011 5:10:33 AM | Computer Name = Arne-PC | Source = DCOM | ID = 10010 Description = Error - 7/4/2011 5:13:03 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 7/4/2011 5:13:20 AM | Computer Name = Arne-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 < End of report >
  4. Updated and scanned, nothing found by Microsoft Security Essentials
  5. I have Skype 4.2, but it's been on my PC for a long time. I don't know how to check for the two parameters you mentioned in connection with Skype. I tried every website and they all came back green. I am located in China, so I don't know if they work over here. Listparts scan: ListParts by Farbar Version: 12-03-2012 03 Ran by Arne (administrator) on 27-04-2012 at 00:13:43 Windows 7 (X86) Running From: C:\Users\Arne\Downloads Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 76% Total physical RAM: 1013.3 MB Available physical RAM: 242.37 MB Total Pagefile: 2037.3 MB Available Pagefile: 497.63 MB Total Virtual: 2047.88 MB Available Virtual: 1956.37 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:150.27 GB) (Free:89.9 GB) NTFS 2 Drive d: () (Fixed) (Total:67.51 GB) (Free:65.42 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 1024 KB Disk 1 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 15 GB 1024 KB Partition 2 Primary 100 MB 15 GB Partition 3 Primary 150 GB 15 GB Partition 0 Extended 67 GB 165 GB Partition 4 Logical 67 GB 165 GB ====================================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 RECOVERY NTFS Partition 15 GB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 150 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 4 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 67 GB Healthy ====================================================================================================== ****** End Of Log ****** I will have to get back to you with the results of the Security Essentials scan tomorrow. Thanks
  6. Nothing detected
  7. Just as I was running the scan I had another pop up come up, this time not blocked by Malwarebytes (which I have re-enabled) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-26 10:22:03 ----------------------------- 10:22:03.377 OS Version: Windows 6.1.7601 Service Pack 1 10:22:03.377 Number of processors: 2 586 0x1C0A 10:22:03.439 ComputerName: ARNE-PC UserName: Arne 10:22:15.966 Initialize success 10:26:51.737 AVAST engine defs: 12042501 10:27:19.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 10:27:19.286 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3 10:27:19.349 Disk 0 MBR read successfully 10:27:19.349 Disk 0 MBR scan 10:27:19.442 Disk 0 unknown MBR code 10:27:19.489 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048 10:27:19.645 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328 10:27:19.832 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 153877 MB offset 31664128 10:27:19.957 Disk 0 Partition - 00 0F Extended LBA 69136 MB offset 346804224 10:27:20.004 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 69135 MB offset 346806272 10:27:20.160 Disk 0 scanning sectors +488395120 10:27:20.394 Disk 0 scanning C:\windows\system32\drivers 10:27:58.988 Service scanning 10:28:30.766 Service MpKslf19de2ff c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA898340-CC50-4996-8ECC-1C3A487DFD79}\MpKslf19de2ff.sys **LOCKED** 32 10:28:31.109 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32 10:29:12.402 Modules scanning 10:29:33.602 Disk 0 trace - called modules: 10:29:33.649 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 10:29:33.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e76268] 10:29:33.680 3 CLASSPNP.SYS[86d7759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83753028] 10:29:34.460 AVAST engine scan C:\windows 10:29:45.927 AVAST engine scan C:\windows\system32 10:38:55.462 AVAST engine scan C:\windows\system32\drivers 10:39:42.319 AVAST engine scan C:\Users\Arne 10:48:40.301 Disk 0 MBR has been saved successfully to "C:\Users\Arne\Desktop\MBR.dat" 10:48:40.391 The log file has been saved successfully to "C:\Users\Arne\Desktop\aswMBR.txt"
  8. Thanks again for your help, I'm going to bed, will be back tomorrow.
  9. ComboFix 12-04-25.01 - Arne 26.04.2012 0:08.1.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00] ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\weave\toFetch . . ((((((((((((((((((((((( Dateien erstellt von 2012-03-25 bis 2012-04-25 )))))))))))))))))))))))))))))) . . 2012-04-25 16:21 . 2012-04-25 16:22 -------- d-----w- c:\users\Arne\AppData\Local\temp 2012-04-25 16:21 . 2012-04-25 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-25 14:53 . 2012-04-25 14:53 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys 2012-04-25 14:52 . 2012-04-25 14:52 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-04-25 10:50 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\mpengine.dll 2012-04-23 07:43 . 2012-04-23 07:43 -------- d-----w- c:\program files\igowin 2012-04-18 15:22 . 2012-04-19 04:21 -------- d-----w- c:\program files\Anvisoft 2012-04-18 11:43 . 2012-04-18 11:43 -------- d-----w- c:\users\Arne\AppData\Roaming\Malwarebytes 2012-04-18 11:42 . 2012-04-18 11:42 -------- d-----w- c:\programdata\Malwarebytes 2012-04-18 11:42 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-18 11:42 . 2012-04-18 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-18 07:14 . 2012-04-18 07:28 -------- d-----w- c:\users\Arne\.FBReader 2012-04-18 07:09 . 2012-04-18 07:09 -------- d-----w- c:\program files\FBReader 2012-04-18 06:52 . 2012-04-18 07:12 -------- d-----w- c:\users\Arne\AppData\Roaming\calibre 2012-04-17 16:22 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-17 16:22 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-17 16:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-17 16:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-17 16:21 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-17 16:21 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-17 16:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-04-09 16:20 . 2012-04-09 16:20 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-04-09 16:20 . 2012-04-09 16:20 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 07:36 . 2010-08-27 13:12 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-25 08:00 . 2012-02-25 08:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-11 09:49 . 2012-02-11 09:50 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69CC0D8-4232-4E28-96E6-3CBF44FDAA19}\gapaengine.dll 2012-01-31 12:44 . 2010-08-25 15:07 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-04-09 16:20 . 2012-02-19 05:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-18 8092192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Google Pinyin 3 Autoupdater"="c:\program files\Google\Google Pinyin 3\GooglePinyinDaemon.exe" [2011-09-29 1181240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Sticky Notes.lnk - c:\program files\Sticky Notes\StickyNotes.exe [2010-5-2 503808] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ GOOGLEPINYIN3.IME . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 84100573 *NewlyCreated* - MPKSL649AFCB5 *NewlyCreated* - TRUESIGHT *Deregistered* - 84100573 *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . Inhalt des "geplante Tasks" Ordners . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job - c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job - c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q= FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) SafeBoot-MCODS . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-04-26 00:27:54 ComboFix-quarantined-files.txt 2012-04-25 16:27 . Vor Suchlauf: 96.187.310.080 bytes free Nach Suchlauf: 96.988.626.944 bytes free . - - End Of File - - 1CAF1DBA8C5172C1532731C2AED11B0F
  10. <p> </p> <div>ComboFix 12-04-25.01 - Arne 26.04.2012 0:08.1.2 - x86</div> <div>Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00]</div> <div>ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe</div> <div>AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</div> <div>SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</div> <div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\programdata\FullRemove.exe</div> <div>c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\weave\toFetch</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((( Dateien erstellt von 2012-03-25 bis 2012-04-25 ))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-04-25 16:21 . 2012-04-25 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Local\temp</div> <div>2012-04-25 16:21 . 2012-04-25 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2012-04-25 14:53 . 2012-04-25 14:53<span class="Apple-tab-span" style="white-space:pre"> </span>29904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys</div> <div>2012-04-25 14:52 . 2012-04-25 14:52<span class="Apple-tab-span" style="white-space:pre"> </span>13824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\TrueSight.sys</div> <div>2012-04-25 10:50 . 2012-04-13 07:36<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\mpengine.dll</div> <div>2012-04-23 07:43 . 2012-04-23 07:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\igowin</div> <div>2012-04-18 15:22 . 2012-04-19 04:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Anvisoft</div> <div>2012-04-18 11:43 . 2012-04-18 11:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Roaming\Malwarebytes</div> <div>2012-04-18 11:42 . 2012-04-18 11:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div> <div>2012-04-18 11:42 . 2012-04-04 07:56<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-04-18 11:42 . 2012-04-18 11:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div> <div>2012-04-18 07:14 . 2012-04-18 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\.FBReader</div> <div>2012-04-18 07:09 . 2012-04-18 07:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\FBReader</div> <div>2012-04-18 06:52 . 2012-04-18 07:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Roaming\calibre</div> <div>2012-04-17 16:22 . 2012-03-01 05:46<span class="Apple-tab-span" style="white-space:pre"> </span>19824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div> <div>2012-04-17 16:22 . 2012-03-01 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>172544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div> <div>2012-04-17 16:22 . 2012-03-01 05:29<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div> <div>2012-04-17 16:22 . 2012-03-01 05:33<span class="Apple-tab-span" style="white-space:pre"> </span>159232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div> <div>2012-04-17 16:21 . 2012-03-06 05:59<span class="Apple-tab-span" style="white-space:pre"> </span>3968368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div> <div>2012-04-17 16:21 . 2012-03-06 05:59<span class="Apple-tab-span" style="white-space:pre"> </span>3913072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div> <div>2012-04-17 16:18 . 2012-02-17 05:34<span class="Apple-tab-span" style="white-space:pre"> </span>826880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcore.dll</div> <div>2012-04-09 16:20 . 2012-04-09 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>592824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\gkmedias.dll</div> <div>2012-04-09 16:20 . 2012-04-09 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>44472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\mozglue.dll</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-04-13 07:36 . 2010-08-27 13:12<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll</div> <div>2012-02-25 08:00 . 2012-02-25 08:00<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div> <div>2012-02-11 09:49 . 2012-02-11 09:50<span class="Apple-tab-span" style="white-space:pre"> </span>713784<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69CC0D8-4232-4E28-96E6-3CBF44FDAA19}\gapaengine.dll</div> <div>2012-01-31 12:44 . 2010-08-25 15:07<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div> <div>2012-04-09 16:20 . 2012-02-19 05:20<span class="Apple-tab-span" style="white-space:pre"> </span>97208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-18 8092192]</div> <div>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]</div> <div>"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]</div> <div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]</div> <div>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]</div> <div>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]</div> <div>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]</div> <div>"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]</div> <div>"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]</div> <div>"Google Pinyin 3 Autoupdater"="c:\program files\Google\Google Pinyin 3\GooglePinyinDaemon.exe" [2011-09-29 1181240]</div> <div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]</div> <div>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]</div> <div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]</div> <div>"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]</div> <div>.</div> <div>c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Sticky Notes.lnk - c:\program files\Sticky Notes\StickyNotes.exe [2010-5-2 503808]</div> <div>.</div> <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]</div> <div> Ime File<span class="Apple-tab-span" style="white-space:pre"> </span>REG_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>GOOGLEPINYIN3.IME</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]</div> <div>@="Service"</div> <div>.</div> <div>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]</div> <div>R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]</div> <div>R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]</div> <div>R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]</div> <div>R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]</div> <div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]</div> <div>S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]</div> <div>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]</div> <div>.</div> <div>.</div> <div>--- Andere Dienste/Treiber im Speicher ---</div> <div>.</div> <div>*NewlyCreated* - 84100573</div> <div>*NewlyCreated* - MPKSL649AFCB5</div> <div>*NewlyCreated* - TRUESIGHT</div> <div>*Deregistered* - 84100573</div> <div>*Deregistered* - TrueSight</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div> <div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc</div> <div>.</div> <div>Inhalt des "geplante Tasks" Ordners</div> <div>.</div> <div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]</div> <div>.</div> <div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]</div> <div>.</div> <div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job</div> <div>- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]</div> <div>.</div> <div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job</div> <div>- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]</div> <div>.</div> <div>.</div> <div>------- Zusätzlicher Suchlauf -------</div> <div>.</div> <div>uStart Page = hxxp://www.google.com/</div> <div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000</div> <div>IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm</div> <div>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html</div> <div>IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm</div> <div>IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm</div> <div>TCP: DhcpNameServer = 10.0.0.1</div> <div>FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\</div> <div>FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)</div> <div>FF - prefs.js: browser.startup.homepage - www.google.com</div> <div>FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=</div> <div>FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac</div> <div>FF - prefs.js: network.proxy.type - 0</div> <div>.</div> <div>- - - - Entfernte verwaiste Registrierungseinträge - - - -</div> <div>.</div> <div>Toolbar-Locked - (no file)</div> <div>SafeBoot-MCODS</div> <div>.</div> <div>.</div> <div>.</div> <div>--------------------- Gesperrte Registrierungsschluessel ---------------------</div> <div>.</div> <div>[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="WindowsLiveMail.Email.1"</div> <div>.</div> <div>[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="WindowsLiveMail.VCard.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>Zeit der Fertigstellung: 2012-04-26 00:27:54</div> <div>ComboFix-quarantined-files.txt 2012-04-25 16:27</div> <div>.</div> <div>Vor Suchlauf: 96.187.310.080 bytes free</div> <div>Nach Suchlauf: 96.988.626.944 bytes free</div> <div>.</div> <div>- - End Of File - - 1CAF1DBA8C5172C1532731C2AED11B0F</div> <div> </div>
  11. 23:44:57.0990 5348 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 23:44:59.0279 5348 ============================================================ 23:44:59.0279 5348 Current date / time: 2012/04/25 23:44:59.0279 23:44:59.0279 5348 SystemInfo: 23:44:59.0280 5348 23:44:59.0280 5348 OS Version: 6.1.7601 ServicePack: 1.0 23:44:59.0280 5348 Product type: Workstation 23:44:59.0280 5348 ComputerName: 23:44:59.0281 5348 UserName: 23:44:59.0281 5348 Windows directory: C:\windows 23:44:59.0281 5348 System windows directory: C:\windows 23:44:59.0281 5348 Processor architecture: Intel x86 23:44:59.0281 5348 Number of processors: 2 23:44:59.0281 5348 Page size: 0x1000 23:44:59.0281 5348 Boot type: Normal boot 23:44:59.0281 5348 ============================================================ 23:45:01.0930 5348 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:45:01.0936 5348 ============================================================ 23:45:01.0936 5348 \Device\Harddisk0\DR0: 23:45:01.0936 5348 MBR partitions: 23:45:01.0937 5348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000 23:45:01.0937 5348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x12C8A800 23:45:01.0962 5348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14ABD800, BlocksNum 0x8707970 23:45:01.0962 5348 ============================================================ 23:45:02.0055 5348 C: <-> \Device\Harddisk0\DR0\Partition1 23:45:02.0138 5348 D: <-> \Device\Harddisk0\DR0\Partition2 23:45:02.0138 5348 ============================================================ 23:45:02.0139 5348 Initialize success 23:45:02.0139 5348 ============================================================ 23:45:10.0653 4296 ============================================================ 23:45:10.0653 4296 Scan started 23:45:10.0653 4296 Mode: Manual; SigCheck; TDLFS; 23:45:10.0653 4296 ============================================================ 23:45:11.0082 4296 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys 23:45:11.0500 4296 1394ohci - ok 23:45:11.0578 4296 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys 23:45:11.0690 4296 ACPI - ok 23:45:11.0755 4296 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys 23:45:11.0891 4296 AcpiPmi - ok 23:45:11.0980 4296 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 23:45:12.0067 4296 adp94xx - ok 23:45:12.0114 4296 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 23:45:12.0250 4296 adpahci - ok 23:45:12.0297 4296 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 23:45:12.0474 4296 adpu320 - ok 23:45:12.0524 4296 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll 23:45:12.0705 4296 AeLookupSvc - ok 23:45:12.0794 4296 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys 23:45:12.0992 4296 AFD - ok 23:45:13.0043 4296 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys 23:45:13.0137 4296 agp440 - ok 23:45:13.0200 4296 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 23:45:13.0278 4296 aic78xx - ok 23:45:13.0324 4296 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe 23:45:13.0922 4296 ALG - ok 23:45:13.0993 4296 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys 23:45:14.0049 4296 aliide - ok 23:45:14.0072 4296 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys 23:45:14.0170 4296 amdagp - ok 23:45:14.0209 4296 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys 23:45:14.0288 4296 amdide - ok 23:45:14.0321 4296 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 23:45:14.0479 4296 AmdK8 - ok 23:45:14.0510 4296 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 23:45:14.0641 4296 AmdPPM - ok 23:45:14.0706 4296 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys 23:45:14.0820 4296 amdsata - ok 23:45:14.0877 4296 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 23:45:15.0037 4296 amdsbs - ok 23:45:15.0129 4296 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys 23:45:15.0214 4296 amdxata - ok 23:45:15.0293 4296 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys 23:45:15.0517 4296 AppID - ok 23:45:15.0567 4296 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll 23:45:15.0758 4296 AppIDSvc - ok 23:45:15.0841 4296 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll 23:45:16.0013 4296 Appinfo - ok 23:45:16.0055 4296 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 23:45:16.0157 4296 arc - ok 23:45:16.0176 4296 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 23:45:16.0288 4296 arcsas - ok 23:45:16.0332 4296 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 23:45:16.0547 4296 AsyncMac - ok 23:45:16.0616 4296 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys 23:45:16.0693 4296 atapi - ok 23:45:16.0931 4296 athr (49f17a2e79469be6581d491706720671) C:\windows\system32\DRIVERS\athr.sys 23:45:17.0181 4296 athr - ok 23:45:17.0368 4296 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 23:45:17.0559 4296 AudioEndpointBuilder - ok 23:45:17.0577 4296 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 23:45:17.0705 4296 Audiosrv - ok 23:45:17.0787 4296 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll 23:45:18.0005 4296 AxInstSV - ok 23:45:18.0102 4296 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 23:45:18.0301 4296 b06bdrv - ok 23:45:18.0367 4296 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 23:45:18.0554 4296 b57nd60x - ok 23:45:18.0616 4296 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll 23:45:18.0773 4296 BDESVC - ok 23:45:18.0820 4296 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 23:45:18.0906 4296 Beep - ok 23:45:18.0988 4296 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll 23:45:19.0162 4296 BFE - ok 23:45:19.0243 4296 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll 23:45:19.0420 4296 BITS - ok 23:45:19.0462 4296 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 23:45:19.0576 4296 blbdrive - ok 23:45:19.0630 4296 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys 23:45:19.0787 4296 bowser - ok 23:45:19.0806 4296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 23:45:19.0952 4296 BrFiltLo - ok 23:45:19.0978 4296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 23:45:20.0045 4296 BrFiltUp - ok 23:45:20.0122 4296 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll 23:45:20.0272 4296 Browser - ok 23:45:20.0302 4296 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 23:45:20.0443 4296 Brserid - ok 23:45:20.0458 4296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 23:45:20.0599 4296 BrSerWdm - ok 23:45:20.0635 4296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 23:45:20.0731 4296 BrUsbMdm - ok 23:45:20.0762 4296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 23:45:20.0848 4296 BrUsbSer - ok 23:45:20.0903 4296 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys 23:45:21.0052 4296 BthEnum - ok 23:45:21.0087 4296 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 23:45:21.0215 4296 BTHMODEM - ok 23:45:21.0267 4296 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 23:45:21.0354 4296 BthPan - ok 23:45:21.0417 4296 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys 23:45:21.0522 4296 BTHPORT - ok 23:45:21.0567 4296 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll 23:45:21.0736 4296 bthserv - ok 23:45:21.0766 4296 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys 23:45:21.0908 4296 BTHUSB - ok 23:45:21.0954 4296 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys 23:45:22.0128 4296 btusbflt - ok 23:45:22.0155 4296 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\windows\system32\drivers\btwaudio.sys 23:45:22.0277 4296 btwaudio - ok 23:45:22.0311 4296 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys 23:45:22.0446 4296 btwavdt - ok 23:45:22.0601 4296 btwdins (0e3ee2bc0ec56bfe869fcde3e5806684) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 23:45:23.0340 4296 btwdins - ok 23:45:23.0399 4296 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys 23:45:23.0494 4296 btwl2cap - ok 23:45:23.0532 4296 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys 23:45:23.0583 4296 btwrchid - ok 23:45:23.0634 4296 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 23:45:23.0802 4296 cdfs - ok 23:45:23.0874 4296 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys 23:45:23.0936 4296 cdrom - ok 23:45:24.0014 4296 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 23:45:24.0201 4296 CertPropSvc - ok 23:45:24.0232 4296 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 23:45:24.0348 4296 circlass - ok 23:45:24.0398 4296 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 23:45:24.0518 4296 CLFS - ok 23:45:24.0612 4296 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:45:24.0844 4296 clr_optimization_v2.0.50727_32 - ok 23:45:24.0931 4296 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:45:25.0003 4296 clr_optimization_v4.0.30319_32 - ok 23:45:25.0031 4296 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 23:45:25.0124 4296 CmBatt - ok 23:45:25.0180 4296 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys 23:45:25.0235 4296 cmdide - ok 23:45:25.0288 4296 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys 23:45:25.0418 4296 CNG - ok 23:45:25.0473 4296 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 23:45:25.0534 4296 Compbatt - ok 23:45:25.0602 4296 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys 23:45:25.0712 4296 CompositeBus - ok 23:45:25.0736 4296 COMSysApp - ok 23:45:25.0759 4296 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 23:45:25.0820 4296 crcdisk - ok 23:45:25.0900 4296 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys 23:45:26.0023 4296 CryptOSD - ok 23:45:26.0087 4296 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll 23:45:26.0212 4296 CryptSvc - ok 23:45:26.0302 4296 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 23:45:26.0469 4296 DcomLaunch - ok 23:45:26.0521 4296 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll 23:45:26.0673 4296 defragsvc - ok 23:45:26.0740 4296 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys 23:45:26.0920 4296 DfsC - ok 23:45:27.0013 4296 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll 23:45:27.0169 4296 Dhcp - ok 23:45:27.0211 4296 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 23:45:27.0431 4296 discache - ok 23:45:27.0501 4296 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 23:45:27.0607 4296 Disk - ok 23:45:27.0659 4296 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll 23:45:27.0820 4296 Dnscache - ok 23:45:27.0899 4296 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll 23:45:28.0060 4296 dot3svc - ok 23:45:28.0194 4296 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll 23:45:28.0354 4296 DPS - ok 23:45:28.0412 4296 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 23:45:28.0464 4296 drmkaud - ok 23:45:28.0546 4296 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys 23:45:28.0651 4296 DXGKrnl - ok 23:45:28.0699 4296 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll 23:45:28.0835 4296 EapHost - ok 23:45:29.0064 4296 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 23:45:29.0258 4296 ebdrv - ok 23:45:29.0391 4296 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe 23:45:29.0489 4296 EFS - ok 23:45:29.0616 4296 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys 23:45:29.0691 4296 ElbyCDIO - ok 23:45:29.0797 4296 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 23:45:29.0890 4296 elxstor - ok 23:45:29.0950 4296 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys 23:45:29.0998 4296 ErrDev - ok 23:45:30.0070 4296 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll 23:45:30.0237 4296 EventSystem - ok 23:45:30.0291 4296 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 23:45:30.0444 4296 exfat - ok 23:45:30.0472 4296 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 23:45:30.0576 4296 fastfat - ok 23:45:30.0670 4296 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe 23:45:30.0980 4296 Fax - ok 23:45:31.0014 4296 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 23:45:31.0122 4296 fdc - ok 23:45:31.0160 4296 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll 23:45:31.0283 4296 fdPHost - ok 23:45:31.0308 4296 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll 23:45:31.0443 4296 FDResPub - ok 23:45:31.0475 4296 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 23:45:31.0574 4296 FileInfo - ok 23:45:31.0602 4296 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 23:45:31.0733 4296 Filetrace - ok 23:45:31.0844 4296 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 23:45:31.0935 4296 flpydisk - ok 23:45:31.0976 4296 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 23:45:32.0061 4296 FltMgr - ok 23:45:32.0152 4296 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll 23:45:32.0305 4296 FontCache - ok 23:45:32.0365 4296 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 23:45:32.0479 4296 FontCache3.0.0.0 - ok 23:45:32.0515 4296 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 23:45:32.0601 4296 FsDepends - ok 23:45:32.0699 4296 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys 23:45:32.0759 4296 Fs_Rec - ok 23:45:32.0841 4296 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys 23:45:32.0955 4296 fvevol - ok 23:45:32.0989 4296 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 23:45:33.0088 4296 gagp30kx - ok 23:45:33.0168 4296 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll 23:45:33.0399 4296 gpsvc - ok 23:45:33.0495 4296 gupdate - ok 23:45:33.0509 4296 gupdatem - ok 23:45:33.0564 4296 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 23:45:33.0678 4296 hcw85cir - ok 23:45:33.0755 4296 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys 23:45:33.0848 4296 HdAudAddService - ok 23:45:33.0903 4296 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys 23:45:33.0976 4296 HDAudBus - ok 23:45:34.0014 4296 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 23:45:34.0081 4296 HidBatt - ok 23:45:34.0112 4296 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 23:45:34.0206 4296 HidBth - ok 23:45:34.0206 4296 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 23:45:34.0315 4296 HidIr - ok 23:45:34.0362 4296 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll 23:45:34.0548 4296 hidserv - ok 23:45:34.0609 4296 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys 23:45:34.0721 4296 HidUsb - ok 23:45:34.0773 4296 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll 23:45:34.0895 4296 hkmsvc - ok 23:45:34.0963 4296 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll 23:45:35.0105 4296 HomeGroupListener - ok 23:45:35.0171 4296 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll 23:45:35.0282 4296 HomeGroupProvider - ok 23:45:35.0345 4296 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys 23:45:35.0438 4296 HpSAMD - ok 23:45:35.0528 4296 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys 23:45:35.0671 4296 HTTP - ok 23:45:35.0754 4296 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys 23:45:35.0808 4296 hwpolicy - ok 23:45:35.0884 4296 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys 23:45:36.0030 4296 i8042prt - ok 23:45:36.0096 4296 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 23:45:36.0203 4296 iaStor - ok 23:45:36.0290 4296 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys 23:45:36.0430 4296 iaStorV - ok 23:45:36.0581 4296 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:45:37.0014 4296 idsvc - ok 23:45:37.0349 4296 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys 23:45:37.0747 4296 igfx - ok 23:45:37.0919 4296 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 23:45:37.0997 4296 iirsp - ok 23:45:38.0138 4296 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll 23:45:38.0328 4296 IKEEXT - ok 23:45:38.0547 4296 IntcAzAudAddService (7cb41a5e5c24f9f50e6533693e2bb74d) C:\windows\system32\drivers\RTKVHDA.sys 23:45:38.0732 4296 IntcAzAudAddService - ok 23:45:38.0962 4296 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys 23:45:39.0018 4296 intelide - ok 23:45:39.0067 4296 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 23:45:39.0175 4296 intelppm - ok 23:45:39.0222 4296 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll 23:45:39.0374 4296 IPBusEnum - ok 23:45:39.0418 4296 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 23:45:39.0578 4296 IpFilterDriver - ok 23:45:39.0675 4296 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll 23:45:39.0872 4296 iphlpsvc - ok 23:45:39.0919 4296 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys 23:45:40.0062 4296 IPMIDRV - ok 23:45:40.0093 4296 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 23:45:40.0199 4296 IPNAT - ok 23:45:40.0233 4296 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 23:45:40.0341 4296 IRENUM - ok 23:45:40.0399 4296 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys 23:45:40.0521 4296 isapnp - ok 23:45:40.0607 4296 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys 23:45:40.0712 4296 iScsiPrt - ok 23:45:40.0761 4296 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys 23:45:40.0852 4296 kbdclass - ok 23:45:40.0885 4296 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys 23:45:41.0001 4296 kbdhid - ok 23:45:41.0046 4296 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:45:41.0124 4296 KeyIso - ok 23:45:41.0151 4296 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys 23:45:41.0264 4296 KSecDD - ok 23:45:41.0295 4296 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys 23:45:41.0435 4296 KSecPkg - ok 23:45:41.0560 4296 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll 23:45:41.0725 4296 KtmRm - ok 23:45:41.0799 4296 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll 23:45:41.0960 4296 LanmanServer - ok 23:45:42.0013 4296 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll 23:45:42.0146 4296 LanmanWorkstation - ok 23:45:42.0211 4296 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 23:45:42.0359 4296 lltdio - ok 23:45:42.0408 4296 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll 23:45:42.0550 4296 lltdsvc - ok 23:45:42.0573 4296 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll 23:45:42.0693 4296 lmhosts - ok 23:45:42.0741 4296 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 23:45:42.0855 4296 LSI_FC - ok 23:45:42.0875 4296 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 23:45:42.0980 4296 LSI_SAS - ok 23:45:43.0008 4296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 23:45:43.0090 4296 LSI_SAS2 - ok 23:45:43.0113 4296 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 23:45:43.0229 4296 LSI_SCSI - ok 23:45:43.0263 4296 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 23:45:43.0433 4296 luafv - ok 23:45:43.0510 4296 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys 23:45:43.0577 4296 MBAMProtector - ok 23:45:43.0660 4296 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 23:45:44.0021 4296 MBAMService - ok 23:45:44.0059 4296 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 23:45:44.0125 4296 megasas - ok 23:45:44.0157 4296 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 23:45:44.0230 4296 MegaSR - ok 23:45:44.0269 4296 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 23:45:44.0400 4296 MMCSS - ok 23:45:44.0430 4296 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 23:45:44.0614 4296 Modem - ok 23:45:44.0711 4296 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 23:45:44.0882 4296 monitor - ok 23:45:44.0958 4296 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 23:45:45.0070 4296 mouclass - ok 23:45:45.0193 4296 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 23:45:45.0315 4296 mouhid - ok 23:45:45.0392 4296 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys 23:45:45.0559 4296 mountmgr - ok 23:45:45.0915 4296 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys 23:45:46.0047 4296 MpFilter - ok 23:45:46.0225 4296 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys 23:45:46.0418 4296 mpio - ok 23:45:46.0718 4296 MpKsl649afcb5 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys 23:45:46.0817 4296 MpKsl649afcb5 - ok 23:45:46.0928 4296 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys 23:45:47.0014 4296 MpNWMon - ok 23:45:47.0208 4296 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 23:45:47.0426 4296 mpsdrv - ok 23:45:47.0582 4296 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll 23:45:47.0813 4296 MpsSvc - ok 23:45:47.0890 4296 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys 23:45:47.0994 4296 MRxDAV - ok 23:45:48.0063 4296 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys 23:45:48.0189 4296 mrxsmb - ok 23:45:48.0249 4296 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys 23:45:48.0380 4296 mrxsmb10 - ok 23:45:48.0411 4296 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys 23:45:48.0587 4296 mrxsmb20 - ok 23:45:48.0655 4296 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys 23:45:48.0744 4296 msahci - ok 23:45:48.0809 4296 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys 23:45:48.0902 4296 msdsm - ok 23:45:48.0971 4296 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe 23:45:49.0134 4296 MSDTC - ok 23:45:49.0219 4296 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 23:45:49.0509 4296 Msfs - ok 23:45:49.0543 4296 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 23:45:49.0651 4296 mshidkmdf - ok 23:45:49.0717 4296 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys 23:45:49.0793 4296 msisadrv - ok 23:45:49.0872 4296 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll 23:45:50.0104 4296 MSiSCSI - ok 23:45:50.0120 4296 msiserver - ok 23:45:50.0276 4296 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 23:45:50.0447 4296 MSKSSRV - ok 23:45:50.0964 4296 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 23:45:51.0091 4296 MsMpSvc - ok 23:45:51.0169 4296 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 23:45:51.0316 4296 MSPCLOCK - ok 23:45:51.0435 4296 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 23:45:51.0567 4296 MSPQM - ok 23:45:51.0609 4296 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 23:45:51.0823 4296 MsRPC - ok 23:45:51.0929 4296 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys 23:45:52.0042 4296 mssmbios - ok 23:45:52.0098 4296 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 23:45:52.0206 4296 MSTEE - ok 23:45:52.0223 4296 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 23:45:52.0331 4296 MTConfig - ok 23:45:52.0361 4296 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 23:45:52.0475 4296 Mup - ok 23:45:52.0555 4296 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll 23:45:52.0749 4296 napagent - ok 23:45:52.0866 4296 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 23:45:53.0030 4296 NativeWifiP - ok 23:45:53.0102 4296 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys 23:45:53.0288 4296 NDIS - ok 23:45:53.0372 4296 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 23:45:53.0523 4296 NdisCap - ok 23:45:53.0558 4296 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 23:45:53.0717 4296 NdisTapi - ok 23:45:53.0800 4296 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys 23:45:53.0984 4296 Ndisuio - ok 23:45:54.0061 4296 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys 23:45:54.0201 4296 NdisWan - ok 23:45:54.0226 4296 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys 23:45:54.0417 4296 NDProxy - ok 23:45:54.0458 4296 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 23:45:54.0650 4296 NetBIOS - ok 23:45:54.0771 4296 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys 23:45:55.0018 4296 NetBT - ok 23:45:55.0082 4296 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:45:55.0194 4296 Netlogon - ok 23:45:55.0255 4296 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll 23:45:55.0449 4296 Netman - ok 23:45:55.0487 4296 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll 23:45:55.0742 4296 netprofm - ok 23:45:55.0851 4296 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:45:55.0976 4296 NetTcpPortSharing - ok 23:45:56.0023 4296 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 23:45:56.0140 4296 nfrd960 - ok 23:45:56.0259 4296 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys 23:45:56.0381 4296 NisDrv - ok 23:45:56.0516 4296 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 23:45:56.0742 4296 NisSrv - ok 23:45:56.0819 4296 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll 23:45:57.0051 4296 NlaSvc - ok 23:45:57.0068 4296 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 23:45:57.0270 4296 Npfs - ok 23:45:57.0355 4296 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll 23:45:57.0511 4296 nsi - ok 23:45:57.0562 4296 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 23:45:57.0712 4296 nsiproxy - ok 23:45:57.0894 4296 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys 23:45:58.0510 4296 Ntfs - ok 23:45:58.0571 4296 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 23:45:58.0686 4296 Null - ok 23:45:58.0772 4296 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys 23:45:58.0938 4296 nvraid - ok 23:45:58.0977 4296 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys 23:45:59.0156 4296 nvstor - ok 23:45:59.0286 4296 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys 23:45:59.0376 4296 nv_agp - ok 23:45:59.0428 4296 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys 23:45:59.0554 4296 ohci1394 - ok 23:45:59.0637 4296 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:45:59.0754 4296 ose - ok 23:45:59.0807 4296 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 23:45:59.0948 4296 p2pimsvc - ok 23:46:00.0005 4296 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll 23:46:00.0116 4296 p2psvc - ok 23:46:00.0161 4296 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 23:46:00.0290 4296 Parport - ok 23:46:00.0602 4296 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys 23:46:00.0710 4296 partmgr - ok 23:46:00.0739 4296 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 23:46:00.0826 4296 Parvdm - ok 23:46:00.0874 4296 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll 23:46:01.0025 4296 PcaSvc - ok 23:46:01.0088 4296 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys 23:46:01.0165 4296 pci - ok 23:46:01.0190 4296 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys 23:46:01.0244 4296 pciide - ok 23:46:01.0288 4296 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 23:46:01.0365 4296 pcmcia - ok 23:46:01.0394 4296 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 23:46:01.0476 4296 pcw - ok 23:46:01.0539 4296 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 23:46:01.0687 4296 PEAUTH - ok 23:46:01.0781 4296 PhnxBldr - ok 23:46:01.0859 4296 PhnxBuilder - ok 23:46:02.0065 4296 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll 23:46:02.0409 4296 pla - ok 23:46:02.0670 4296 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll 23:46:02.0827 4296 PlugPlay - ok 23:46:02.0860 4296 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll 23:46:02.0993 4296 PNRPAutoReg - ok 23:46:03.0041 4296 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 23:46:03.0137 4296 PNRPsvc - ok 23:46:03.0218 4296 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll 23:46:03.0351 4296 PolicyAgent - ok 23:46:03.0470 4296 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll 23:46:03.0607 4296 Power - ok 23:46:03.0678 4296 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 23:46:03.0833 4296 PptpMiniport - ok 23:46:03.0940 4296 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 23:46:04.0033 4296 Processor - ok 23:46:04.0111 4296 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll 23:46:04.0276 4296 ProfSvc - ok 23:46:04.0349 4296 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:46:04.0422 4296 ProtectedStorage - ok 23:46:04.0514 4296 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 23:46:04.0678 4296 Psched - ok 23:46:04.0802 4296 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 23:46:04.0928 4296 ql2300 - ok 23:46:05.0073 4296 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 23:46:05.0193 4296 ql40xx - ok 23:46:05.0244 4296 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll 23:46:05.0384 4296 QWAVE - ok 23:46:05.0415 4296 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 23:46:05.0523 4296 QWAVEdrv - ok 23:46:05.0553 4296 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 23:46:05.0755 4296 RasAcd - ok 23:46:05.0865 4296 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 23:46:06.0010 4296 RasAgileVpn - ok 23:46:06.0048 4296 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll 23:46:06.0198 4296 RasAuto - ok 23:46:06.0697 4296 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 23:46:06.0876 4296 Rasl2tp - ok 23:46:06.0994 4296 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll 23:46:07.0136 4296 RasMan - ok 23:46:07.0175 4296 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 23:46:07.0303 4296 RasPppoe - ok 23:46:07.0341 4296 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 23:46:07.0487 4296 RasSstp - ok 23:46:07.0556 4296 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys 23:46:07.0680 4296 rdbss - ok 23:46:07.0696 4296 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 23:46:07.0790 4296 rdpbus - ok 23:46:07.0841 4296 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys 23:46:07.0919 4296 RDPCDD - ok 23:46:07.0965 4296 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 23:46:08.0046 4296 RDPENCDD - ok 23:46:08.0091 4296 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 23:46:08.0177 4296 RDPREFMP - ok 23:46:08.0263 4296 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys 23:46:08.0462 4296 RDPWD - ok 23:46:08.0558 4296 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys 23:46:08.0724 4296 rdyboost - ok 23:46:08.0783 4296 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll 23:46:08.0939 4296 RemoteAccess - ok 23:46:08.0985 4296 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll 23:46:09.0140 4296 RemoteRegistry - ok 23:46:09.0199 4296 Rezip (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SYSTEM32\Rezip.exe 23:46:09.0608 4296 Rezip ( UnsignedFile.Multi.Generic ) - warning 23:46:09.0608 4296 Rezip - detected UnsignedFile.Multi.Generic (1) 23:46:09.0666 4296 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 23:46:09.0745 4296 RFCOMM - ok 23:46:09.0798 4296 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll 23:46:09.0919 4296 RpcEptMapper - ok 23:46:09.0960 4296 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe 23:46:10.0040 4296 RpcLocator - ok 23:46:10.0200 4296 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 23:46:10.0356 4296 RpcSs - ok 23:46:10.0406 4296 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 23:46:10.0549 4296 rspndr - ok 23:46:10.0583 4296 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys 23:46:10.0720 4296 RTL8167 - ok 23:46:10.0767 4296 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys 23:46:10.0850 4296 SABI - ok 23:46:10.0883 4296 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:46:10.0956 4296 SamSs - ok 23:46:11.0022 4296 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys 23:46:11.0141 4296 sbp2port - ok 23:46:11.0172 4296 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll 23:46:11.0313 4296 SCardSvr - ok 23:46:11.0375 4296 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys 23:46:11.0484 4296 scfilter - ok 23:46:11.0588 4296 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll 23:46:11.0799 4296 Schedule - ok 23:46:11.0860 4296 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 23:46:11.0983 4296 SCPolicySvc - ok 23:46:12.0037 4296 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll 23:46:12.0166 4296 SDRSVC - ok 23:46:12.0269 4296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 23:46:12.0395 4296 secdrv - ok 23:46:12.0430 4296 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll 23:46:12.0554 4296 seclogon - ok 23:46:12.0601 4296 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll 23:46:12.0739 4296 SENS - ok 23:46:12.0786 4296 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 23:46:12.0867 4296 Serenum - ok 23:46:12.0903 4296 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 23:46:13.0146 4296 Serial - ok 23:46:13.0286 4296 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 23:46:13.0357 4296 sermouse - ok 23:46:13.0454 4296 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll 23:46:13.0602 4296 SessionEnv - ok 23:46:13.0647 4296 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys 23:46:13.0748 4296 sffdisk - ok 23:46:13.0775 4296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys 23:46:13.0855 4296 sffp_mmc - ok 23:46:13.0885 4296 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys 23:46:13.0967 4296 sffp_sd - ok 23:46:14.0000 4296 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 23:46:14.0078 4296 sfloppy - ok 23:46:14.0130 4296 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll 23:46:14.0407 4296 SharedAccess - ok 23:46:14.0488 4296 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll 23:46:14.0647 4296 ShellHWDetection - ok 23:46:14.0741 4296 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys 23:46:14.0850 4296 sisagp - ok 23:46:14.0897 4296 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 23:46:14.0975 4296 SiSRaid2 - ok 23:46:14.0996 4296 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 23:46:15.0090 4296 SiSRaid4 - ok 23:46:15.0119 4296 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 23:46:15.0286 4296 Smb - ok 23:46:15.0351 4296 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe 23:46:15.0447 4296 SNMPTRAP - ok 23:46:15.0476 4296 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 23:46:15.0536 4296 spldr - ok 23:46:15.0623 4296 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe 23:46:15.0776 4296 Spooler - ok 23:46:16.0000 4296 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe 23:46:16.0543 4296 sppsvc - ok 23:46:16.0696 4296 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll 23:46:16.0839 4296 sppuinotify - ok 23:46:16.0927 4296 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys 23:46:17.0035 4296 srv - ok 23:46:17.0074 4296 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys 23:46:17.0170 4296 srv2 - ok 23:46:17.0200 4296 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys 23:46:17.0278 4296 srvnet - ok 23:46:17.0336 4296 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll 23:46:17.0472 4296 SSDPSRV - ok 23:46:17.0503 4296 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll 23:46:17.0624 4296 SstpSvc - ok 23:46:17.0661 4296 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 23:46:17.0724 4296 stexstor - ok 23:46:17.0808 4296 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll 23:46:17.0922 4296 StiSvc - ok 23:46:17.0989 4296 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys 23:46:18.0048 4296 swenum - ok 23:46:18.0109 4296 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll 23:46:18.0287 4296 swprv - ok 23:46:18.0358 4296 SynTP (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys 23:46:18.0431 4296 SynTP - ok 23:46:18.0554 4296 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll 23:46:18.0741 4296 SysMain - ok 23:46:18.0802 4296 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll 23:46:18.0949 4296 TabletInputService - ok 23:46:19.0022 4296 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\windows\system32\DRIVERS\taphss.sys 23:46:19.0099 4296 taphss - ok 23:46:19.0178 4296 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll 23:46:19.0332 4296 TapiSrv - ok 23:46:19.0366 4296 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll 23:46:19.0522 4296 TBS - ok 23:46:19.0690 4296 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys 23:46:19.0828 4296 Tcpip - ok 23:46:19.0871 4296 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys 23:46:20.0004 4296 TCPIP6 - ok 23:46:20.0069 4296 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys 23:46:20.0199 4296 tcpipreg - ok 23:46:20.0265 4296 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys 23:46:20.0345 4296 TDPIPE - ok 23:46:20.0415 4296 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys 23:46:20.0492 4296 TDTCP - ok 23:46:20.0547 4296 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys 23:46:20.0702 4296 tdx - ok 23:46:20.0771 4296 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys 23:46:20.0902 4296 TermDD - ok 23:46:20.0979 4296 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll 23:46:21.0172 4296 TermService - ok 23:46:21.0243 4296 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll 23:46:21.0372 4296 Themes - ok 23:46:21.0418 4296 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 23:46:21.0531 4296 THREADORDER - ok 23:46:21.0585 4296 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll 23:46:21.0739 4296 TrkWks - ok 23:46:21.0818 4296 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys 23:46:21.0865 4296 TrueSight ( UnsignedFile.Multi.Generic ) - warning 23:46:21.0865 4296 TrueSight - detected UnsignedFile.Multi.Generic (1) 23:46:21.0969 4296 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe 23:46:22.0213 4296 TrustedInstaller - ok 23:46:22.0259 4296 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys 23:46:22.0389 4296 tssecsrv - ok 23:46:22.0474 4296 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys 23:46:22.0586 4296 TsUsbFlt - ok 23:46:22.0672 4296 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys 23:46:22.0774 4296 tunnel - ok 23:46:22.0815 4296 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 23:46:22.0904 4296 uagp35 - ok 23:46:22.0981 4296 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys 23:46:23.0098 4296 udfs - ok 23:46:23.0148 4296 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe 23:46:23.0280 4296 UI0Detect - ok 23:46:23.0343 4296 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys 23:46:23.0443 4296 uliagpkx - ok 23:46:23.0514 4296 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys 23:46:23.0614 4296 umbus - ok 23:46:23.0644 4296 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 23:46:23.0696 4296 UmPass - ok 23:46:23.0739 4296 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll 23:46:23.0896 4296 upnphost - ok 23:46:23.0974 4296 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys 23:46:24.0115 4296 usbaudio - ok 23:46:24.0175 4296 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys 23:46:24.0319 4296 usbccgp - ok 23:46:24.0391 4296 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys 23:46:24.0477 4296 usbcir - ok 23:46:24.0535 4296 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys 23:46:24.0618 4296 usbehci - ok 23:46:24.0673 4296 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys 23:46:24.0766 4296 usbhub - ok 23:46:24.0805 4296 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys 23:46:24.0888 4296 usbohci - ok 23:46:24.0941 4296 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 23:46:25.0019 4296 usbprint - ok 23:46:25.0065 4296 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys 23:46:25.0169 4296 usbscan - ok 23:46:25.0231 4296 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS 23:46:25.0390 4296 USBSTOR - ok 23:46:25.0430 4296 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys 23:46:25.0500 4296 usbuhci - ok 23:46:25.0583 4296 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys 23:46:25.0664 4296 usbvideo - ok 23:46:25.0703 4296 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll 23:46:25.0830 4296 UxSms - ok 23:46:25.0874 4296 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:46:25.0969 4296 VaultSvc - ok 23:46:26.0009 4296 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys 23:46:26.0108 4296 VClone - ok 23:46:26.0170 4296 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys 23:46:26.0246 4296 vdrvroot - ok 23:46:26.0348 4296 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe 23:46:26.0519 4296 vds - ok 23:46:26.0559 4296 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 23:46:26.0653 4296 vga - ok 23:46:26.0687 4296 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 23:46:26.0795 4296 VgaSave - ok 23:46:26.0852 4296 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys 23:46:26.0926 4296 vhdmp - ok 23:46:26.0990 4296 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys 23:46:27.0081 4296 viaagp - ok 23:46:27.0121 4296 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 23:46:27.0208 4296 ViaC7 - ok 23:46:27.0234 4296 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys 23:46:27.0287 4296 viaide - ok 23:46:27.0320 4296 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys 23:46:27.0409 4296 volmgr - ok 23:46:27.0449 4296 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 23:46:27.0534 4296 volmgrx - ok 23:46:27.0612 4296 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys 23:46:27.0687 4296 volsnap - ok 23:46:27.0830 4296 vpnagent (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 23:46:28.0021 4296 vpnagent - ok 23:46:28.0093 4296 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\windows\system32\DRIVERS\vpnva.sys 23:46:28.0156 4296 vpnva - ok 23:46:28.0212 4296 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 23:46:28.0352 4296 vsmraid - ok 23:46:28.0467 4296 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe 23:46:28.0691 4296 VSS - ok 23:46:28.0737 4296 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 23:46:28.0826 4296 vwifibus - ok 23:46:28.0866 4296 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 23:46:28.0971 4296 vwififlt - ok 23:46:29.0027 4296 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys 23:46:29.0099 4296 vwifimp - ok 23:46:29.0165 4296 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll 23:46:29.0310 4296 W32Time - ok 23:46:29.0343 4296 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 23:46:29.0426 4296 WacomPen - ok 23:46:29.0486 4296 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 23:46:29.0632 4296 WANARP - ok 23:46:29.0645 4296 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 23:46:29.0776 4296 Wanarpv6 - ok 23:46:29.0901 4296 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe 23:46:30.0194 4296 wbengine - ok 23:46:30.0255 4296 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll 23:46:30.0370 4296 WbioSrvc - ok 23:46:30.0453 4296 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll 23:46:30.0582 4296 wcncsvc - ok 23:46:30.0614 4296 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll 23:46:30.0738 4296 WcsPlugInService - ok 23:46:30.0801 4296 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 23:46:30.0864 4296 Wd - ok 23:46:30.0912 4296 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 23:46:30.0987 4296 Wdf01000 - ok 23:46:31.0018 4296 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 23:46:31.0143 4296 WdiServiceHost - ok 23:46:31.0157 4296 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 23:46:31.0248 4296 WdiSystemHost - ok 23:46:31.0316 4296 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll 23:46:31.0441 4296 WebClient - ok 23:46:31.0492 4296 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll 23:46:31.0625 4296 Wecsvc - ok 23:46:31.0654 4296 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll 23:46:31.0771 4296 wercplsupport - ok 23:46:31.0812 4296 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll 23:46:31.0934 4296 WerSvc - ok 23:46:31.0984 4296 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 23:46:32.0088 4296 WfpLwf - ok 23:46:32.0120 4296 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 23:46:32.0184 4296 WIMMount - ok 23:46:32.0290 4296 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 23:46:32.0460 4296 WinDefend - ok 23:46:32.0482 4296 WinHttpAutoProxySvc - ok 23:46:32.0560 4296 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll 23:46:32.0704 4296 Winmgmt - ok 23:46:32.0827 4296 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll 23:46:33.0058 4296 WinRM - ok 23:46:33.0205 4296 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys 23:46:33.0299 4296 WinUsb - ok 23:46:33.0397 4296 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll 23:46:33.0550 4296 Wlansvc - ok 23:46:33.0613 4296 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys 23:46:33.0693 4296 WmiAcpi - ok 23:46:33.0763 4296 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe 23:46:33.0946 4296 wmiApSrv - ok 23:46:34.0110 4296 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 23:46:34.0493 4296 WMPNetworkSvc - ok 23:46:34.0525 4296 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll 23:46:34.0626 4296 WPCSvc - ok 23:46:34.0691 4296 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll 23:46:34.0800 4296 WPDBusEnum - ok 23:46:34.0865 4296 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 23:46:34.0973 4296 ws2ifsl - ok 23:46:35.0021 4296 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll 23:46:35.0212 4296 wscsvc - ok 23:46:35.0226 4296 WSearch - ok 23:46:35.0406 4296 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll 23:46:35.0669 4296 wuauserv - ok 23:46:35.0846 4296 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys 23:46:36.0020 4296 WudfPf - ok 23:46:36.0096 4296 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys 23:46:36.0196 4296 WUDFRd - ok 23:46:36.0310 4296 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll 23:46:36.0446 4296 wudfsvc - ok 23:46:36.0533 4296 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll 23:46:36.0634 4296 WwanSvc - ok 23:46:36.0726 4296 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys 23:46:36.0857 4296 yukonw7 - ok 23:46:36.0975 4296 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0 23:46:37.0473 4296 \Device\Harddisk0\DR0 - ok 23:46:37.0482 4296 Boot (0x1200) (95099517972e5513e32c2d8ee0fc9e54) \Device\Harddisk0\DR0\Partition0 23:46:37.0485 4296 \Device\Harddisk0\DR0\Partition0 - ok 23:46:37.0511 4296 Boot (0x1200) (fae2ec81b7c69eb5164fce781bf3e03e) \Device\Harddisk0\DR0\Partition1 23:46:37.0514 4296 \Device\Harddisk0\DR0\Partition1 - ok 23:46:37.0546 4296 Boot (0x1200) (4385b450a436503a66ab30dec1a7a5b8) \Device\Harddisk0\DR0\Partition2 23:46:37.0549 4296 \Device\Harddisk0\DR0\Partition2 - ok 23:46:37.0550 4296 ============================================================ 23:46:37.0550 4296 Scan finished 23:46:37.0550 4296 ============================================================ 23:46:37.0580 5556 Detected object count: 2 23:46:37.0580 5556 Actual detected object count: 2 23:46:54.0426 5556 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user 23:46:54.0426 5556 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:46:54.0429 5556 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user 23:46:54.0429 5556 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
  12. Thanks MrCharlie RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Arne [Admin rights] Mode: Scan -- Date: 04/25/2012 23:04:35 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++ --- User --- [MBR] 2309d53b5e50f1481e33ea97262948e9 [bSP] 42cd176af1e1fa736744448df7d3160e : KIWI Image system MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 153877 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 346804224 | Size: 69136 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  13. First off, I really appreciate the help, don't think (know) this would be a big problem but I don't feel confident with this malware on my PC. I started getting these annoying pop up ads for some Chinese role-playing game at the lower bottom right corner of my screen when i try to connect to websites (not just Chinese ones, so I realized that there was something on my PC). The pop ups come with sound (how nice). I installed Malwarebytes Anti Malware and activated the full version trial then ran a scan. Found and quarantined "PUP.TollbarDownloader" in an exe file I had downloaded (and I guess executed) at some point. But I still get these messages that it blocked outgoing traffic every so often: 2012/04/24 10:55:06 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57038, Process: firefox.exe) 2012/04/24 10:58:20 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57187, Process: firefox.exe) 2012/04/24 10:58:53 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57212, Process: firefox.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52592, Process: chrome.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52593, Process: chrome.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52594, Process: chrome.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52595, Process: chrome.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52596, Process: chrome.exe) I ran a scan according to the forum guidelines and get these logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by Arne at 11:08:28 on 2012-04-24 Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.220 [GMT 8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\windows\SYSTEM32\Rezip.exe C:\windows\system32\svchost.exe -k imgsvc c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Sticky Notes\StickyNotes.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\OpenOffice.org 3\program\scalc.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\igowin\igowin.exe C:\windows\system32\taskhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Google Update] "c:\users\arne\appdata\local\google\update\GoogleUpdate.exe" /c uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_Plugin.exe -update plugin mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [Google Pinyin 3 Autoupdater] "c:\program files\google\google pinyin 3\GooglePinyinDaemon.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\arne\appdata\roaming\micros~1\windows\startm~1\programs\startup\sticky~1.lnk - c:\program files\sticky notes\StickyNotes.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\arne\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\0516E696E6F60245563616 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\24F6F6B677F627D6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D235471627265736B637 : DhcpNameServer = 172.13.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D244B65557 : DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\7756E67756E6132333 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\D43644F6E616C6467237 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\arne\appdata\roaming\mozilla\firefox\profiles\6pojc2zr.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q= FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\users\arne\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 165648] R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-10 10752] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-18 654408] R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-12-10 311296] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-8-4 645048] R3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [2009-5-1 384896] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-18 22344] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-26 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-11 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-29 29472] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224] . =============== Created Last 30 ================ . 2012-04-24 02:34:06 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9984dc56-d0f1-4566-8554-6b0a4947e2e8}\mpengine.dll 2012-04-23 07:43:51 -------- d-----w- c:\program files\igowin 2012-04-18 15:22:55 -------- d-----w- c:\program files\Anvisoft 2012-04-18 11:43:48 -------- d-----w- c:\users\arne\appdata\roaming\Malwarebytes 2012-04-18 11:42:55 -------- d-----w- c:\programdata\Malwarebytes 2012-04-18 11:42:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-18 11:42:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-18 07:14:04 -------- d-----w- c:\users\arne\.FBReader 2012-04-18 07:09:34 -------- d-----w- c:\program files\FBReader 2012-04-18 06:52:12 -------- d-----w- c:\users\arne\appdata\roaming\calibre 2012-04-17 16:22:04 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-17 16:22:04 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-17 16:22:04 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-17 16:22:03 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-17 16:21:15 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-17 16:21:14 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-17 16:18:00 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-04-09 16:20:44 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-04-09 16:20:44 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll 2012-03-26 15:41:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-25 08:00:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . ============= FINISH: 11:16:18,57 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume2 Install Date: 29.06.2010 21:58:46 System Uptime: 24.04.2012 01:25:06 (10 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N150/N210/N220 Processor: Intel® Atom CPU N450 @ 1.66GHz | CPU 1 | 1667/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 150 GiB total, 87,251 GiB free. D: is FIXED (NTFS) - 68 GiB total, 66,425 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device Device ID: USB\VID_0A5C&PID_219B\506313BBB795 Manufacturer: Broadcom Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device PNP Device ID: USB\VID_0A5C&PID_219B\506313BBB795 Service: BTHUSB . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP369: 25.03.2012 18:03:15 - Windows Update RP370: 28.03.2012 20:49:26 - Windows Update RP371: 01.04.2012 22:45:16 - Windows Update RP372: 05.04.2012 12:38:43 - Windows Update RP373: 09.04.2012 12:25:04 - Windows Update RP374: 12.04.2012 23:51:23 - Windows Update RP375: 16.04.2012 12:32:00 - Windows Update RP376: 18.04.2012 00:19:23 - Windows Update RP378: 18.04.2012 14:49:07 - Installed calibre RP380: 18.04.2012 15:30:49 - Removed calibre RP381: 21.04.2012 12:56:53 - Windows Update . ==== Installed Programs ====================== . ??????? 3.0 7-Zip 4.65 Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Reader 9.5.1 Adobe Shockwave Player 11.6 Anki Apple Application Support Apple Software Update Atheros Client Installation Program BatteryLifeExtender ChargeableUSB Cisco AnyConnect VPN Client Compatibility Pack for the 2007 Office system ContentSAFER for Wizmax CyberLink YouCam Easy Display Manager Easy Network Manager Easy Resolution Manager Easy SpeedUp Manager EasyBatteryManager FBReader for Windows Free Audio CD Burner version 1.4 Free YouTube to MP3 Converter version 3.8 Full Tilt Poker Google Chrome Google Earth Plug-in Google Update Helper Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Java Auto Updater Java 6 Update 22 Java 6 Update 29 Malwarebytes Anti-Malware version 1.61.0.1400 Marvell Miniport Driver Microsoft .NET Framework 4 Client Profile Microsoft Antimalware Microsoft Office Word Viewer 2003 Microsoft PowerPoint Viewer Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 11.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OpenOffice.org 3.3 Paint.NET v3.5.8 PokerStars PokerStove version 1.23 PreSetup HyperSpace QuickTime Realtek High Definition Audio Driver REALTEK Wireless LAN Software Samsung Recovery Solution 4 Samsung Support Center Samsung Update Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Skype™ 4.2 swMSM Synaptics Pointing Device Driver TIPP10 Version 2.0.3 Uninstall 1.0.0.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) User Guide VirtualCloneDrive VLC media player 1.1.5 Vuze WIDCOMM Bluetooth Software Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Xtra Controller Pro YouTube Downloader 2.6.2 . ==== Event Viewer Messages From Past Week ======== . 22.04.2012 23:44:32, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 22.04.2012 22:55:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 22.04.2012 13:24:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 20.04.2012 18:38:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 7 time(s). 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 7 time(s). 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s). 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 7 time(s). 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 5 time(s). 18.04.2012 17:40:04, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 6 time(s). 18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 6 time(s). 18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 6 time(s). 18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 5 time(s). 18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 5 time(s). 18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 5 time(s). 18.04.2012 17:39:59, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s). 18.04.2012 17:39:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. 18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 4 time(s). 18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 4 time(s). 18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 4 time(s). 18.04.2012 15:43:45, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 14:53:56, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running. 18.04.2012 14:48:59, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 2 time(s). 18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 14:48:56, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 2 time(s). 18.04.2012 14:48:56, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 18.04.2012 14:48:56, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 18.04.2012 14:48:52, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s). 18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 18.04.2012 14:48:52, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 18.04.2012 00:07:20, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. . ==== End Of File ===========================