comp acting odd

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
comp keeps freezing
firefox not responding
bitdefender not responding
typing really slow, mouse moving on its own
also when it freezes i press button and get a loud beeping noise

askmbr gave something about bitdefender in bright yellow?
 

Attachments

  • Extras.Txt
    33.2 KB · Views: 123
  • OTL.Txt
    75.3 KB · Views: 133
  • aswMBR.txt
    2.2 KB · Views: 102

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code:
:OTL
[2013/04/17 17:27:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\zk7l92vm.default-1365749469265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/06/03 09:55:32 | 000,033,792 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 11:10:35 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/02/04 13:24:09 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat


:commands
[emptytemp]
[reboot]
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />

STEP 2: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 3: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here
  • Turn off your antivirus software now to avoid potential conflicts
  • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
  • The tool will open and start scanning your system
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
  • Post the contents of JRT.txt into your next reply


 
Last edited by a moderator:

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
ok firefox still keeps not responding

what about bitdefender being locked when aswmbr tried to scan it? why is that


logs enclosed
 

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
ok firefox still keeps not responding and still slow comp

what about bitdefender being locked when aswmbr tried to scan it? why is that


logs enclosed
 

Attachments

  • JRT.txt
    780 bytes · Views: 96
  • otlfile.txt
    1.2 KB · Views: 97
  • AdwCleaner[S11].txt
    2.3 KB · Views: 108

kuttus

Level 2
Verified
Oct 5, 2012
2,697
jc3777 said:
my post keeps disappearing with the logs on

Your post is not disappearing. I am getting all those.....


All log file seems to be fine only. Lets c what exactly happening.

STEP 1: Download and Run Windows Repair (all in one)

Download Windows Repair (all in one)

  • Install the program then run it.
  • Go to step 2 and allow it to run Disc check by clicking Do It
  • Go to step 3 and allow it to run SFC
  • Go to start repairs tab select advanced mode and click start.
  •  Check the box next to "Restart/Shutdown system when finished" and ensure the following is checked along with the default checks
    1. Reset File Permissions
    2. Register System Files
    3. Repair WMI
    4. Remove Policies Set By Infections
    5. Remove Temp Files
  •   Then click Start.
 

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
done - got a lot of access denied messages when it was running

did you find any malware

what do I do about my firewall being locked when I scanned it with mbr?
 

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
got viruses and rootkits

trend micro took 2 hours to scan and then bitdefender cant remove the rootkits and viruses
 

Attachments

  • Untitled.jpg
    Untitled.jpg
    101.7 KB · Views: 236
  • Untitled1.jpg
    Untitled1.jpg
    60.9 KB · Views: 140
  • Untitled2.jpg
    Untitled2.jpg
    61.6 KB · Views: 219
  • Untitled4.jpg
    Untitled4.jpg
    61.9 KB · Views: 135
  • Untitled5.jpg
    Untitled5.jpg
    61.6 KB · Views: 143
  • Untitled6.jpg
    Untitled6.jpg
    61.2 KB · Views: 139
  • Untitled7.jpg
    Untitled7.jpg
    59.4 KB · Views: 148

kuttus

Level 2
Verified
Oct 5, 2012
2,697
All the above logs seems good. Is bitdefender still detecting this infections? If Yes Click on Delete All in the Scan History.



Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)



Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




STEP 2: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />

STEP 3: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
 
Last edited by a moderator:

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
it couldnt delete them, but not detecting them
will do the logs when back from work later

thanks
 

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
everything is okay till I run trendmicro then my a/v finds that trend micro has rootkits and viruses so dont know who is to blame. logs to follow
 

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.29.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: DELL-530 [administrator]

29/04/2013 23:16:31
mbar-log-2013-04-29 (23-16-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27702
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3209117696, free: 1004548096

------------ Kernel report ------------
04/29/2013 23:07:54
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\bdvedisk.sys
\??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\psi_mf_x86.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86763ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-1\
Lower Device Object: 0xffffffff85d24b98
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffffd6dbc618
Downloaded database version: v2013.04.29.09
Downloaded database version: v2013.04.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86763ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86660118, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86763ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85d25b48, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85d24b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffc2bb88f0, 0xffffffff86763ac8, 0xffffffffc22d83a8
Lower DeviceData: 0xffffffffadf64518, 0xffffffff85d24b98, 0xffffffffd6dbc618
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5ED7C68A

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 604657664
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 604659712 Numsec = 20480000

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
 

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.29.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: DELL-530 [administrator]

Protection: Enabled

29/04/2013 23:23:46
mbam-log-2013-04-29 (23-23-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202576
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
Code:
HitmanPro 3.7.3.194
www.hitmanpro.com

   Computer name . . . . : DELL-530
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : DELL-530\Chris
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (Expired)

   Scan date . . . . . . : 2013-04-29 23:32:51
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 13m 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 1,337,822
   Files scanned . . . . : 15,158
   Remnants scanned  . . : 372,132 files / 950,532 keys
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />
 
Last edited by a moderator:

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
12:22:17.0864 4856 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:22:19.0868 4856 ============================================================
12:22:19.0868 4856 Current date / time: 2013/04/30 12:22:19.0868
12:22:19.0868 4856 SystemInfo:
12:22:19.0868 4856
12:22:19.0868 4856 OS Version: 6.0.6002 ServicePack: 2.0
12:22:19.0868 4856 Product type: Workstation
12:22:19.0868 4856 ComputerName: DELL-530
12:22:19.0869 4856 UserName: Chris
12:22:19.0869 4856 Windows directory: C:\Windows
12:22:19.0869 4856 System windows directory: C:\Windows
12:22:19.0869 4856 Processor architecture: Intel x86
12:22:19.0869 4856 Number of processors: 2
12:22:19.0869 4856 Page size: 0x1000
12:22:19.0869 4856 Boot type: Normal boot
12:22:19.0869 4856 ============================================================
12:22:22.0893 4856 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:22:22.0896 4856 ============================================================
12:22:22.0896 4856 \Device\Harddisk0\DR0:
12:22:22.0896 4856 MBR partitions:
12:22:22.0896 4856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x240A5800
12:22:22.0896 4856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
12:22:22.0896 4856 ============================================================
12:22:22.0924 4856 C: <-> \Device\Harddisk0\DR0\Partition1
12:22:22.0974 4856 D: <-> \Device\Harddisk0\DR0\Partition2
12:22:22.0975 4856 ============================================================
12:22:22.0975 4856 Initialize success
12:22:22.0975 4856 ============================================================
12:22:54.0125 5184 ============================================================
12:22:54.0126 5184 Scan started
12:22:54.0126 5184 Mode: Manual; SigCheck; TDLFS;
12:22:54.0126 5184 ============================================================
12:22:54.0832 5184 ================ Scan system memory ========================
12:22:54.0832 5184 System memory - ok
12:22:54.0833 5184 ================ Scan services =============================
12:22:54.0981 5184 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:22:55.0110 5184 ACPI - ok
12:22:55.0228 5184 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:22:55.0257 5184 AdobeARMservice - ok
12:22:55.0367 5184 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:22:55.0383 5184 AdobeFlashPlayerUpdateSvc - ok
12:22:55.0402 5184 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:22:55.0426 5184 adp94xx - ok
12:22:55.0462 5184 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:22:55.0481 5184 adpahci - ok
12:22:55.0494 5184 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:22:55.0509 5184 adpu160m - ok
12:22:55.0519 5184 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:22:55.0534 5184 adpu320 - ok
12:22:55.0600 5184 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:22:55.0890 5184 AeLookupSvc - ok
12:22:55.0966 5184 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
12:22:56.0039 5184 AERTFilters - ok
12:22:56.0111 5184 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:22:56.0187 5184 AFD - ok
12:22:56.0262 5184 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:22:56.0283 5184 agp440 - ok
12:22:56.0299 5184 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:22:56.0315 5184 aic78xx - ok
12:22:56.0334 5184 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:22:56.0497 5184 ALG - ok
12:22:56.0508 5184 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
12:22:56.0547 5184 aliide - ok
12:22:56.0562 5184 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:22:56.0580 5184 amdagp - ok
12:22:56.0588 5184 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
12:22:56.0603 5184 amdide - ok
12:22:56.0620 5184 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:22:56.0660 5184 AmdK7 - ok
12:22:56.0682 5184 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:22:56.0785 5184 AmdK8 - ok
12:22:56.0827 5184 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:22:56.0882 5184 Appinfo - ok
12:22:56.0983 5184 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:22:57.0036 5184 Apple Mobile Device - ok
12:22:57.0104 5184 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
12:22:57.0122 5184 arc - ok
12:22:57.0188 5184 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:22:57.0206 5184 arcsas - ok
12:22:57.0215 5184 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:22:57.0292 5184 AsyncMac - ok
12:22:57.0327 5184 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
12:22:57.0342 5184 atapi - ok
12:22:57.0414 5184 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:22:57.0468 5184 AudioEndpointBuilder - ok
12:22:57.0505 5184 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:22:57.0532 5184 Audiosrv - ok
12:22:57.0682 5184 [ B5B8FC2C4D520F1F1EED52A980ED5091 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
12:22:57.0751 5184 avc3 - ok
12:22:57.0817 5184 [ 7F9B99B564E7C9FBB6729ED95B5BBB24 ] avchv C:\Windows\system32\DRIVERS\avchv.sys
12:22:57.0879 5184 avchv - ok
12:22:57.0989 5184 [ 818E7E029DB594DCB8D6218A7D6FA575 ] avckf C:\Windows\system32\DRIVERS\avckf.sys
12:22:58.0045 5184 avckf - ok
12:22:58.0257 5184 [ A624841BECEE1B0FCAB28BF2E4CB317A ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
12:22:58.0276 5184 BdDesktopParental - ok
12:22:58.0433 5184 [ 6743A3C33E8B3BFC2D9B55E15500BB13 ] BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
12:22:58.0518 5184 BdfNdisf - ok
12:22:58.0599 5184 [ F7D825F7E47D8A7865F5D2156B1B7A24 ] bdftdif C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
12:22:58.0635 5184 bdftdif - ok
12:22:58.0693 5184 [ B6CBFC9D825BB2D955620CD4D8EF07F9 ] BDSandBox C:\Windows\system32\drivers\bdsandbox.sys
12:22:58.0716 5184 BDSandBox - ok
12:22:58.0765 5184 [ A7478F77584F8DB6AD74B2BBE1144886 ] bdselfpr C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
12:22:58.0872 5184 bdselfpr - ok
12:22:58.0914 5184 [ B82A4AE7C1259411421D2389BD1AB058 ] BDVEDISK C:\Windows\system32\DRIVERS\bdvedisk.sys
12:22:58.0945 5184 BDVEDISK - ok
12:22:59.0010 5184 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:22:59.0075 5184 Beep - ok
12:22:59.0158 5184 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:22:59.0223 5184 BFE - ok
12:22:59.0272 5184 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
12:22:59.0323 5184 BITS - ok
12:22:59.0369 5184 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:22:59.0421 5184 blbdrive - ok
12:22:59.0464 5184 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:22:59.0490 5184 bowser - ok
12:22:59.0505 5184 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:22:59.0544 5184 BrFiltLo - ok
12:22:59.0571 5184 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:22:59.0614 5184 BrFiltUp - ok
12:22:59.0620 5184 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:22:59.0674 5184 Browser - ok
12:22:59.0723 5184 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:22:59.0883 5184 Brserid - ok
12:22:59.0900 5184 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:22:59.0940 5184 BrSerWdm - ok
12:22:59.0948 5184 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:23:00.0015 5184 BrUsbMdm - ok
12:23:00.0049 5184 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:23:00.0101 5184 BrUsbSer - ok
12:23:00.0123 5184 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:23:00.0161 5184 BTHMODEM - ok
12:23:00.0214 5184 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:23:00.0277 5184 cdfs - ok
12:23:00.0306 5184 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:23:00.0375 5184 cdrom - ok
12:23:00.0430 5184 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:23:00.0513 5184 CertPropSvc - ok
12:23:00.0528 5184 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
12:23:00.0559 5184 circlass - ok
12:23:00.0572 5184 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:23:00.0594 5184 CLFS - ok
12:23:00.0648 5184 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:23:00.0666 5184 clr_optimization_v2.0.50727_32 - ok
12:23:00.0744 5184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:23:00.0759 5184 clr_optimization_v4.0.30319_32 - ok
12:23:00.0775 5184 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:23:00.0791 5184 cmdide - ok
12:23:00.0805 5184 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:23:00.0822 5184 Compbatt - ok
12:23:00.0827 5184 COMSysApp - ok
12:23:00.0839 5184 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:23:00.0855 5184 crcdisk - ok
12:23:00.0867 5184 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:23:00.0915 5184 Crusoe - ok
12:23:00.0984 5184 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:23:01.0050 5184 CryptSvc - ok
12:23:01.0082 5184 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:23:01.0128 5184 DcomLaunch - ok
12:23:01.0171 5184 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:23:01.0239 5184 DfsC - ok
12:23:01.0419 5184 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:23:01.0661 5184 DFSR - ok
12:23:01.0741 5184 [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
12:23:01.0765 5184 dg_ssudbus - ok
12:23:01.0834 5184 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:23:01.0859 5184 Dhcp - ok
12:23:01.0882 5184 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:23:01.0900 5184 disk - ok
12:23:01.0965 5184 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:23:02.0057 5184 Dnscache - ok
12:23:02.0074 5184 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:23:02.0138 5184 dot3svc - ok
12:23:02.0168 5184 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:23:02.0238 5184 DPS - ok
12:23:02.0306 5184 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:23:02.0345 5184 drmkaud - ok
12:23:02.0398 5184 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:23:02.0448 5184 DXGKrnl - ok
12:23:02.0523 5184 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
12:23:02.0557 5184 e1express - ok
12:23:02.0617 5184 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:23:02.0673 5184 E1G60 - ok
12:23:02.0679 5184 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:23:02.0741 5184 EapHost - ok
12:23:02.0809 5184 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:23:02.0830 5184 Ecache - ok
12:23:02.0877 5184 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:23:02.0921 5184 ehRecvr - ok
12:23:02.0932 5184 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
12:23:03.0005 5184 ehSched - ok
12:23:03.0017 5184 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
12:23:03.0043 5184 ehstart - ok
12:23:03.0073 5184 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:23:03.0095 5184 elxstor - ok
12:23:03.0108 5184 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:23:03.0160 5184 EMDMgmt - ok
12:23:03.0198 5184 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:23:03.0251 5184 ErrDev - ok
12:23:03.0266 5184 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:23:03.0347 5184 EventSystem - ok
12:23:03.0402 5184 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:23:03.0477 5184 exfat - ok
12:23:03.0490 5184 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:23:03.0526 5184 fastfat - ok
12:23:03.0545 5184 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:23:03.0602 5184 fdc - ok
12:23:03.0633 5184 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:23:03.0663 5184 fdPHost - ok
12:23:03.0679 5184 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:23:03.0742 5184 FDResPub - ok
12:23:03.0763 5184 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:23:03.0778 5184 FileInfo - ok
12:23:03.0789 5184 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:23:03.0820 5184 Filetrace - ok
12:23:03.0831 5184 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:23:03.0886 5184 flpydisk - ok
12:23:03.0893 5184 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:23:03.0915 5184 FltMgr - ok
12:23:03.0994 5184 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:23:04.0108 5184 FontCache - ok
12:23:04.0170 5184 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:23:04.0186 5184 FontCache3.0.0.0 - ok
12:23:04.0206 5184 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:23:04.0291 5184 Fs_Rec - ok
12:23:04.0300 5184 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:23:04.0320 5184 gagp30kx - ok
12:23:04.0368 5184 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:23:04.0402 5184 gpsvc - ok
12:23:04.0434 5184 gttap1 - ok
12:23:04.0506 5184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:23:04.0571 5184 gupdate - ok
12:23:04.0606 5184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:23:04.0635 5184 gupdatem - ok
12:23:04.0688 5184 [ 9C1E3F5A672EDB0831AAF3E36B6876A6 ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
12:23:04.0714 5184 gzflt - ok
12:23:04.0762 5184 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:23:04.0855 5184 HdAudAddService - ok
12:23:04.0872 5184 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:23:04.0924 5184 HDAudBus - ok
12:23:04.0964 5184 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:23:05.0021 5184 HidBth - ok
12:23:05.0034 5184 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:23:05.0091 5184 HidIr - ok
12:23:05.0115 5184 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
12:23:05.0160 5184 hidserv - ok
12:23:05.0188 5184 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:23:05.0240 5184 HidUsb - ok
12:23:05.0269 5184 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:23:05.0299 5184 hkmsvc - ok
12:23:05.0342 5184 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:23:05.0384 5184 HpCISSs - ok
12:23:05.0402 5184 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:23:05.0435 5184 HTTP - ok
12:23:05.0479 5184 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:23:05.0496 5184 i2omp - ok
12:23:05.0556 5184 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:23:05.0593 5184 i8042prt - ok
12:23:05.0623 5184 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:23:05.0644 5184 iaStorV - ok
12:23:05.0695 5184 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:23:05.0746 5184 idsvc - ok
12:23:05.0917 5184 [ 63C56DAC467EF814B60FF2AA2286C917 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:23:06.0102 5184 igfx - ok
12:23:06.0139 5184 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:23:06.0155 5184 iirsp - ok
12:23:06.0191 5184 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:23:06.0241 5184 IKEEXT - ok
12:23:06.0360 5184 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:23:06.0576 5184 IntcAzAudAddService - ok
12:23:06.0672 5184 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
12:23:06.0688 5184 intelide - ok
12:23:06.0701 5184 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:23:06.0761 5184 intelppm - ok
12:23:06.0769 5184 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:23:06.0822 5184 IPBusEnum - ok
12:23:06.0839 5184 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:23:06.0900 5184 IpFilterDriver - ok
12:23:06.0946 5184 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:23:06.0988 5184 iphlpsvc - ok
12:23:06.0992 5184 IpInIp - ok
12:23:07.0004 5184 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:23:07.0062 5184 IPMIDRV - ok
12:23:07.0098 5184 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:23:07.0130 5184 IPNAT - ok
12:23:07.0139 5184 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:23:07.0180 5184 IRENUM - ok
12:23:07.0200 5184 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:23:07.0218 5184 isapnp - ok
12:23:07.0271 5184 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:23:07.0347 5184 iScsiPrt - ok
12:23:07.0373 5184 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:23:07.0388 5184 iteatapi - ok
12:23:07.0418 5184 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:23:07.0432 5184 iteraid - ok
12:23:07.0438 5184 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:23:07.0457 5184 kbdclass - ok
12:23:07.0462 5184 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:23:07.0510 5184 kbdhid - ok
12:23:07.0553 5184 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:23:07.0598 5184 KeyIso - ok
12:23:07.0635 5184 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:23:07.0661 5184 KSecDD - ok
12:23:07.0745 5184 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:23:07.0805 5184 KtmRm - ok
12:23:07.0835 5184 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
12:23:07.0866 5184 LanmanServer - ok
12:23:07.0873 5184 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:23:07.0927 5184 LanmanWorkstation - ok
12:23:07.0949 5184 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:23:07.0979 5184 lltdio - ok
12:23:07.0992 5184 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:23:08.0039 5184 lltdsvc - ok
12:23:08.0051 5184 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:23:08.0100 5184 lmhosts - ok
12:23:08.0116 5184 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:23:08.0131 5184 LSI_FC - ok
12:23:08.0143 5184 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:23:08.0158 5184 LSI_SAS - ok
12:23:08.0167 5184 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:23:08.0180 5184 LSI_SCSI - ok
12:23:08.0196 5184 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:23:08.0251 5184 luafv - ok
12:23:08.0395 5184 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:23:08.0480 5184 MBAMProtector - ok
12:23:08.0531 5184 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:23:08.0585 5184 MBAMScheduler - ok
12:23:08.0618 5184 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:23:08.0715 5184 MBAMService - ok
12:23:08.0764 5184 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:23:08.0789 5184 Mcx2Svc - ok
12:23:08.0804 5184 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
12:23:08.0821 5184 megasas - ok
12:23:08.0841 5184 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:23:08.0869 5184 MegaSR - ok
12:23:08.0890 5184 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:23:08.0938 5184 MMCSS - ok
12:23:08.0960 5184 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:23:09.0001 5184 Modem - ok
12:23:09.0028 5184 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:23:09.0065 5184 monitor - ok
12:23:09.0074 5184 [ E07AFAF733D3004F5DC64AA3A47700B1 ] MOSUMAC C:\Windows\system32\DRIVERS\MOSUMAC.SYS
12:23:09.0193 5184 MOSUMAC - ok
12:23:09.0226 5184 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:23:09.0243 5184 mouclass - ok
12:23:09.0253 5184 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:23:09.0296 5184 mouhid - ok
12:23:09.0312 5184 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:23:09.0328 5184 MountMgr - ok
12:23:09.0410 5184 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:23:09.0468 5184 MozillaMaintenance - ok
12:23:09.0518 5184 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
12:23:09.0536 5184 mpio - ok
12:23:09.0548 5184 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:23:09.0573 5184 mpsdrv - ok
12:23:09.0603 5184 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:23:09.0670 5184 MpsSvc - ok
12:23:09.0689 5184 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:23:09.0706 5184 Mraid35x - ok
12:23:09.0712 5184 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:23:09.0761 5184 MRxDAV - ok
12:23:09.0796 5184 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:23:09.0833 5184 mrxsmb - ok
12:23:09.0853 5184 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:23:09.0882 5184 mrxsmb10 - ok
12:23:09.0889 5184 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:23:09.0912 5184 mrxsmb20 - ok
12:23:09.0936 5184 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
12:23:09.0955 5184 msahci - ok
12:23:09.0963 5184 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:23:09.0980 5184 msdsm - ok
12:23:09.0995 5184 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:23:10.0036 5184 MSDTC - ok
12:23:10.0061 5184 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:23:10.0085 5184 Msfs - ok
12:23:10.0141 5184 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:23:10.0153 5184 msisadrv - ok
12:23:10.0176 5184 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:23:10.0216 5184 MSiSCSI - ok
12:23:10.0248 5184 msiserver - ok
12:23:10.0355 5184 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:23:10.0446 5184 MSKSSRV - ok
12:23:10.0530 5184 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:23:10.0594 5184 MSPCLOCK - ok
12:23:10.0600 5184 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:23:10.0629 5184 MSPQM - ok
12:23:10.0664 5184 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:23:10.0684 5184 MsRPC - ok
12:23:10.0701 5184 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:23:10.0716 5184 mssmbios - ok
12:23:10.0731 5184 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:23:10.0786 5184 MSTEE - ok
12:23:10.0817 5184 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:23:10.0830 5184 Mup - ok
12:23:10.0860 5184 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:23:10.0891 5184 napagent - ok
12:23:10.0955 5184 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:23:10.0992 5184 NativeWifiP - ok
12:23:11.0038 5184 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:23:11.0060 5184 NDIS - ok
12:23:11.0083 5184 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:23:11.0121 5184 NdisTapi - ok
12:23:11.0138 5184 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:23:11.0192 5184 Ndisuio - ok
12:23:11.0256 5184 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:23:11.0361 5184 NdisWan - ok
12:23:11.0398 5184 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:23:11.0450 5184 NDProxy - ok
12:23:11.0458 5184 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:23:11.0493 5184 NetBIOS - ok
12:23:11.0515 5184 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:23:11.0544 5184 netbt - ok
12:23:11.0559 5184 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:23:11.0587 5184 Netlogon - ok
12:23:11.0612 5184 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:23:11.0665 5184 Netman - ok
12:23:11.0693 5184 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:23:11.0728 5184 netprofm - ok
12:23:11.0752 5184 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:23:11.0770 5184 NetTcpPortSharing - ok
12:23:11.0782 5184 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:23:11.0803 5184 nfrd960 - ok
12:23:11.0829 5184 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:23:11.0862 5184 NlaSvc - ok
12:23:11.0873 5184 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:23:11.0928 5184 Npfs - ok
12:23:11.0960 5184 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:23:11.0992 5184 nsi - ok
12:23:12.0007 5184 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:23:12.0052 5184 nsiproxy - ok
12:23:12.0120 5184 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:23:12.0234 5184 Ntfs - ok
12:23:12.0266 5184 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:23:12.0387 5184 ntrigdigi - ok
12:23:12.0415 5184 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:23:12.0450 5184 Null - ok
12:23:12.0472 5184 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:23:12.0488 5184 nvraid - ok
12:23:12.0501 5184 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:23:12.0518 5184 nvstor - ok
12:23:12.0534 5184 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:23:12.0547 5184 nv_agp - ok
12:23:12.0551 5184 NwlnkFlt - ok
12:23:12.0556 5184 NwlnkFwd - ok
12:23:12.0614 5184 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:23:12.0654 5184 ohci1394 - ok
12:23:12.0735 5184 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:23:12.0748 5184 ose - ok
12:23:12.0841 5184 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:23:12.0973 5184 p2pimsvc - ok
12:23:13.0042 5184 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:23:13.0071 5184 p2psvc - ok
12:23:13.0125 5184 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:23:13.0186 5184 Parport - ok
12:23:13.0236 5184 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:23:13.0253 5184 partmgr - ok
12:23:13.0323 5184 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:23:13.0389 5184 Parvdm - ok
12:23:13.0399 5184 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:23:13.0434 5184 PcaSvc - ok
12:23:13.0449 5184 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:23:13.0468 5184 pci - ok
12:23:13.0476 5184 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
12:23:13.0492 5184 pciide - ok
12:23:13.0509 5184 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:23:13.0522 5184 pcmcia - ok
12:23:13.0592 5184 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
12:23:13.0677 5184 pcouffin - ok
12:23:13.0759 5184 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:23:13.0833 5184 PEAUTH - ok
12:23:13.0907 5184 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:23:13.0993 5184 pla - ok
12:23:14.0000 5184 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:23:14.0052 5184 PlugPlay - ok
12:23:14.0074 5184 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:23:14.0099 5184 PNRPAutoReg - ok
12:23:14.0174 5184 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:23:14.0199 5184 PNRPsvc - ok
12:23:14.0230 5184 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:23:14.0291 5184 PolicyAgent - ok
12:23:14.0362 5184 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:23:14.0414 5184 PptpMiniport - ok
12:23:14.0449 5184 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
12:23:14.0491 5184 Processor - ok
12:23:14.0499 5184 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:23:14.0525 5184 ProfSvc - ok
12:23:14.0549 5184 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:23:14.0568 5184 ProtectedStorage - ok
12:23:14.0582 5184 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:23:14.0612 5184 PSched - ok
12:23:14.0639 5184 [ 68B57D7C11277EA89F78255480376B4D ] PSI C:\Windows\system32\DRIVERS\psi_mf_x86.sys
12:23:14.0661 5184 PSI - ok
12:23:14.0693 5184 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:23:14.0736 5184 ql2300 - ok
12:23:14.0788 5184 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:23:14.0804 5184 ql40xx - ok
12:23:14.0827 5184 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:23:14.0862 5184 QWAVE - ok
12:23:14.0881 5184 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:23:14.0910 5184 QWAVEdrv - ok
12:23:14.0926 5184 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:23:14.0957 5184 RasAcd - ok
12:23:14.0963 5184 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:23:15.0008 5184 RasAuto - ok
12:23:15.0068 5184 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:23:15.0116 5184 Rasl2tp - ok
12:23:15.0150 5184 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:23:15.0205 5184 RasMan - ok
12:23:15.0244 5184 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:23:15.0272 5184 RasPppoe - ok
12:23:15.0354 5184 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:23:15.0412 5184 RasSstp - ok
12:23:15.0446 5184 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:23:15.0485 5184 rdbss - ok
12:23:15.0501 5184 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:23:15.0531 5184 RDPCDD - ok
12:23:15.0552 5184 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:23:15.0580 5184 rdpdr - ok
12:23:15.0593 5184 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:23:15.0639 5184 RDPENCDD - ok
12:23:15.0680 5184 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:23:15.0759 5184 RDPWD - ok
12:23:15.0850 5184 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
12:23:15.0875 5184 RealNetworks Downloader Resolver Service - ok
12:23:15.0947 5184 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:23:15.0976 5184 RemoteAccess - ok
12:23:15.0992 5184 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:23:16.0047 5184 RemoteRegistry - ok
12:23:16.0078 5184 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:23:16.0127 5184 RpcLocator - ok
12:23:16.0148 5184 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
12:23:16.0182 5184 RpcSs - ok
12:23:16.0239 5184 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:23:16.0278 5184 rspndr - ok
12:23:16.0379 5184 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
12:23:16.0432 5184 RTL8169 - ok
12:23:16.0525 5184 [ 1E94612C7364C9D17A3B0A989957A603 ] SafeBox C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
12:23:16.0553 5184 SafeBox - ok
12:23:16.0572 5184 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:23:16.0589 5184 SamSs - ok
12:23:16.0603 5184 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:23:16.0621 5184 sbp2port - ok
12:23:16.0642 5184 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:23:16.0684 5184 SCardSvr - ok
12:23:16.0696 5184 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:23:16.0743 5184 Schedule - ok
12:23:16.0803 5184 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:23:16.0830 5184 SCPolicySvc - ok
12:23:16.0837 5184 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:23:16.0895 5184 SDRSVC - ok
12:23:16.0905 5184 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:23:16.0954 5184 secdrv - ok
12:23:16.0966 5184 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:23:16.0995 5184 seclogon - ok
12:23:17.0160 5184 [ E43C0D32FF2D9A72F2D975B83B916964 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
12:23:17.0242 5184 Secunia PSI Agent - ok
12:23:17.0399 5184 [ CB2D183E27D1443F7D4CF10665B2BDED ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
12:23:17.0465 5184 Secunia Update Agent - ok
12:23:17.0491 5184 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
12:23:17.0534 5184 SENS - ok
12:23:17.0551 5184 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:23:17.0584 5184 Serenum - ok
12:23:17.0598 5184 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:23:17.0657 5184 Serial - ok
12:23:17.0692 5184 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:23:17.0716 5184 sermouse - ok
12:23:17.0734 5184 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:23:17.0771 5184 SessionEnv - ok
12:23:17.0801 5184 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:23:17.0821 5184 sffdisk - ok
12:23:17.0832 5184 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:23:17.0855 5184 sffp_mmc - ok
12:23:17.0860 5184 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:23:17.0894 5184 sffp_sd - ok
12:23:17.0911 5184 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:23:17.0975 5184 sfloppy - ok
12:23:18.0009 5184 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:23:18.0037 5184 SharedAccess - ok
12:23:18.0053 5184 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:23:18.0077 5184 ShellHWDetection - ok
12:23:18.0089 5184 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:23:18.0104 5184 sisagp - ok
12:23:18.0117 5184 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:23:18.0131 5184 SiSRaid2 - ok
12:23:18.0144 5184 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:23:18.0159 5184 SiSRaid4 - ok
12:23:18.0224 5184 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:23:18.0388 5184 slsvc - ok
12:23:18.0420 5184 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:23:18.0495 5184 SLUINotify - ok
12:23:18.0507 5184 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:23:18.0541 5184 Smb - ok
12:23:18.0563 5184 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:23:18.0576 5184 SNMPTRAP - ok
12:23:18.0640 5184 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:23:18.0653 5184 spldr - ok
12:23:18.0667 5184 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:23:18.0735 5184 Spooler - ok
12:23:18.0772 5184 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:23:18.0820 5184 srv - ok
12:23:18.0842 5184 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:23:18.0889 5184 srv2 - ok
12:23:18.0906 5184 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:23:18.0956 5184 srvnet - ok
12:23:18.0970 5184 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:23:18.0998 5184 SSDPSRV - ok
12:23:19.0053 5184 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:23:19.0103 5184 SstpSvc - ok
12:23:19.0151 5184 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
12:23:19.0185 5184 ssudmdm - ok
12:23:19.0261 5184 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:23:19.0307 5184 stisvc - ok
12:23:19.0339 5184 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:23:19.0356 5184 swenum - ok
12:23:19.0422 5184 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:23:19.0465 5184 swprv - ok
12:23:19.0477 5184 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:23:19.0492 5184 Symc8xx - ok
12:23:19.0506 5184 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:23:19.0522 5184 Sym_hi - ok
12:23:19.0537 5184 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:23:19.0550 5184 Sym_u3 - ok
12:23:19.0566 5184 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:23:19.0630 5184 SysMain - ok
12:23:19.0635 5184 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:23:19.0652 5184 TabletInputService - ok
12:23:19.0705 5184 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
12:23:19.0740 5184 tap0901 - ok
12:23:19.0747 5184 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:23:19.0786 5184 TapiSrv - ok
12:23:19.0804 5184 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:23:19.0840 5184 TBS - ok
12:23:19.0903 5184 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:23:19.0938 5184 Tcpip - ok
12:23:19.0970 5184 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:23:20.0002 5184 Tcpip6 - ok
12:23:20.0053 5184 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:23:20.0079 5184 tcpipreg - ok
12:23:20.0094 5184 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:23:20.0146 5184 TDPIPE - ok
12:23:20.0185 5184 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:23:20.0216 5184 TDTCP - ok
12:23:20.0245 5184 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:23:20.0272 5184 tdx - ok
12:23:20.0301 5184 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:23:20.0321 5184 TermDD - ok
12:23:20.0348 5184 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:23:20.0392 5184 TermService - ok
12:23:20.0412 5184 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:23:20.0434 5184 Themes - ok
12:23:20.0450 5184 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:23:20.0485 5184 THREADORDER - ok
12:23:20.0497 5184 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:23:20.0547 5184 TrkWks - ok
12:23:20.0639 5184 [ F2AEE22231046CAD8D2F94D2C0F9BEFB ] trufos C:\Windows\system32\DRIVERS\trufos.sys
12:23:20.0664 5184 trufos - ok
12:23:20.0729 5184 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:23:20.0773 5184 TrustedInstaller - ok
12:23:20.0807 5184 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:23:20.0842 5184 tssecsrv - ok
12:23:20.0863 5184 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:23:20.0884 5184 tunmp - ok
12:23:20.0903 5184 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:23:20.0933 5184 tunnel - ok
12:23:20.0949 5184 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:23:20.0967 5184 uagp35 - ok
12:23:20.0979 5184 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:23:21.0007 5184 udfs - ok
12:23:21.0025 5184 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:23:21.0056 5184 UI0Detect - ok
12:23:21.0068 5184 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:23:21.0085 5184 uliagpkx - ok
12:23:21.0103 5184 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:23:21.0125 5184 uliahci - ok
12:23:21.0136 5184 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:23:21.0154 5184 UlSata - ok
12:23:21.0163 5184 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:23:21.0181 5184 ulsata2 - ok
12:23:21.0195 5184 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:23:21.0223 5184 umbus - ok
12:23:21.0522 5184 [ 1C5835420F2A8F6D683FD6BDFFA2FFDD ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
12:23:21.0543 5184 UPDATESRV - ok
12:23:21.0568 5184 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:23:21.0593 5184 upnphost - ok
12:23:21.0614 5184 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
12:23:21.0687 5184 usbccgp - ok
12:23:21.0721 5184 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:23:21.0762 5184 usbcir - ok
12:23:21.0813 5184 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:23:21.0861 5184 usbehci - ok
12:23:21.0897 5184 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:23:21.0947 5184 usbhub - ok
12:23:21.0977 5184 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:23:22.0018 5184 usbohci - ok
12:23:22.0030 5184 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:23:22.0069 5184 usbprint - ok
12:23:22.0075 5184 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:23:22.0095 5184 USBSTOR - ok
12:23:22.0107 5184 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:23:22.0159 5184 usbuhci - ok
12:23:22.0197 5184 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:23:22.0221 5184 UxSms - ok
12:23:22.0232 5184 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:23:22.0295 5184 vds - ok
12:23:22.0324 5184 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:23:22.0359 5184 vga - ok
12:23:22.0364 5184 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:23:22.0397 5184 VgaSave - ok
12:23:22.0420 5184 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:23:22.0434 5184 viaagp - ok
12:23:22.0445 5184 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:23:22.0471 5184 ViaC7 - ok
12:23:22.0479 5184 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
12:23:22.0492 5184 viaide - ok
12:23:22.0507 5184 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:23:22.0521 5184 volmgr - ok
12:23:22.0530 5184 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:23:22.0549 5184 volmgrx - ok
12:23:22.0573 5184 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:23:22.0592 5184 volsnap - ok
12:23:22.0613 5184 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:23:22.0628 5184 vsmraid - ok
12:23:22.0659 5184 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:23:22.0749 5184 VSS - ok
12:23:22.0986 5184 [ F92F8B40FA98A631ADAA772ABA7FA7EE ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
12:23:23.0100 5184 VSSERV - ok
12:23:23.0151 5184 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:23:23.0179 5184 W32Time - ok
12:23:23.0191 5184 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:23:23.0254 5184 WacomPen - ok
12:23:23.0277 5184 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:23:23.0342 5184 Wanarp - ok
12:23:23.0352 5184 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:23:23.0376 5184 Wanarpv6 - ok
12:23:23.0384 5184 wbengine - ok
12:23:23.0396 5184 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:23:23.0429 5184 wcncsvc - ok
12:23:23.0470 5184 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:23:23.0522 5184 WcsPlugInService - ok
12:23:23.0560 5184 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
12:23:23.0573 5184 Wd - ok
12:23:23.0635 5184 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:23:23.0754 5184 Wdf01000 - ok
12:23:23.0789 5184 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:23:23.0858 5184 WdiServiceHost - ok
12:23:23.0865 5184 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:23:23.0896 5184 WdiSystemHost - ok
12:23:23.0906 5184 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:23:23.0924 5184 WebClient - ok
12:23:23.0958 5184 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:23:24.0032 5184 Wecsvc - ok
12:23:24.0036 5184 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:23:24.0068 5184 wercplsupport - ok
12:23:24.0074 5184 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:23:24.0096 5184 WerSvc - ok
12:23:24.0144 5184 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:23:24.0162 5184 WinDefend - ok
12:23:24.0168 5184 WinHttpAutoProxySvc - ok
12:23:24.0209 5184 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:23:24.0231 5184 Winmgmt - ok
12:23:24.0265 5184 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:23:24.0354 5184 WinRM - ok
12:23:24.0435 5184 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
12:23:24.0568 5184 WinUSB - ok
12:23:24.0629 5184 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:23:24.0688 5184 Wlansvc - ok
12:23:24.0868 5184 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:23:24.0975 5184 wlidsvc - ok
12:23:24.0996 5184 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:23:25.0020 5184 WmiAcpi - ok
12:23:25.0042 5184 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:23:25.0070 5184 wmiApSrv - ok
12:23:25.0126 5184 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:23:25.0254 5184 WMPNetworkSvc - ok
12:23:25.0265 5184 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:23:25.0292 5184 WPCSvc - ok
12:23:25.0298 5184 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:23:25.0349 5184 WPDBusEnum - ok
12:23:25.0415 5184 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:23:25.0445 5184 WpdUsb - ok
12:23:25.0511 5184 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:23:25.0560 5184 WPFFontCache_v0400 - ok
12:23:25.0626 5184 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:23:25.0656 5184 ws2ifsl - ok
12:23:25.0662 5184 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
12:23:25.0683 5184 wscsvc - ok
12:23:25.0688 5184 WSearch - ok
12:23:25.0756 5184 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:23:25.0835 5184 wuauserv - ok
12:23:25.0940 5184 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:23:26.0027 5184 WudfPf - ok
12:23:26.0087 5184 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:23:26.0109 5184 WUDFRd - ok
12:23:26.0120 5184 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:23:26.0154 5184 wudfsvc - ok
12:23:26.0166 5184 ================ Scan global ===============================
12:23:26.0182 5184 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:23:26.0209 5184 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
12:23:26.0241 5184 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
12:23:26.0270 5184 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:23:26.0273 5184 [Global] - ok
12:23:26.0274 5184 ================ Scan MBR ==================================
12:23:26.0286 5184 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:23:26.0709 5184 \Device\Harddisk0\DR0 - ok
12:23:26.0709 5184 ================ Scan VBR ==================================
12:23:26.0712 5184 [ 3DFD8F055873D9238E5377622DA9FB66 ] \Device\Harddisk0\DR0\Partition1
12:23:26.0715 5184 \Device\Harddisk0\DR0\Partition1 - ok
12:23:26.0730 5184 [ C16041381DB22404C8FC65DDE425FB44 ] \Device\Harddisk0\DR0\Partition2
12:23:26.0733 5184 \Device\Harddisk0\DR0\Partition2 - ok
12:23:26.0733 5184 ============================================================
12:23:26.0733 5184 Scan finished
12:23:26.0733 5184 ============================================================
12:23:26.0744 2176 Detected object count: 0
12:23:26.0744 2176 Actual detected object count: 0
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Everything is the Logs seems good only... Please send me a New OTL Log file, let me check what is happening with Firefox........
 

jc3777

New Member
Thread author
Verified
Apr 27, 2013
47
OTL logfile created on: 01/05/2013 12:13:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.32% Memory free
6.20 Gb Paging File | 3.70 Gb Available in Paging File | 59.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 173.77 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
PRC - C:\Users\Chris\Desktop\otl.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll ()
MOD - \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-3299710142-3868310564-1978959094-1001\MSPRindiv01.key ()


========== Services (SafeList) ==========

SRV - (wbengine) -- C:\Windows\system32\wbengine.exe File not found
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (gttap1) -- system32\DRIVERS\gttap1.sys File not found
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf_x86.sys (Secunia)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys (BitDefender LLC)
DRV - (BDVEDISK) -- C:\Windows\System32\drivers\bdvedisk.sys (BitDefender)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (bdftdif) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 52 27 F7 1F 45 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/16 12:02:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/18 14:42:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/18 14:42:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 23:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/04/28 17:34:16 | 000,000,000 | ---D | M]

[2012/07/03 05:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2013/04/28 05:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions
[2013/04/15 16:46:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/04/11 23:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/11 23:12:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/03 17:01:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 11:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/04/03 17:01:59 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/28 13:11:26 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/30 12:21:36 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/04/29 23:30:51 | 009,097,384 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro.exe
[2013/04/29 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/04/28 19:08:20 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/04/28 19:08:20 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/04/28 17:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2013/04/28 17:34:17 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013/04/28 17:34:15 | 000,077,192 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2013/04/28 17:34:14 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2013/04/28 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Bitdefender
[2013/04/28 17:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013/04/28 17:22:52 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013/04/28 17:22:45 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/04/28 17:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/04/28 14:45:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2013/04/28 14:42:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/04/28 11:49:57 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/04/28 11:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/04/28 11:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/04/28 05:16:38 | 000,536,737 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Chris\Desktop\JRT.exe
[2013/04/28 05:15:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/27 10:44:45 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR(1).exe
[2013/04/27 10:41:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/04/26 21:44:24 | 000,000,000 | ---D | C] -- C:\Casino
[2013/04/16 20:50:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\cache
[2013/04/16 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\FullTiltPoker
[2013/04/16 20:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2013/04/16 20:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2013/04/16 13:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/04/15 16:40:40 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2013/04/15 16:40:40 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2013/04/15 16:27:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Open Command Window Here (Administrator)
[2013/04/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/10 10:04:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/10 10:04:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/10 10:04:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/10 10:04:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/10 10:04:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/10 10:04:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/10 10:04:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/10 10:04:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/10 06:00:36 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 06:00:35 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 06:00:35 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 06:00:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/04/10 06:00:30 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/09 22:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/09 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/09 04:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
[2013/04/08 22:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013/04/08 22:10:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2013/04/08 22:10:08 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2013/04/08 22:10:04 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013/04/08 22:04:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2013/04/08 22:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/04/04 12:40:01 | 003,276,448 | ---- | C] (Piriform Ltd) -- C:\Users\Chris\Desktop\ccsetup400_slim(1).exe
[2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/05/01 11:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/01 11:24:00 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 11:24:00 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 11:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/30 19:08:46 | 000,000,190 | ---- | M] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg
[2013/04/30 13:22:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/30 12:22:05 | 000,006,144 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/30 12:21:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/04/30 11:29:44 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/30 11:29:44 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/30 11:23:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/29 23:31:08 | 009,097,384 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro.exe
[2013/04/29 20:00:11 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/04/28 22:18:47 | 000,910,996 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache
[2013/04/28 22:18:33 | 000,163,945 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache
[2013/04/28 19:08:20 | 000,633,344 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/04/28 19:08:20 | 000,486,536 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/04/28 17:40:06 | 000,715,314 | ---- | M] () -- C:\ProgramData\1367166156.bdinstall.bin
[2013/04/28 17:36:43 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2013/04/28 17:36:43 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2013/04/28 17:36:43 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01
[2013/04/28 17:35:11 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
[2013/04/28 17:35:11 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/04/28 17:18:48 | 000,231,697 | ---- | M] () -- C:\ProgramData\1367165827.bdinstall.bin
[2013/04/28 14:46:01 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/28 13:14:31 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/04/28 13:11:26 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/28 11:49:38 | 000,001,952 | ---- | M] () -- C:\Users\Chris\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/04/28 05:16:40 | 000,536,737 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Chris\Desktop\JRT.exe
[2013/04/27 11:29:17 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/04/27 10:46:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR(1).exe
[2013/04/27 10:41:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/04/24 12:56:34 | 003,459,204 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/04/24 09:53:28 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/18 19:03:14 | 000,355,527 | ---- | M] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png
[2013/04/17 12:28:31 | 000,023,753 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg
[2013/04/17 12:28:29 | 000,024,335 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg
[2013/04/16 20:47:08 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2013/04/16 13:25:20 | 000,001,995 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/16 13:17:59 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/15 17:47:37 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/15 17:47:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/15 16:52:55 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/04/14 18:23:55 | 000,000,021 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2013/04/14 16:53:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/10 12:09:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 09:23:25 | 008,963,961 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/04/09 22:58:54 | 000,000,913 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/09 22:58:48 | 000,000,733 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2013/04/09 22:58:48 | 000,000,714 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2013/04/08 22:17:32 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2013/04/08 22:13:48 | 000,600,128 | ---- | M] () -- C:\ProgramData\1365455016.bdinstall.bin
[2013/04/08 22:10:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/04/04 18:40:09 | 000,001,638 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2013/04/04 18:40:08 | 000,001,614 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/04 12:41:02 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/04 12:40:07 | 003,276,448 | ---- | M] (Piriform Ltd) -- C:\Users\Chris\Desktop\ccsetup400_slim(1).exe
[2013/04/02 13:56:56 | 000,575,742 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2013/04/02 13:56:56 | 000,575,742 | ---- | M] () -- C:\Users\Chris\Desktop\HOSTS

========== Files Created - No Company Name ==========

[2013/04/30 19:08:44 | 000,000,190 | ---- | C] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg
[2013/04/29 20:00:11 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/04/28 23:19:44 | 000,006,144 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/28 17:40:05 | 000,715,314 | ---- | C] () -- C:\ProgramData\1367166156.bdinstall.bin
[2013/04/28 17:36:43 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01
[2013/04/28 17:35:11 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
[2013/04/28 17:35:11 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/04/28 17:26:15 | 036,573,121 | -H-- | C] () -- C:\bdr-im01.gz
[2013/04/28 17:26:15 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01
[2013/04/28 17:26:15 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2013/04/28 17:26:15 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2013/04/28 17:18:48 | 000,231,697 | ---- | C] () -- C:\ProgramData\1367165827.bdinstall.bin
[2013/04/28 11:49:38 | 000,001,952 | ---- | C] () -- C:\Users\Chris\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/04/27 11:29:17 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/04/24 12:56:33 | 003,459,204 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/04/18 19:03:07 | 000,355,527 | ---- | C] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png
[2013/04/17 12:07:57 | 000,024,335 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg
[2013/04/17 12:03:25 | 000,023,753 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg
[2013/04/16 20:47:08 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2013/04/16 13:17:59 | 000,001,995 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/16 13:17:59 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/16 13:17:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 13:17:03 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/15 16:52:55 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/04/15 16:52:55 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/04/15 16:22:12 | 000,575,742 | ---- | C] () -- C:\Users\Chris\Desktop\HOSTS
[2013/04/14 13:57:16 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/04/10 09:23:24 | 008,963,961 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/04/09 22:58:54 | 000,000,913 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/09 22:58:48 | 000,000,733 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2013/04/09 22:58:48 | 000,000,714 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2013/04/08 22:17:32 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2013/04/08 22:13:48 | 000,600,128 | ---- | C] () -- C:\ProgramData\1365455016.bdinstall.bin
[2013/04/08 22:10:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/04/04 18:40:08 | 000,001,638 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2013/04/04 18:40:08 | 000,001,626 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013/04/04 18:40:08 | 000,001,614 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/02/05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/01/13 18:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/16 15:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
[2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 09:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top