Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

explorer.exe uploading

  • 24-08-2013 4:56pm
    #1
    Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭


    i have seem to have picked up some sort of a f1cking virus my laptop is uplaoding all the time and its coming from explorer.exe and its uploadng to 89.28.22.77
    which is http://en.utrace.de/ip-address/89.28.22.77

    i have ran malwarbytes anti malware,tried hijackthis and its coming back as clean.i have website blocking on in malwarbytes anti malware but i keep getting that alert that explorer.exe is trying to get in or out of my computer.


Comments

  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    otl
    OTL logfile created on: 8/25/2013 12:42:25 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kev\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16635)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 54.42% Memory free
    5.86 Gb Paging File | 3.63 Gb Available in Paging File | 61.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.97 Gb Total Space | 16.41 Gb Free Space | 11.81% Space Free | Partition Type: NTFS
    Drive E: | 10.08 Gb Total Space | 1.68 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
    Drive F: | 1.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: KEV-PC | User Name: kev | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/08/25 00:40:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kev\Downloads\OTL.exe
    PRC - [2013/08/24 21:22:11 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    PRC - [2013/08/17 16:31:16 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012/08/17 21:43:06 | 000,019,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
    PRC - [2012/03/15 22:22:46 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/02/01 18:26:53 | 000,293,888 | ---- | M] () -- C:\Users\kev\Downloads\NetMeter(1).exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
    PRC - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
    PRC - [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/17 16:30:56 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
    MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
    MOD - [2012/02/01 18:26:53 | 000,293,888 | ---- | M] () -- C:\Users\kev\Downloads\NetMeter(1).exe


    ========== Services (SafeList) ==========

    SRV - [2013/08/24 21:22:11 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
    SRV - [2013/08/17 16:31:15 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/07/10 22:37:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2011/12/15 12:00:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
    SRV - [2006/02/02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
    SRV - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
    SRV - [2006/02/02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
    SRV - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ixpkxsls.sys -- (ixpkxsls)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hmqorxoi.sys -- (hmqorxoi)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dyqovnrx.sys -- (dyqovnrx)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\kev\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2013/08/24 22:18:14 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
    DRV - [2013/08/24 22:18:13 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
    DRV - [2013/08/24 22:18:13 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2013/08/24 22:18:13 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
    DRV - [2013/08/24 22:18:12 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/03/07 18:00:02 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2012/11/23 21:09:37 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53)
    DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
    DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
    DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/06/14 20:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2009/06/04 17:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/04/29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
    DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 13 E1 69 E4 ED CD 01 [binary data]
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=082325ab00000000000006242b2f7fda
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.ie"
    FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/29 00:05:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/08/24 22:18:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/08/24 22:18:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/08/24 22:18:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/08/24 22:18:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/08/24 22:18:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/12/15 02:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kev\AppData\Roaming\Mozilla\Extensions
    [2013/08/19 00:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kev\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7l52z.default-1375392951010\extensions
    [2013/07/03 01:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/08/17 16:31:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/08/24 22:18:35 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM

    O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [NetMeter] C:\Users\kev\Downloads\NetMeter(1).exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
    O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05AC8CFA-A4F0-470E-98E0-B83DF86ACB7B}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC6EEEC-1362-44BF-92D2-2EC2D42CA4DE}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/06/10 22:44:18 | 000,000,049 | R--- | M] () - F:\AutoRun.inf -- [ UDF ]
    O33 - MountPoints2\{08226b8b-dfdf-11e1-8325-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{08226b8b-dfdf-11e1-8325-001f1662118b}\Shell\AutoRun\command - "" = F:\Setup.exe
    O33 - MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\Shell\AutoRun\command - "" = F:\dvdcheck.exe
    O33 - MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\Shell\directx\command - "" = DirectX9\dxsetup.exe
    O33 - MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\Shell\setup\command - "" = F:\setup.exe
    O33 - MountPoints2\{948d34dd-0894-11e2-99cb-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{948d34dd-0894-11e2-99cb-001f1662118b}\Shell\AutoRun\command - "" = F:\cdstart.exe
    O33 - MountPoints2\{bf77905c-8730-11e2-9a91-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{bf77905c-8730-11e2-9a91-001f1662118b}\Shell\AutoRun\command - "" = F:\StartCD.exe -- [2009/07/14 18:30:10 | 000,171,896 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\{df19b68f-4132-11e1-9252-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{df19b68f-4132-11e1-9252-001f1662118b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{df19b6a1-4132-11e1-9252-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{df19b6a1-4132-11e1-9252-001f1662118b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{e42eb559-7b28-11e1-a956-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{e42eb559-7b28-11e1-a956-001f1662118b}\Shell\AutoRun\command - "" = F:\shellexe.bat default.htm
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\I\Shell\dinstall\command - "" = I:\Directx\dxsetup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/08/24 21:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
    [2013/08/24 20:59:01 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
    [2013/08/24 20:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2013/08/24 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
    [2013/08/24 20:57:25 | 000,594,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
    [2013/08/24 20:57:25 | 000,074,848 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
    [2013/08/24 01:15:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\CatRoot_bak
    [2013/08/23 00:05:41 | 000,000,000 | ---D | C] -- C:\Users\kev\AppData\Roaming\vlc
    [2013/08/23 00:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2013/08/18 15:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\John Deere American Farmer Deluxe
    [2013/08/18 15:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\John Deere American Farmer Deluxe
    [2013/07/27 14:21:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2013/07/27 13:50:03 | 000,000,000 | ---D | C] -- C:\Users\kev\AppData\Local\ElevatedDiagnostics
    [2013/07/27 13:49:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution.old
    [2013/07/27 02:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
    [2013/07/27 01:30:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/07/27 01:26:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/07/27 01:26:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/07/27 01:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/07/27 01:25:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/07/27 01:24:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/09 13:26:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\kev\AppData\Roaming\pcouffin.sys
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/08/25 00:47:04 | 000,023,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/08/25 00:47:04 | 000,023,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/08/25 00:40:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/08/25 00:38:04 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/25 00:37:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/08/25 00:37:46 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
    [2013/08/25 00:34:42 | 000,007,606 | ---- | M] () -- C:\Users\kev\AppData\Local\Resmon.ResmonCfg
    [2013/08/24 23:49:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/08/24 22:18:14 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kneps.sys
    [2013/08/24 22:18:13 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys
    [2013/08/24 22:18:13 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys
    [2013/08/24 22:18:13 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys
    [2013/08/24 22:18:12 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
    [2013/08/24 22:18:12 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
    [2013/08/24 21:04:43 | 000,002,250 | ---- | M] () -- C:\Users\kev\Desktop\Safe Money.lnk
    [2013/08/24 21:02:11 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
    [2013/08/24 20:53:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/08/24 01:52:57 | 000,000,036 | ---- | M] () -- C:\Users\kev\AppData\Local\housecall.guid.cache
    [2013/08/23 00:04:21 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/08/18 23:08:06 | 000,665,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/08/18 23:08:06 | 000,125,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/08/18 15:02:30 | 000,001,139 | ---- | M] () -- C:\Users\kev\Desktop\John Deere American Farmer Deluxe.lnk
    [2013/07/27 02:55:19 | 000,001,292 | ---- | M] () -- C:\Users\kev\Documents\windows update fix.bat
    [2013/07/26 02:28:43 | 000,241,481 | ---- | M] () -- C:\Users\kev\Desktop\mb10.pdf
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/08/24 21:04:43 | 000,002,250 | ---- | C] () -- C:\Users\kev\Desktop\Safe Money.lnk
    [2013/08/24 21:02:41 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
    [2013/08/24 01:52:57 | 000,000,036 | ---- | C] () -- C:\Users\kev\AppData\Local\housecall.guid.cache
    [2013/08/23 00:04:21 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/07/27 02:55:19 | 000,001,292 | ---- | C] () -- C:\Users\kev\Documents\windows update fix.bat
    [2013/07/27 01:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/07/27 01:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/07/27 01:26:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/07/27 01:26:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/07/27 01:26:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/07/26 02:28:43 | 000,241,481 | ---- | C] () -- C:\Users\kev\Desktop\mb10.pdf
    [2013/06/28 01:31:55 | 000,000,288 | ---- | C] () -- C:\Users\kev\AppData\Roaming\.backup.dm
    [2013/03/08 15:29:32 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
    [2013/02/27 23:23:23 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2012/11/21 00:27:15 | 000,368,640 | ---- | C] () -- C:\Windows\System32\oldmss32.dll
    [2012/11/20 01:23:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/11/19 22:50:54 | 000,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll
    [2012/10/09 13:26:22 | 000,087,608 | ---- | C] () -- C:\Users\kev\AppData\Roaming\inst.exe
    [2012/10/09 13:26:22 | 000,007,887 | ---- | C] () -- C:\Users\kev\AppData\Roaming\pcouffin.cat
    [2012/10/09 13:26:22 | 000,001,144 | ---- | C] () -- C:\Users\kev\AppData\Roaming\pcouffin.inf
    [2012/10/09 13:24:48 | 000,001,041 | ---- | C] () -- C:\Users\kev\AppData\Roaming\vso_ts_preview.xml
    [2012/04/19 19:49:10 | 000,001,284 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/01/10 23:33:05 | 000,000,218 | ---- | C] () -- C:\Users\kev\AppData\Local\recently-used.xbel
    [2011/12/15 02:39:22 | 000,007,606 | ---- | C] () -- C:\Users\kev\AppData\Local\Resmon.ResmonCfg
    [2011/12/14 23:47:59 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/08/14 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\.minecraft
    [2012/12/02 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Azureus
    [2013/06/03 21:53:38 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Bandwidth Meter
    [2013/08/24 01:35:16 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\BitTorrent
    [2013/01/04 02:35:10 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\calibre
    [2013/08/24 00:23:02 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\DAEMON Tools Lite
    [2012/12/02 16:16:51 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\DAEMON Tools Pro
    [2013/04/06 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Dropbox
    [2012/01/08 16:58:03 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Ethereal
    [2013/05/28 00:11:32 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Kalypso Media
    [2013/05/22 17:31:35 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Leadertech
    [2013/05/26 00:50:31 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\MediaInfo
    [2013/06/29 00:05:23 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\NetMeter
    [2013/07/25 01:11:22 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Opera
    [2012/01/13 00:31:22 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Pogo
    [2012/06/25 23:27:24 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Rovio
    [2012/11/23 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Seagate
    [2013/06/03 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Subversion
    [2013/03/12 20:56:45 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\SystemRequirementsLab
    [2013/03/15 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\The Creative Assembly
    [2013/03/06 00:43:25 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Vso
    [2013/06/10 13:29:15 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\XBMC

    ========== Purity Check ==========


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB52431$] -> -> Unknown point type

    < End of report >



    Extras


    OTL Extras logfile created on: 8/25/2013 12:42:25 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kev\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16635)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 54.42% Memory free
    5.86 Gb Paging File | 3.63 Gb Available in Paging File | 61.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.97 Gb Total Space | 16.41 Gb Free Space | 11.81% Space Free | Partition Type: NTFS
    Drive E: | 10.08 Gb Total Space | 1.68 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
    Drive F: | 1.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: KEV-PC | User Name: kev | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02AE21B7-9FAA-40F2-B460-A5FF915B54C7}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{063B0374-FA5A-4767-830B-0DF115D6AD9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0E4705D2-0FB2-48B5-8178-4BA47E16D6D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0F11A5D0-3DE4-4F21-AA97-2C11B1A85F62}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{143052C9-C98C-441F-A6C9-CE51362FD08C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{14743FB4-6DDA-4816-BAFE-78B30760B93D}" = lport=138 | protocol=17 | dir=in | app=system |
    "{1C5F4516-AA88-4013-A30A-FA317BE1BE8F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{1F0FAEA6-FB20-4DA5-84EB-BBCD238241BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{20FA5ACC-CFE9-40D8-93DF-FD99C792962D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{247CF652-814A-4556-AE77-AAD33F08C5EA}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{2CB90028-142E-43A4-B0A2-FC962439016F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{2DA89E5E-A9DB-4D68-B0E2-0DBCACF575F5}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{32354794-5D8F-467C-ABF5-4FAFD0CDF924}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3783A2D2-0609-451B-A1B3-8396BCCC80D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{378EC37E-EC40-4E6A-B6FD-FE236C902ABF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3D99500A-FD84-4C27-BC32-943AAC49FCC9}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{42F6E7E5-4A98-4AF9-866B-E2C3DF20A581}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{46BD25A5-A25A-4E53-954A-29506C088E98}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4AA64673-FB03-4BA3-8863-B1F22F121152}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{4AC91EAE-F718-4E5D-AF87-6D0C3EC6833D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4C4BDB22-CCDB-4BF0-812B-6DDC103E97BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5014083B-358C-4355-ABFD-58CF625F91AC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{58D9D2CD-B7EE-4860-AD8C-237749BF43FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5A008D55-0D64-4C75-8778-59C7476EA0A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{68C3E184-4FF2-47BC-A80F-190E0A5B5EAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6B5C31A2-E708-4039-8F70-F2F0246F94DB}" = rport=139 | protocol=6 | dir=out | app=system |
    "{75192FE4-047F-41EF-9917-E7CCFB1C0784}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{761EF9FC-9C66-42B7-84EA-4ED8AE580594}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{782396FE-514D-42D2-941D-3B56603FFA2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7ECF4EA3-3D94-4BB9-85DB-BD5A074CA282}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{800A7F62-002A-47EF-B8DD-CEAE6EE4120C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{85BD1770-7059-4DE5-BA55-AFA95ADF4EE9}" = lport=137 | protocol=17 | dir=in | app=system |
    "{86084E92-BFBF-4A12-993A-DB69EB0EF813}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8E9D64A3-04F9-4E2B-B4C1-7C9A11097562}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9FB5823A-886C-4799-BA2A-44FFD0D74E1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A8548634-A1FE-4F57-AE0B-31A9EF09B4A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AB9FA072-21BA-457F-BEC7-5B435C7CA5CC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C533A570-901B-4483-A0F3-FAD89FA0547C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C5DA5CC7-F690-4C3E-988F-F328EEBE47F4}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{CAA200AB-186D-4FC1-A9FF-99A9A6AB4C0F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CB022599-5A36-4C39-8FFF-E1E5B5E83A5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CD2FD531-689A-495D-AB9C-54DC005E49E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CD632504-4D75-47E5-BF0E-42696AC88521}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{D1BEF476-2B73-48F8-B91B-7A4E95CDEFD8}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{D5636B83-88CC-4E89-B15A-84A58F4F5524}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DF6C96E2-A089-4522-98A8-5B563D5F421A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E0ECE774-B355-448A-925A-DE0558702015}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E7E45940-EE0E-462A-9E76-120D5830DAF4}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{E8059CEB-87EC-468A-AD54-EA5502D02758}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E9C170F8-A6A6-449E-AEC4-8DD01F305142}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{EC0CEA89-887D-4C72-A966-C750505ECE5F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EDA81BE7-2F32-4F25-95FF-42201758AA0D}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EDD2B156-5FA8-4A7B-89A9-FB7EFEF19C19}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F030DDED-272F-411B-AF70-28BA3578EF26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F878C951-8446-4E76-934E-EDDC3A403D88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FA6FA318-D45C-4182-87E4-F3402C9803DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{001648E6-9CCB-414B-A1D1-0FC240292727}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{01CF0711-6529-4D45-AE2D-FCDC5E7DD2A5}" = protocol=6 | dir=in | app=c:\program files\deer hunter tournament\dht.exe |
    "{02A35299-3745-4810-B489-24296479B2E1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{0516146B-27D7-4767-BD50-D74B0906480F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{06B94DFA-751C-45AB-8954-D689C66C4A4D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{089E0839-6897-4EEB-9E40-70D93DA05AD8}" = protocol=17 | dir=in | app=c:\users\kev\appdata\roaming\dropbox\bin\dropbox.exe |
    "{0D4A03A3-109C-4067-95A1-4791634D8F0A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{106B9A44-D367-4057-885A-FF3C698378D1}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{12730258-A8B6-4EBE-A120-E6433D86FB76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1AA6C346-3FAD-4E66-8E5D-E4F48E920D35}" = protocol=6 | dir=out | app=system |
    "{1BAFAA13-636C-4743-BCE1-0564AB557735}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{1CD4A4D6-D636-46CC-8E2E-28DD19421071}" = protocol=17 | dir=in | app=c:\program files\deer hunter tournament\dht.exe |
    "{226EF6AD-F8EF-4374-901A-0A22F6CD30BF}" = protocol=6 | dir=in | app=c:\users\kev\appdata\roaming\dropbox\bin\dropbox.exe |
    "{2CF86074-DE51-4D34-A7F7-27CAFACE25D9}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3C573F32-1F7F-42E5-AC6D-7B88FF19AF83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{51B56A22-7989-4190-B8DD-2F2F24653740}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{52130F85-CB92-434B-A114-EB5091475AE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{59AE266D-73C4-4FC8-B646-4BF412948796}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{59F588EC-D6C6-4667-A7C3-2B636D3D9A7B}" = protocol=6 | dir=in | app=c:\program files\deer hunter tournament\updater.exe |
    "{62927CE3-4CFA-430D-9351-909CC8ACF5AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{81D96CAE-160A-4F72-9F52-6B7B93EE778F}" = protocol=17 | dir=in | app=c:\program files\deer hunter tournament\updater.exe |
    "{82E2BFC6-DE19-4692-A0AF-96AABB442E37}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{89E23831-9443-4B56-AEE6-F8690C140EE4}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{8A76C617-C0C3-449A-B9A6-251A39C62D1A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{8D3AC844-7A6D-468C-A207-882D95CFBF49}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{8F20D329-F27A-4C57-9F41-8E0B17523ADD}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{98EAC1F7-23DF-47A5-8B04-A2BEEC71B328}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9C26AA8B-1359-4244-8282-C185C3287BC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A4D00BC1-9C68-40A9-8E2D-8FF569DC83A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{ADEE1244-94CB-42E9-9538-1E75EB901D67}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{B60003CF-F08C-46B0-9B81-67C1FF239F52}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{B64177C5-127A-4E2E-A576-277E979E22FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B836D517-475D-40DD-BA0E-AB3B6257391D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C402400F-B1B5-46CA-A6B4-E9239DE797B6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{C48990FE-11CC-4656-822F-EEDB0A99DE60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C753D932-9FD6-4A17-9ED2-302D9201EB7B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{CC0E148A-BE3E-4311-8492-082A7385A932}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D6705ABF-69D2-4CA1-B990-1E037D78F59A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{D9C5DCD7-8E2A-44A0-8C5D-E1FE5D1C5315}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{DBAB905C-C8B4-4125-924C-82204576A38F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E1883573-1966-4880-A194-9C4E59621CCC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{EA171DEB-5956-4BCF-92BA-98D41F7EEEDE}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{ECEEF563-AE3C-43CA-8B94-57D5F6F8E53C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{EDD02C38-9275-4953-AA8C-E8A2CA741163}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{F7B1A4FD-B045-4BD3-B566-3FCFB8B23BD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FBA914CE-D064-49A7-9AA1-43F18F501AA7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{236BD82E-7C44-4339-8F76-56DB4129B701}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "TCP Query User{2C3EACF9-6438-4841-BB36-1D6BCC92B6C2}C:\program files\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe |
    "TCP Query User{43FBE0B4-2AF1-4D0D-AD7D-FDDEFA912EA6}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{522B0C5F-C883-49D1-8CAD-0B60CCBF19B0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{5AE5FC6D-EF57-4A6D-BBC9-9FB3F0CC2BFB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{65314EB0-9DC0-432E-9A47-EBC9E8CBBEA3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "TCP Query User{87E9FD53-C51E-4680-BC67-EC567445D373}C:\program files\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files\xbmc\xbmc.exe |
    "TCP Query User{983B49E2-3E0C-44A9-9373-CAA48B3D4A26}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "TCP Query User{D5331978-11DD-4B19-BC38-2FEC9C420B5B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{FA7C66FB-33E7-43E1-8E49-3E48F18CB0FA}C:\program files\sabnzbd\sabnzbd.exe" = protocol=6 | dir=in | app=c:\program files\sabnzbd\sabnzbd.exe |
    "TCP Query User{FF55C8C8-63DC-48E4-AE74-23F7E200E803}C:\users\kev\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kev\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{10C33C93-5827-43C9-84C0-DC3DED083B82}C:\program files\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe |
    "UDP Query User{23A103DC-5975-4D4D-9BA8-786C83A29C84}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{2DEEE4C5-511F-4BC3-9DAA-7006B4FF79FD}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{3D5B9263-93CD-49B5-90E1-AA2D11E618AB}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{401B302C-F09D-471F-AD46-AE305D705790}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{528FF230-C23E-4F3E-A7DE-E9152CDE0B81}C:\program files\sabnzbd\sabnzbd.exe" = protocol=17 | dir=in | app=c:\program files\sabnzbd\sabnzbd.exe |
    "UDP Query User{676E16AB-C8CF-4673-B10A-F7EBFD4F9CA4}C:\program files\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files\xbmc\xbmc.exe |
    "UDP Query User{70DA0007-8CD5-44C8-A0D5-4A9BAB085F1B}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "UDP Query User{8B0BF0E6-183F-4EA6-AD9F-F00D988E185B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "UDP Query User{9A0257BF-C9EB-452D-89DE-949BDB5B5870}C:\users\kev\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kev\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{BDCB5452-140E-4880-B284-914110DEC9C0}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{1752D07B-9BEB-414F-9B51-AA529101F0E5}" = calibre
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
    "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
    "{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "BitTorrent" = BitTorrent
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Family Farm1.0" = Family Farm
    "Hospital" = Theme Hospital
    "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
    "John Deere American Farmer Deluxe_is1" = John Deere American Farmer Deluxe
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "MediaInfo_is1" = MediaInfo
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 23.0.1 (x86 en-GB)" = Mozilla Firefox 23.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA Drivers" = NVIDIA Drivers
    "PDF to ePub Converter_is1" = PDF to ePub Converter 3.0.6
    "RealPlayer 15.0" = RealPlayer
    "SABnzbd" = SABnzbd 0.7.4
    "SuperNZB_is1" = SuperNZB v4.0.8
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Transmission Remote" = Transmission Remote
    "VLC media player" = VLC media player 2.0.8
    "WinRAR 4.01" = WinRAR 4.01

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "XBMC" = XBMC

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/23/2013 7:42:51 PM | Computer Name = kev-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: firefox.exe, version: 23.0.1.4974, time
    stamp: 0x520bc252 Faulting module name: xul.dll, version: 23.0.1.4974, time stamp:
    0x520bc166 Exception code: 0xc0000005 Fault offset: 0x0017af08 Faulting process id:
    0xdb4 Faulting application start time: 0x01cea057ca89614d Faulting application path:
    C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla
    Firefox\xul.dll Report Id: b9046497-0c4d-11e3-b0ac-001f1662118b

    Error - 8/23/2013 7:45:43 PM | Computer Name = kev-PC | Source = ESENT | ID = 455
    Description = taskhost (1824) WebCacheLocal: Error -1811 occurred while opening
    logfile C:\Users\kev\AppData\Local\Microsoft\Windows\WebCache\V0100059.log.

    Error - 8/23/2013 8:50:30 PM | Computer Name = kev-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: JohnDeereDeluxe.exe, vers


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    can you post the log from when you ran combofix, it should be at C:\combofix.txt


    open OTL copy and paste this into the box


    :OTL
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ixpkxsls.sys -- (ixpkxsls)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hmqorxoi.sys -- (hmqorxoi)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dyqovnrx.sys -- (dyqovnrx)
    O32 - AutoRun File - [2009/06/10 22:44:18 | 000,000,049 | R--- | M] () - F:\AutoRun.inf -- [ UDF ]
    O33 - MountPoints2\{08226b8b-dfdf-11e1-8325-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{08226b8b-dfdf-11e1-8325-001f1662118b}\Shell\AutoRun\command - "" = F:\Setup.exe
    O33 - MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\Shell\AutoRun\command - "" = F:\dvdcheck.exe
    O33 - MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\Shell\directx\command - "" = DirectX9\dxsetup.exe
    O33 - MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\Shell\setup\command - "" = F:\setup.exe
    O33 - MountPoints2\{948d34dd-0894-11e2-99cb-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{948d34dd-0894-11e2-99cb-001f1662118b}\Shell\AutoRun\command - "" = F:\cdstart.exe
    O33 - MountPoints2\{bf77905c-8730-11e2-9a91-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{bf77905c-8730-11e2-9a91-001f1662118b}\Shell\AutoRun\command - "" = F:\StartCD.exe -- [2009/07/14 18:30:10 | 000,171,896 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\{df19b68f-4132-11e1-9252-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{df19b68f-4132-11e1-9252-001f1662118b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{df19b6a1-4132-11e1-9252-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{df19b6a1-4132-11e1-9252-001f1662118b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{e42eb559-7b28-11e1-a956-001f1662118b}\Shell - "" = AutoRun
    O33 - MountPoints2\{e42eb559-7b28-11e1-a956-001f1662118b}\Shell\AutoRun\command - "" = F:\shellexe.bat default.htm
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\I\Shell\dinstall\command - "" = I:\Directx\dxsetup.exe
    [C:\Windows\$NtUninstallKB52431$] -> -> Unknown point type

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    click run fix post the log it gives


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    i did what you said and i think it fixed the problem thanks jsa 112.

    any idea how i got the fu1cking thing in the 1st place?i downlaod a lot so iam presuming its from there


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    Tough to say, torrents/crackz/pr0n/football streams/p2p are usually responsible. PC was badly infected, it would be a good idea to post the OTL fix log and the combofix one if you can, there's probably more stuff hiding there.


    If firefox is your main browser, I'd install this extension, will help in the future

    https://addons.mozilla.org/en-US/firefox/addon/ghostery/?src=cb-dl-rating


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    jsa112 wrote: »
    Tough to say, torrents/crackz/pr0n/football streams/p2p are usually responsible. PC was badly infected, it would be a good idea to post the OTL fix log and the combofix one if you can, there's probably more stuff hiding there.


    If firefox is your main browser, I'd install this extension, will help in the future

    https://addons.mozilla.org/en-US/firefox/addon/ghostery/?src=cb-dl-rating
    right ill do that will post it up later on

    i think this is the otl fix log

    All processes killed
    ========== OTL ==========
    Service ixpkxsls stopped successfully!
    Service ixpkxsls deleted successfully!
    File C:\Windows\system32\drivers\ixpkxsls.sys not found.
    Service hmqorxoi stopped successfully!
    Service hmqorxoi deleted successfully!
    File C:\Windows\system32\drivers\hmqorxoi.sys not found.
    Service dyqovnrx stopped successfully!
    Service dyqovnrx deleted successfully!
    File C:\Windows\system32\drivers\dyqovnrx.sys not found.
    File move failed. F:\AutoRun.inf scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08226b8b-dfdf-11e1-8325-001f1662118b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08226b8b-dfdf-11e1-8325-001f1662118b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08226b8b-dfdf-11e1-8325-001f1662118b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08226b8b-dfdf-11e1-8325-001f1662118b}\ not found.
    File F:\Setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c55384b-85c3-11e2-9bf6-001f1662118b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c55384b-85c3-11e2-9bf6-001f1662118b}\ not found.
    File F:\dvdcheck.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c55384b-85c3-11e2-9bf6-001f1662118b}\ not found.
    File DirectX9\dxsetup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c55384b-85c3-11e2-9bf6-001f1662118b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c55384b-85c3-11e2-9bf6-001f1662118b}\ not found.
    File F:\setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{948d34dd-0894-11e2-99cb-001f1662118b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948d34dd-0894-11e2-99cb-001f1662118b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{948d34dd-0894-11e2-99cb-001f1662118b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948d34dd-0894-11e2-99cb-001f1662118b}\ not found.
    File F:\cdstart.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf77905c-8730-11e2-9a91-001f1662118b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf77905c-8730-11e2-9a91-001f1662118b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf77905c-8730-11e2-9a91-001f1662118b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf77905c-8730-11e2-9a91-001f1662118b}\ not found.
    File move failed. F:\StartCD.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df19b68f-4132-11e1-9252-001f1662118b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df19b68f-4132-11e1-9252-001f1662118b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df19b68f-4132-11e1-9252-001f1662118b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df19b68f-4132-11e1-9252-001f1662118b}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df19b6a1-4132-11e1-9252-001f1662118b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df19b6a1-4132-11e1-9252-001f1662118b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df19b6a1-4132-11e1-9252-001f1662118b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df19b6a1-4132-11e1-9252-001f1662118b}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e42eb559-7b28-11e1-a956-001f1662118b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e42eb559-7b28-11e1-a956-001f1662118b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e42eb559-7b28-11e1-a956-001f1662118b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e42eb559-7b28-11e1-a956-001f1662118b}\ not found.
    File F:\shellexe.bat default.htm not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File F:\setup\rsrc\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File F:\Directx\dxsetup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
    File G:\setup\rsrc\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
    File H:\setup\rsrc\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
    File I:\setup\rsrc\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
    File I:\Directx\dxsetup.exe not found.
    Unable to remove Unknown point type C:\Windows\$NtUninstallKB52431$
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: kev
    ->Temp folder emptied: 2080449860 bytes
    ->Temporary Internet Files folder emptied: 2592898 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 219804877 bytes
    ->Flash cache emptied: 4112 bytes

    User: Mcx1-KEV-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 68207 bytes
    ->Flash cache emptied: 56475 bytes

    User: naughto
    ->Temp folder emptied: 32930 bytes
    ->Temporary Internet Files folder emptied: 33298 bytes
    ->Flash cache emptied: 56475 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2960097 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 760614 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 645012 bytes

    Total Files Cleaned = 2,201.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: kev
    ->Flash cache emptied: 0 bytes

    User: Mcx1-KEV-PC
    ->Flash cache emptied: 0 bytes


    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: kev
    ->Java cache emptied: 0 bytes

    User: Mcx1-KEV-PC


    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\kev\Downloads\cmd.bat deleted successfully.
    C:\Users\kev\Downloads\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 08252013_235438

    Files\Folders moved on Reboot...
    File\Folder F:\AutoRun.inf not found!
    File\Folder F:\StartCD.exe not found!
    C:\Users\kev\AppData\Local\Temp\KB3AIK_EN.iso moved successfully.
    File move failed. C:\Users\kev\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    dont no if this is the right area for this but i havent being able to do updates on my laptop for the the last number of months i keep getting this error


    "windows could not search for new updates"
    errors found
    Code 80096001

    i put the code in to google and tried a number of different things that they say to do but it doesent work

    https://www.google.ie/#fp=f9ba4d1b23caac5a&q=Code+80096001&safe=off


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    do you have the combofix log ?


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    jsa112 wrote: »
    do you have the combofix log ?
    i ran combo fix and it just hangs no matter how long i leave it.


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    download a new copy of combofix, go into safe mode, does it run there ?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    jsa112 wrote: »
    download a new copy of combofix, go into safe mode, does it run there ?
    did it in safe mode as well and it does the same thing


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    run malwarebytes anti rootkit and post its log

    http://www.malwarebytes.org/products/mbar/


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    jsa112 wrote: »
    run malwarebytes anti rootkit and post its log

    http://www.malwarebytes.org/products/mbar/

    will i run it in safe mode?

    ran the anti rootkit and it found 4 mailware but there was no log


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    can you take a screenshot of what it found ? Had a feeling there was something else there.

    try combofix in safe mode now as well.


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    jsa112 wrote: »
    can you take a screenshot of what it found ? Had a feeling there was something else there.

    try combofix in safe mode now as well.
    tried it in safe mode as well still the same

    i pressed the clean up b 4 for i seen your reply so i cant take a screen shot


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    ok that's grand, one final scan then all done, paste this into the custom scan/fixes box in OTL


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    SaveMBR:0
    createrestorepoint
    %systemroot%\*. /mp /s
    C:\*.*
    showhidden


    click quick scan post that log.


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    now iam getting another error

    "windows cannot access the specified device,path or file.you may not have the appropriate premission to access the item"

    i get this even when i run as administator

    i thinking i might save all the crap on to the external harddrive and wipe the laptop and strat again


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    that wouldnt be the worst option as you had a bad rootkit, let me know what you decide.


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    jsa112 wrote: »
    that wouldnt be the worst option as you had a bad rootkit, let me know what you decide.
    decided not to bother with wiping it

    i tried the otl again and this time it worked her is the log of the code that u gave me.i will also try combofix again.

    OTL logfile created on: 8/29/2013 1:37:50 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kev\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16635)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 58.71% Memory free
    5.86 Gb Paging File | 3.61 Gb Available in Paging File | 61.63% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.97 Gb Total Space | 13.27 Gb Free Space | 9.55% Space Free | Partition Type: NTFS
    Drive E: | 10.08 Gb Total Space | 1.68 Gb Free Space | 16.71% Space Free | Partition Type: NTFS

    Computer Name: KEV-PC | User Name: kev | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/08/29 01:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kev\Downloads\OTL.exe
    PRC - [2013/08/17 16:31:16 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2013/07/18 16:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/07/18 16:49:24 | 000,995,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/07/10 22:37:20 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
    PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012/03/15 22:22:46 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/02/01 18:26:53 | 000,293,888 | ---- | M] () -- C:\Users\kev\Downloads\NetMeter(1).exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
    PRC - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
    PRC - [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/17 16:30:56 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2013/07/10 22:37:17 | 016,166,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    MOD - [2012/02/01 18:26:53 | 000,293,888 | ---- | M] () -- C:\Users\kev\Downloads\NetMeter(1).exe
    MOD - [2011/05/28 23:04:58 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Services (SafeList) ==========

    SRV - [2013/08/17 16:31:15 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/07/18 16:49:42 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013/07/18 16:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/07/10 22:37:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2011/12/15 12:00:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
    SRV - [2006/02/02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
    SRV - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
    SRV - [2006/02/02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
    SRV - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\kev\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/03/07 18:00:02 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2012/11/23 21:09:37 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53)
    DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/06/14 20:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2009/06/04 17:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/04/29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
    DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 13 E1 69 E4 ED CD 01 [binary data]
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=082325ab00000000000006242b2f7fda
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.ie"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/29 00:05:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/12/15 02:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kev\AppData\Roaming\Mozilla\Extensions
    [2013/08/26 13:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kev\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7l52z.default-1375392951010\extensions
    [2013/08/26 13:57:08 | 001,312,907 | ---- | M] () (No name found) -- C:\Users\kev\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7l52z.default-1375392951010\extensions\firefox@ghostery.com.xpi
    [2013/07/03 01:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/08/17 16:31:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    O1 HOSTS File: ([2013/08/25 23:55:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [NetMeter] C:\Users\kev\Downloads\NetMeter(1).exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05AC8CFA-A4F0-470E-98E0-B83DF86ACB7B}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC6EEEC-1362-44BF-92D2-2EC2D42CA4DE}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PEVSystemStart - Service
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: procexp90.Sys - Driver
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PEVSystemStart - Service
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: procexp90.Sys - Driver
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/08/29 13:33:14 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2013/08/29 01:38:51 | 000,000,000 | ---D | C] -- C:\Users\kev\Desktop\dloads
    [2013/08/28 23:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/08/28 22:54:08 | 000,000,000 | ---D | C] -- C:\Users\kev\Desktop\mbar
    [2013/08/28 22:32:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/08/28 21:56:27 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2013/08/28 18:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2013/08/25 23:54:38 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/08/24 01:15:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\CatRoot_bak
    [2013/08/23 00:05:41 | 000,000,000 | ---D | C] -- C:\Users\kev\AppData\Roaming\vlc
    [2013/08/23 00:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2013/08/18 15:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\John Deere American Farmer Deluxe
    [2012/10/09 13:26:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\kev\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2013/08/29 13:40:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/08/29 13:39:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2013/08/29 13:24:55 | 000,023,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/08/29 13:24:55 | 000,023,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/08/29 13:17:36 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/29 13:17:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/08/29 13:17:09 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
    [2013/08/29 01:49:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/08/28 18:19:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/08/28 17:54:37 | 000,665,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/08/28 17:54:37 | 000,125,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/08/28 17:47:37 | 000,003,288 | ---- | M] () -- C:\Users\kev\Desktop\updatefix.reg.reg
    [2013/08/26 13:32:26 | 001,390,135 | ---- | M] () -- C:\Users\kev\Desktop\IMGP5091.JPG
    [2013/08/26 13:32:15 | 001,776,932 | ---- | M] () -- C:\Users\kev\Desktop\Photo0294.jpg
    [2013/08/26 13:31:40 | 002,946,822 | ---- | M] () -- C:\Users\kev\Desktop\IMGP5089.JPG
    [2013/08/25 23:55:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2013/08/25 00:34:42 | 000,007,606 | ---- | M] () -- C:\Users\kev\AppData\Local\Resmon.ResmonCfg
    [2013/08/24 01:52:57 | 000,000,036 | ---- | M] () -- C:\Users\kev\AppData\Local\housecall.guid.cache
    [2013/08/23 00:04:21 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/08/18 15:02:30 | 000,001,139 | ---- | M] () -- C:\Users\kev\Desktop\John Deere American Farmer Deluxe.lnk

    ========== Files Created - No Company Name ==========

    [2013/08/29 13:39:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
    [2013/08/28 18:13:01 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2013/08/28 17:47:37 | 000,003,288 | ---- | C] () -- C:\Users\kev\Desktop\updatefix.reg.reg
    [2013/08/26 13:32:24 | 001,390,135 | ---- | C] () -- C:\Users\kev\Desktop\IMGP5091.JPG
    [2013/08/26 13:32:10 | 001,776,932 | ---- | C] () -- C:\Users\kev\Desktop\Photo0294.jpg
    [2013/08/26 13:31:33 | 002,946,822 | ---- | C] () -- C:\Users\kev\Desktop\IMGP5089.JPG
    [2013/08/24 01:52:57 | 000,000,036 | ---- | C] () -- C:\Users\kev\AppData\Local\housecall.guid.cache
    [2013/08/23 00:04:21 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/07/27 01:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/07/27 01:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/07/27 01:26:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/07/27 01:26:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/07/27 01:26:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/06/28 01:31:55 | 000,000,288 | ---- | C] () -- C:\Users\kev\AppData\Roaming\.backup.dm
    [2013/03/08 15:29:32 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
    [2013/02/27 23:23:23 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2012/11/21 00:27:15 | 000,368,640 | ---- | C] () -- C:\Windows\System32\oldmss32.dll
    [2012/11/20 01:23:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/11/19 22:50:54 | 000,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll
    [2012/10/09 13:26:22 | 000,087,608 | ---- | C] () -- C:\Users\kev\AppData\Roaming\inst.exe
    [2012/10/09 13:26:22 | 000,007,887 | ---- | C] () -- C:\Users\kev\AppData\Roaming\pcouffin.cat
    [2012/10/09 13:26:22 | 000,001,144 | ---- | C] () -- C:\Users\kev\AppData\Roaming\pcouffin.inf
    [2012/10/09 13:24:48 | 000,001,041 | ---- | C] () -- C:\Users\kev\AppData\Roaming\vso_ts_preview.xml
    [2012/04/19 19:49:10 | 000,001,284 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/01/10 23:33:05 | 000,000,218 | ---- | C] () -- C:\Users\kev\AppData\Local\recently-used.xbel
    [2011/12/15 02:39:22 | 000,007,606 | ---- | C] () -- C:\Users\kev\AppData\Local\Resmon.ResmonCfg
    [2011/12/14 23:47:59 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/08/14 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\.minecraft
    [2012/12/02 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Azureus
    [2013/06/03 21:53:38 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Bandwidth Meter
    [2013/06/13 00:55:03 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Baumaschinen Simulator 2011
    [2013/08/29 02:18:15 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\BitTorrent
    [2013/01/04 02:35:10 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\calibre
    [2013/08/24 00:23:02 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\DAEMON Tools Lite
    [2012/12/02 16:16:51 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\DAEMON Tools Pro
    [2013/04/06 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Dropbox
    [2012/01/08 16:58:03 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Ethereal
    [2013/05/28 00:11:32 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Kalypso Media
    [2013/05/22 17:31:35 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Leadertech
    [2013/05/26 00:50:31 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\MediaInfo
    [2013/06/29 00:05:23 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\NetMeter
    [2013/07/25 01:11:22 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Opera
    [2012/01/13 00:31:22 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Pogo
    [2012/06/25 23:27:24 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Rovio
    [2012/11/23 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Seagate
    [2013/06/03 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Subversion
    [2013/03/12 20:56:45 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\SystemRequirementsLab
    [2013/03/15 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\The Creative Assembly
    [2013/03/06 00:43:25 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\Vso
    [2013/06/10 13:29:15 | 000,000,000 | ---D | M] -- C:\Users\kev\AppData\Roaming\XBMC

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %systemroot%\*. /mp /s >

    < C:\*.* >
    [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2010/11/20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/11/19 21:37:35 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2013/08/29 13:17:09 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/19 19:48:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2012/04/19 19:48:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2013/08/29 13:17:14 | 3149,074,432 | -HS- | M] () -- C:\pagefile.sys
    [2013/08/29 13:39:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2013/08/24 01:42:02 | 000,136,950 | ---- | M] () -- C:\TDSSKiller.2.9.2.0_24.08.2013_01.40.20_log.txt
    [2009/07/14 05:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
    [2012/04/10 16:08:24 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
    [2012/06/13 01:09:31 | 000,000,876 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/13 01:09:32 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/30 21:39:48 | 000,000,000 | -H-D | M] -- C:\HP
    [2008/10/25 11:38:53 | 000,000,000 | RH-D | M] -- C:\MSOCache
    [2013/08/28 23:08:01 | 000,000,000 | -H-D | M] -- C:\ProgramData
    [2011/10/30 21:40:20 | 000,000,000 | -H-D | M] -- C:\System.sav
    [2009/07/14 08:18:34 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Default
    [2012/01/26 23:20:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\CanonBJ
    [2011/11/18 00:22:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Common Files
    [2012/01/26 23:20:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\CanonBJ\IJPrinter
    [2012/01/26 23:20:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\CanonBJ\IJPrinter\CNMWindows
    [2012/01/26 23:57:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\CanonBJ\IJPrinter\CNMWindows\Canon iP2600 series
    [2009/07/14 05:52:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Microsoft\WwanSvc
    [2013/03/07 03:40:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Microsoft\SLDL\cb3e35ec-ba09-49f4-9452-ca1cedbf9314
    [2009/07/14 08:48:18 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
    [2009/07/14 05:52:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Microsoft\WwanSvc\Profiles
    [2009/07/14 03:37:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default\AppData
    [2012/06/13 01:10:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData
    [2013/03/08 22:00:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
    [2011/12/15 02:28:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
    [2013/07/27 01:09:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
    [2011/11/24 19:39:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Local\Microsoft\Media Player\Art Cache
    [2013/07/25 21:49:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\kev\AppData\Local\Microsoft\Windows\Burn\Burn
    [2012/01/17 20:20:46 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\kev\AppData\Local\Microsoft\Windows\Burn\Burn1
    [2013/03/07 02:40:10 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\kev\AppData\Local\Microsoft\Windows\Burn\Burn2
    [2011/12/15 12:30:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
    [2011/12/15 12:30:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}
    [2012/05/23 22:20:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Local\VirtualStore\ProgramData
    [2011/12/15 02:28:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/08/24 12:27:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
    [2013/03/29 13:53:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
    [2013/06/03 21:53:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kev\Desktop\usb\desk top\WINRAR_3.93_PRO_Final_2010\Folder Settings
    [2012/11/20 01:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mcx1-KEV-PC\AppData
    [2013/08/26 13:31:47 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Public\Desktop
    [2009/07/14 03:04:25 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Public\Favorites
    [2013/05/17 00:13:42 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Public\Libraries
    [2012/01/18 18:26:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Public\Recorded TV\TempRec
    [2013/03/11 22:05:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2012/01/26 23:20:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
    [2011/11/18 00:22:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
    [2012/01/26 23:20:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter
    [2012/01/26 23:20:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows
    [2012/01/26 23:57:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon iP2600 series
    [2009/07/14 05:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
    [2013/03/07 03:40:24 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\SLDL\cb3e35ec-ba09-49f4-9452-ca1cedbf9314
    [2009/07/14 08:48:18 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
    [2009/07/14 05:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
    [2009/07/14 08:18:34 | 000,000,000 | RH-D | M] -- C:\Users\Default
    [2012/01/26 23:20:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
    [2011/11/18 00:22:39 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Common Files
    [2012/01/26 23:20:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter
    [2012/01/26 23:20:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows
    [2012/01/26 23:57:49 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon iP2600 series
    [2009/07/14 05:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
    [2013/03/07 03:40:24 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\SLDL\cb3e35ec-ba09-49f4-9452-ca1cedbf9314
    [2009/07/14 08:48:18 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
    [2009/07/14 05:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
    [2009/07/14 03:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
    [2012/06/13 01:10:19 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData
    [2013/03/08 22:00:29 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
    [2011/12/15 02:28:49 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
    [2013/07/27 01:09:49 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
    [2011/11/24 19:39:09 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Local\Microsoft\Media Player\Art Cache
    [2013/07/25 21:49:07 | 000,000,000 | RH-D | M] -- C:\Users\kev\AppData\Local\Microsoft\Windows\Burn\Burn
    [2012/01/17 20:20:46 | 000,000,000 | RH-D | M] -- C:\Users\kev\AppData\Local\Microsoft\Windows\Burn\Burn1
    [2013/03/07 02:40:10 | 000,000,000 | RH-D | M] -- C:\Users\kev\AppData\Local\Microsoft\Windows\Burn\Burn2
    [2011/12/15 12:30:54 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
    [2011/12/15 12:30:54 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}
    [2012/05/23 22:20:11 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Local\VirtualStore\ProgramData
    [2011/12/15 02:28:54 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/08/24 12:27:18 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
    [2013/03/29 13:53:20 | 000,000,000 | -H-D | M] -- C:\Users\kev\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
    [2013/06/03 21:53:44 | 000,000,000 | -H-D | M] -- C:\Users\kev\Desktop\usb\desk top\WINRAR_3.93_PRO_Final_2010\Folder Settings
    [2012/11/20 01:24:14 | 000,000,000 | -H-D | M] -- C:\Users\Mcx1-KEV-PC\AppData
    [2013/08/26 13:31:47 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
    [2009/07/14 03:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
    [2013/05/17 00:13:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
    [2012/01/18 18:26:46 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
    [2011/10/31 21:30:33 | 000,000,000 | -H-D | M] -- C:\Windows.old\ProgramData
    [2011/10/30 22:31:12 | 000,000,000 | -H-D | M] -- C:\Windows.old\ProgramData\Common Files
    [2013/03/12 00:27:38 | 000,000,000 | -H-D | M] -- C:\Windows.old\Windows\ServiceProfiles\LocalService\AppData
    [2011/12/15 14:38:55 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
    [2012/09/21 21:08:15 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
    [2011/12/15 02:30:06 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache
    [2012/11/20 01:23:16 | 000,000,000 | -H-D | M] -- C:\Windows\System32\GroupPolicy

    ========== Files - Unicode (All) ==========
    [2013/06/03 21:53:44 | 000,000,000 | ---D | M](C:\Users\kev\Desktop\Helena & Kevin?) -- C:\Users\kev\Desktop\Helena & Kevin
    [2013/04/06 22:39:24 | 000,000,000 | ---D | C](C:\Users\kev\Desktop\Helena & Kevin?) -- C:\Users\kev\Desktop\Helena & Kevin

    < End of report >


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    looks good, post this log

    C:\TDSSKiller.2.9.2.0_24.08.2013_01.40.20_log.txt


    also run malwarebytes anti-rootkit again, does it find anything ? if so, save the log before you fix it and post that here please.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    running malwarebytes anti-rootkit as we speak
    below is the tdss log

    01:40:20.0600 0x159c TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
    01:40:21.0396 0x159c ============================================================
    01:40:21.0396 0x159c Current date / time: 2013/08/24 01:40:21.0396
    01:40:21.0396 0x159c SystemInfo:
    01:40:21.0396 0x159c
    01:40:21.0397 0x159c OS Version: 6.1.7601 ServicePack: 1.0
    01:40:21.0397 0x159c Product type: Workstation
    01:40:21.0397 0x159c ComputerName: KEV-PC
    01:40:21.0397 0x159c UserName: kev
    01:40:21.0397 0x159c Windows directory: C:\Windows
    01:40:21.0397 0x159c System windows directory: C:\Windows
    01:40:21.0397 0x159c Processor architecture: Intel x86
    01:40:21.0397 0x159c Number of processors: 2
    01:40:21.0397 0x159c Page size: 0x1000
    01:40:21.0397 0x159c Boot type: Normal boot
    01:40:21.0397 0x159c ============================================================
    01:40:24.0362 0x159c Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    01:40:24.0365 0x159c ============================================================
    01:40:24.0365 0x159c \Device\Harddisk0\DR0:
    01:40:24.0365 0x159c MBR partitions:
    01:40:24.0365 0x159c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x115F07C1
    01:40:24.0365 0x159c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x115F0800, BlocksNum 0x1427800
    01:40:24.0365 0x159c ============================================================
    01:40:24.0410 0x159c C: <-> \Device\Harddisk0\DR0\Partition1
    01:40:24.0682 0x159c E: <-> \Device\Harddisk0\DR0\Partition2
    01:40:24.0683 0x159c ============================================================
    01:40:24.0683 0x159c Initialize success
    01:40:24.0683 0x159c ============================================================
    01:40:42.0227 0x0efc ============================================================
    01:40:42.0227 0x0efc Scan started
    01:40:42.0227 0x0efc Mode: Manual; TDLFS;
    01:40:42.0227 0x0efc ============================================================
    01:40:43.0234 0x0efc ================ Scan system memory ========================
    01:40:43.0234 0x0efc System memory - ok
    01:40:43.0238 0x0efc ================ Scan services =============================
    01:40:43.0632 0x0efc [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    01:40:43.0636 0x0efc 1394ohci - ok
    01:40:43.0699 0x0efc [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    01:40:43.0705 0x0efc ACPI - ok
    01:40:43.0837 0x0efc [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    01:40:43.0838 0x0efc AcpiPmi - ok
    01:40:43.0974 0x0efc [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    01:40:43.0977 0x0efc Adobe LM Service - ok
    01:40:44.0136 0x0efc [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    01:40:44.0137 0x0efc AdobeARMservice - ok
    01:40:44.0269 0x0efc [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    01:40:44.0273 0x0efc AdobeFlashPlayerUpdateSvc - ok
    01:40:44.0341 0x0efc [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    01:40:44.0350 0x0efc adp94xx - ok
    01:40:44.0392 0x0efc [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    01:40:44.0399 0x0efc adpahci - ok
    01:40:44.0423 0x0efc [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    01:40:44.0426 0x0efc adpu320 - ok
    01:40:44.0479 0x0efc [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    01:40:44.0481 0x0efc AeLookupSvc - ok
    01:40:44.0585 0x0efc [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
    01:40:44.0592 0x0efc AFD - ok
    01:40:44.0693 0x0efc [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
    01:40:44.0695 0x0efc agp440 - ok
    01:40:44.0778 0x0efc [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    01:40:44.0780 0x0efc aic78xx - ok
    01:40:44.0919 0x0efc [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    01:40:44.0921 0x0efc ALG - ok
    01:40:45.0021 0x0efc [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    01:40:45.0023 0x0efc aliide - ok
    01:40:45.0063 0x0efc [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    01:40:45.0065 0x0efc amdagp - ok
    01:40:45.0133 0x0efc [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    01:40:45.0135 0x0efc amdide - ok
    01:40:45.0183 0x0efc [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    01:40:45.0192 0x0efc AmdK8 - ok
    01:40:45.0238 0x0efc [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    01:40:45.0240 0x0efc AmdPPM - ok
    01:40:45.0301 0x0efc [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    01:40:45.0303 0x0efc amdsata - ok
    01:40:45.0369 0x0efc [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    01:40:45.0373 0x0efc amdsbs - ok
    01:40:45.0428 0x0efc [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    01:40:45.0428 0x0efc amdxata - ok
    01:40:45.0548 0x0efc [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    01:40:45.0558 0x0efc AppID - ok
    01:40:45.0810 0x0efc [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    01:40:45.0860 0x0efc AppIDSvc - ok
    01:40:46.0010 0x0efc [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
    01:40:46.0010 0x0efc Appinfo - ok
    01:40:46.0170 0x0efc [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    01:40:46.0180 0x0efc arc - ok
    01:40:46.0220 0x0efc [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    01:40:46.0220 0x0efc arcsas - ok
    01:40:46.0360 0x0efc [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    01:40:46.0450 0x0efc aspnet_state - ok
    01:40:46.0580 0x0efc [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    01:40:46.0580 0x0efc AsyncMac - ok
    01:40:46.0630 0x0efc [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    01:40:46.0630 0x0efc atapi - ok
    01:40:46.0720 0x0efc [ 614A60AEE03A6151FDCBAC295854A9CB ] athr C:\Windows\system32\DRIVERS\athr.sys
    01:40:46.0760 0x0efc athr - ok
    01:40:46.0860 0x0efc [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    01:40:46.0900 0x0efc AudioEndpointBuilder - ok
    01:40:46.0910 0x0efc [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    01:40:46.0920 0x0efc Audiosrv - ok
    01:40:47.0053 0x0efc [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    01:40:47.0053 0x0efc AxInstSV - ok
    01:40:47.0135 0x0efc [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    01:40:47.0145 0x0efc b06bdrv - ok
    01:40:47.0185 0x0efc [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    01:40:47.0185 0x0efc b57nd60x - ok
    01:40:47.0275 0x0efc [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    01:40:47.0275 0x0efc BDESVC - ok
    01:40:47.0325 0x0efc [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    01:40:47.0325 0x0efc Beep - ok
    01:40:47.0435 0x0efc [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
    01:40:47.0435 0x0efc BFE - ok
    01:40:47.0497 0x0efc [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
    01:40:47.0527 0x0efc BITS - ok
    01:40:47.0575 0x0efc [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    01:40:47.0578 0x0efc blbdrive - ok
    01:40:47.0629 0x0efc [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    01:40:47.0629 0x0efc bowser - ok
    01:40:47.0739 0x0efc [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    01:40:47.0739 0x0efc BrFiltLo - ok
    01:40:47.0789 0x0efc [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    01:40:47.0789 0x0efc BrFiltUp - ok
    01:40:47.0919 0x0efc [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    01:40:47.0919 0x0efc BridgeMP - ok
    01:40:48.0029 0x0efc [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
    01:40:48.0029 0x0efc Browser - ok
    01:40:48.0109 0x0efc [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    01:40:48.0109 0x0efc Brserid - ok
    01:40:48.0139 0x0efc [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    01:40:48.0149 0x0efc BrSerWdm - ok
    01:40:48.0189 0x0efc [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    01:40:48.0189 0x0efc BrUsbMdm - ok
    01:40:48.0239 0x0efc [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    01:40:48.0239 0x0efc BrUsbSer - ok
    01:40:48.0299 0x0efc [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    01:40:48.0299 0x0efc BTHMODEM - ok
    01:40:48.0359 0x0efc [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    01:40:48.0369 0x0efc bthserv - ok
    01:40:48.0529 0x0efc catchme - ok
    01:40:48.0599 0x0efc [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    01:40:48.0599 0x0efc cdfs - ok
    01:40:48.0669 0x0efc [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    01:40:48.0669 0x0efc cdrom - ok
    01:40:48.0739 0x0efc [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    01:40:48.0739 0x0efc CertPropSvc - ok
    01:40:48.0779 0x0efc [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    01:40:48.0779 0x0efc circlass - ok
    01:40:48.0841 0x0efc [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    01:40:48.0851 0x0efc CLFS - ok
    01:40:49.0011 0x0efc [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    01:40:49.0021 0x0efc clr_optimization_v2.0.50727_32 - ok
    01:40:49.0191 0x0efc [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    01:40:49.0553 0x0efc clr_optimization_v4.0.30319_32 - ok
    01:40:49.0605 0x0efc [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    01:40:49.0605 0x0efc CmBatt - ok
    01:40:49.0665 0x0efc [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    01:40:49.0665 0x0efc cmdide - ok
    01:40:49.0745 0x0efc [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
    01:40:49.0745 0x0efc CNG - ok
    01:40:49.0875 0x0efc [ 7C47786B58AE503777DBD12FAE20ED42 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
    01:40:49.0885 0x0efc CnxtHdAudService - ok
    01:40:50.0025 0x0efc [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    01:40:50.0025 0x0efc Com4QLBEx - ok
    01:40:50.0115 0x0efc [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    01:40:50.0115 0x0efc Compbatt - ok
    01:40:50.0247 0x0efc [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    01:40:50.0247 0x0efc CompositeBus - ok
    01:40:50.0277 0x0efc COMSysApp - ok
    01:40:50.0307 0x0efc [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    01:40:50.0307 0x0efc crcdisk - ok
    01:40:50.0447 0x0efc [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    01:40:50.0447 0x0efc CryptSvc - ok
    01:40:50.0537 0x0efc [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    01:40:50.0547 0x0efc DcomLaunch - ok
    01:40:50.0629 0x0efc [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    01:40:50.0639 0x0efc defragsvc - ok
    01:40:50.0669 0x0efc [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    01:40:50.0679 0x0efc DfsC - ok
    01:40:50.0879 0x0efc [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    01:40:50.0889 0x0efc Dhcp - ok
    01:40:50.0939 0x0efc [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    01:40:50.0949 0x0efc discache - ok
    01:40:51.0019 0x0efc [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
    01:40:51.0079 0x0efc Disk - ok
    01:40:51.0159 0x0efc [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    01:40:51.0169 0x0efc Dnscache - ok
    01:40:51.0229 0x0efc [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    01:40:51.0239 0x0efc dot3svc - ok
    01:40:51.0299 0x0efc [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    01:40:51.0309 0x0efc DPS - ok
    01:40:51.0429 0x0efc [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    01:40:51.0429 0x0efc drmkaud - ok
    01:40:51.0529 0x0efc [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    01:40:51.0539 0x0efc dtsoftbus01 - ok
    01:40:51.0669 0x0efc [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    01:40:51.0669 0x0efc DXGKrnl - ok
    01:40:51.0749 0x0efc dyqovnrx - ok
    01:40:51.0831 0x0efc [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    01:40:51.0831 0x0efc EapHost - ok
    01:40:52.0041 0x0efc [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    01:40:52.0141 0x0efc ebdrv - ok
    01:40:52.0283 0x0efc [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
    01:40:52.0283 0x0efc EFS - ok
    01:40:52.0433 0x0efc [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    01:40:52.0443 0x0efc ehRecvr - ok
    01:40:52.0513 0x0efc [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
    01:40:52.0513 0x0efc ehSched - ok
    01:40:52.0613 0x0efc [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    01:40:52.0623 0x0efc elxstor - ok
    01:40:52.0663 0x0efc [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    01:40:52.0682 0x0efc ErrDev - ok
    01:40:52.0735 0x0efc esgiguard - ok
    01:40:52.0817 0x0efc [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    01:40:52.0827 0x0efc EventSystem - ok
    01:40:52.0867 0x0efc ewusbmbb - ok
    01:40:52.0921 0x0efc [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    01:40:52.0923 0x0efc exfat - ok
    01:40:52.0955 0x0efc [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    01:40:52.0959 0x0efc fastfat - ok
    01:40:53.0035 0x0efc [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    01:40:53.0042 0x0efc Fax - ok
    01:40:53.0057 0x0efc [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    01:40:53.0059 0x0efc fdc - ok
    01:40:53.0085 0x0efc [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    01:40:53.0087 0x0efc fdPHost - ok
    01:40:53.0114 0x0efc [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    01:40:53.0116 0x0efc FDResPub - ok
    01:40:53.0187 0x0efc [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    01:40:53.0188 0x0efc FileInfo - ok
    01:40:53.0216 0x0efc [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    01:40:53.0217 0x0efc Filetrace - ok
    01:40:53.0318 0x0efc [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    01:40:53.0321 0x0efc flpydisk - ok
    01:40:53.0363 0x0efc [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    01:40:53.0365 0x0efc FltMgr - ok
    01:40:53.0675 0x0efc [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
    01:40:53.0711 0x0efc FontCache - ok
    01:40:53.0840 0x0efc [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    01:40:53.0841 0x0efc FontCache3.0.0.0 - ok
    01:40:53.0870 0x0efc [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    01:40:53.0871 0x0efc FsDepends - ok
    01:40:53.0991 0x0efc [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    01:40:53.0992 0x0efc Fs_Rec - ok
    01:40:54.0045 0x0efc [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    01:40:54.0049 0x0efc fvevol - ok
    01:40:54.0086 0x0efc [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    01:40:54.0089 0x0efc gagp30kx - ok
    01:40:54.0176 0x0efc [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    01:40:54.0180 0x0efc gpsvc - ok
    01:40:54.0332 0x0efc [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    01:40:54.0334 0x0efc gupdate - ok
    01:40:54.0364 0x0efc [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    01:40:54.0364 0x0efc gupdatem - ok
    01:40:54.0416 0x0efc [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    01:40:54.0416 0x0efc hamachi - ok
    01:40:54.0456 0x0efc [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    01:40:54.0456 0x0efc hcw85cir - ok
    01:40:54.0687 0x0efc [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    01:40:54.0694 0x0efc HdAudAddService - ok
    01:40:54.0725 0x0efc [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    01:40:54.0728 0x0efc HDAudBus - ok
    01:40:54.0755 0x0efc [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    01:40:54.0757 0x0efc HidBatt - ok
    01:40:54.0778 0x0efc [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    01:40:54.0781 0x0efc HidBth - ok
    01:40:54.0801 0x0efc [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    01:40:54.0803 0x0efc HidIr - ok
    01:40:54.0841 0x0efc [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
    01:40:54.0843 0x0efc hidserv - ok
    01:40:54.0867 0x0efc [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    01:40:54.0870 0x0efc HidUsb - ok
    01:40:54.0917 0x0efc [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    01:40:54.0920 0x0efc hkmsvc - ok
    01:40:54.0943 0x0efc hmqorxoi - ok
    01:40:55.0005 0x0efc [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    01:40:55.0009 0x0efc HomeGroupListener - ok
    01:40:55.0057 0x0efc [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    01:40:55.0063 0x0efc HomeGroupProvider - ok
    01:40:55.0121 0x0efc [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    01:40:55.0123 0x0efc HpqKbFiltr - ok
    01:40:55.0162 0x0efc [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    01:40:55.0166 0x0efc hpqwmiex - ok
    01:40:55.0246 0x0efc [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    01:40:55.0321 0x0efc HpSAMD - ok
    01:40:55.0398 0x0efc [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
    01:40:55.0418 0x0efc HsfXAudioService - ok
    01:40:55.0493 0x0efc [ 227C3BA25012752BB7450235392C719F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
    01:40:55.0537 0x0efc HSF_DPV - ok
    01:40:55.0563 0x0efc [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    01:40:55.0568 0x0efc HSXHWAZL - ok
    01:40:55.0659 0x0efc [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    01:40:55.0665 0x0efc HTTP - ok
    01:40:55.0696 0x0efc huawei_enumerator - ok
    01:40:55.0753 0x0efc hwdatacard - ok
    01:40:55.0786 0x0efc [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    01:40:55.0787 0x0efc hwpolicy - ok
    01:40:55.0885 0x0efc [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    01:40:55.0923 0x0efc i8042prt - ok
    01:40:55.0991 0x0efc [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    01:40:56.0007 0x0efc iaStorV - ok
    01:40:56.0121 0x0efc [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    01:40:56.0121 0x0efc IDriverT - ok
    01:40:56.0281 0x0efc [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    01:40:56.0321 0x0efc idsvc - ok
    01:40:56.0693 0x0efc [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    01:40:56.0961 0x0efc igfx - ok
    01:40:57.0040 0x0efc [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    01:40:57.0040 0x0efc iirsp - ok
    01:40:57.0150 0x0efc [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
    01:40:57.0150 0x0efc IKEEXT - ok
    01:40:57.0252 0x0efc [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    01:40:57.0252 0x0efc intelide - ok
    01:40:57.0384 0x0efc [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    01:40:57.0384 0x0efc intelppm - ok
    01:40:57.0484 0x0efc [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    01:40:57.0494 0x0efc IPBusEnum - ok
    01:40:57.0549 0x0efc [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    01:40:57.0551 0x0efc IpFilterDriver - ok
    01:40:57.0688 0x0efc [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    01:40:57.0758 0x0efc iphlpsvc - ok
    01:40:58.0010 0x0efc [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    01:40:58.0070 0x0efc IPMIDRV - ok
    01:40:58.0284 0x0efc [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    01:40:58.0284 0x0efc IPNAT - ok
    01:40:58.0404 0x0efc [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    01:40:58.0404 0x0efc IRENUM - ok
    01:40:58.0434 0x0efc [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    01:40:58.0444 0x0efc isapnp - ok
    01:40:58.0524 0x0efc [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    01:40:58.0524 0x0efc iScsiPrt - ok
    01:40:58.0564 0x0efc ixpkxsls - ok
    01:40:58.0614 0x0efc [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    01:40:58.0614 0x0efc kbdclass - ok
    01:40:58.0694 0x0efc [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    01:40:58.0694 0x0efc kbdhid - ok
    01:40:58.0724 0x0efc [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
    01:40:58.0734 0x0efc KeyIso - ok
    01:40:58.0886 0x0efc [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    01:40:58.0886 0x0efc KSecDD - ok
    01:40:58.0956 0x0efc [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    01:40:58.0956 0x0efc KSecPkg - ok
    01:40:59.0046 0x0efc [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    01:40:59.0066 0x0efc KtmRm - ok
    01:40:59.0216 0x0efc [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
    01:40:59.0226 0x0efc LanmanServer - ok
    01:40:59.0296 0x0efc [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    01:40:59.0306 0x0efc LanmanWorkstation - ok
    01:40:59.0456 0x0efc [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    01:40:59.0456 0x0efc lltdio - ok
    01:40:59.0516 0x0efc [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    01:40:59.0526 0x0efc lltdsvc - ok
    01:40:59.0556 0x0efc [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    01:40:59.0556 0x0efc lmhosts - ok
    01:40:59.0586 0x0efc lmimirr - ok
    01:40:59.0668 0x0efc [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    01:40:59.0678 0x0efc LSI_FC - ok
    01:40:59.0718 0x0efc [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    01:40:59.0728 0x0efc LSI_SAS - ok
    01:40:59.0788 0x0efc [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    01:40:59.0788 0x0efc LSI_SAS2 - ok
    01:40:59.0798 0x0efc [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    01:40:59.0798 0x0efc LSI_SCSI - ok
    01:40:59.0828 0x0efc [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    01:40:59.0828 0x0efc luafv - ok
    01:40:59.0940 0x0efc [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    01:40:59.0940 0x0efc MBAMProtector - ok
    01:41:00.0060 0x0efc [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    01:41:00.0070 0x0efc MBAMScheduler - ok
    01:41:00.0170 0x0efc [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    01:41:00.0190 0x0efc MBAMService - ok
    01:41:00.0330 0x0efc [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
    01:41:00.0420 0x0efc MBAMSwissArmy - ok
    01:41:00.0622 0x0efc [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    01:41:00.0622 0x0efc Mcx2Svc - ok
    01:41:00.0702 0x0efc [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    01:41:00.0702 0x0efc mdmxsdk - ok
    01:41:00.0752 0x0efc [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    01:41:00.0752 0x0efc megasas - ok
    01:41:00.0822 0x0efc [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    01:41:00.0832 0x0efc MegaSR - ok
    01:41:01.0203 0x0efc [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    01:41:01.0206 0x0efc Microsoft Office Groove Audit Service - ok
    01:41:01.0244 0x0efc [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    01:41:01.0254 0x0efc MMCSS - ok
    01:41:01.0291 0x0efc [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    01:41:01.0294 0x0efc Modem - ok
    01:41:01.0386 0x0efc [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    01:41:01.0386 0x0efc monitor - ok
    01:41:01.0446 0x0efc [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    01:41:01.0446 0x0efc mouclass - ok
    01:41:01.0486 0x0efc [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    01:41:01.0496 0x0efc mouhid - ok
    01:41:01.0556 0x0efc [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    01:41:01.0556 0x0efc mountmgr - ok
    01:41:01.0706 0x0efc [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    01:41:01.0736 0x0efc MozillaMaintenance - ok
    01:41:01.0948 0x0efc [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    01:41:01.0948 0x0efc MpFilter - ok
    01:41:02.0028 0x0efc [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    01:41:02.0038 0x0efc mpio - ok
    01:41:02.0410 0x0efc [ A69630D039C38018689190234F866D77 ] MpKsl5ba02ba6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10B63BDB-621A-46A8-97B4-953F67BE7599}\MpKsl5ba02ba6.sys
    01:41:02.0410 0x0efc MpKsl5ba02ba6 - ok
    01:41:02.0490 0x0efc [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    01:41:02.0490 0x0efc mpsdrv - ok
    01:41:02.0770 0x0efc [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
    01:41:02.0790 0x0efc MpsSvc - ok
    01:41:02.0942 0x0efc [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    01:41:02.0959 0x0efc MRxDAV - ok
    01:41:03.0095 0x0efc [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    01:41:03.0098 0x0efc mrxsmb - ok
    01:41:03.0155 0x0efc [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    01:41:03.0160 0x0efc mrxsmb10 - ok
    01:41:03.0275 0x0efc [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    01:41:03.0316 0x0efc mrxsmb20 - ok
    01:41:03.0468 0x0efc [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    01:41:03.0519 0x0efc msahci - ok
    01:41:03.0670 0x0efc [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    01:41:03.0680 0x0efc msdsm - ok
    01:41:03.0700 0x0efc [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    01:41:03.0710 0x0efc MSDTC - ok
    01:41:03.0781 0x0efc [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    01:41:03.0782 0x0efc Msfs - ok
    01:41:03.0822 0x0efc [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    01:41:03.0822 0x0efc mshidkmdf - ok
    01:41:03.0902 0x0efc [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    01:41:03.0902 0x0efc msisadrv - ok
    01:41:04.0032 0x0efc [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    01:41:04.0032 0x0efc MSiSCSI - ok
    01:41:04.0042 0x0efc msiserver - ok
    01:41:04.0154 0x0efc [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    01:41:04.0154 0x0efc MSKSSRV - ok
    01:41:04.0464 0x0efc [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    01:41:04.0464 0x0efc MsMpSvc - ok
    01:41:04.0554 0x0efc [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    01:41:04.0554 0x0efc MSPCLOCK - ok
    01:41:04.0604 0x0efc [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    01:41:04.0604 0x0efc MSPQM - ok
    01:41:04.0634 0x0efc [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    01:41:04.0634 0x0efc MsRPC - ok
    01:41:04.0704 0x0efc [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    01:41:04.0704 0x0efc mssmbios - ok
    01:41:04.0744 0x0efc [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    01:41:04.0744 0x0efc MSTEE - ok
    01:41:04.0774 0x0efc [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    01:41:04.0774 0x0efc MTConfig - ok
    01:41:04.0823 0x0efc [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    01:41:04.0827 0x0efc Mup - ok
    01:41:04.0876 0x0efc [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    01:41:04.0886 0x0efc napagent - ok
    01:41:04.0988 0x0efc [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    01:41:04.0998 0x0efc NativeWifiP - ok
    01:41:05.0128 0x0efc [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
    01:41:05.0138 0x0efc NDIS - ok
    01:41:05.0208 0x0efc [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    01:41:05.0218 0x0efc NdisCap - ok
    01:41:05.0268 0x0efc [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    01:41:05.0268 0x0efc NdisTapi - ok
    01:41:05.0388 0x0efc [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    01:41:05.0388 0x0efc Ndisuio - ok
    01:41:05.0518 0x0efc [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    01:41:05.0518 0x0efc NdisWan - ok
    01:41:05.0610 0x0efc [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    01:41:05.0610 0x0efc NDProxy - ok
    01:41:05.0710 0x0efc [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    01:41:05.0710 0x0efc NetBIOS - ok
    01:41:05.0780 0x0efc [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    01:41:05.0790 0x0efc NetBT - ok
    01:41:05.0830 0x0efc [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
    01:41:05.0830 0x0efc Netlogon - ok
    01:41:05.0910 0x0efc [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    01:41:05.0920 0x0efc Netman - ok
    01:41:06.0030 0x0efc [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    01:41:06.0270 0x0efc NetMsmqActivator - ok
    01:41:06.0333 0x0efc [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    01:41:06.0334 0x0efc NetPipeActivator - ok
    01:41:06.0443 0x0efc [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    01:41:06.0444 0x0efc netprofm - ok
    01:41:06.0474 0x0efc [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    01:41:06.0474 0x0efc NetTcpActivator - ok
    01:41:06.0484 0x0efc [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    01:41:06.0484 0x0efc NetTcpPortSharing - ok
    01:41:06.0606 0x0efc [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    01:41:06.0606 0x0efc nfrd960 - ok
    01:41:06.0756 0x0efc [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    01:41:06.0766 0x0efc NisDrv - ok
    01:41:06.0866 0x0efc [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    01:41:06.0876 0x0efc NisSrv - ok
    01:41:06.0946 0x0efc [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
    01:41:06.0946 0x0efc NlaSvc - ok
    01:41:07.0016 0x0efc [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    01:41:07.0016 0x0efc Npfs - ok
    01:41:07.0056 0x0efc [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    01:41:07.0056 0x0efc nsi - ok
    01:41:07.0119 0x0efc [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    01:41:07.0121 0x0efc nsiproxy - ok
    01:41:07.0248 0x0efc [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    01:41:07.0268 0x0efc Ntfs - ok
    01:41:07.0330 0x0efc [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    01:41:07.0330 0x0efc Null - ok
    01:41:07.0430 0x0efc [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    01:41:07.0440 0x0efc nvraid - ok
    01:41:07.0530 0x0efc [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    01:41:07.0530 0x0efc nvstor - ok
    01:41:07.0590 0x0efc [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    01:41:07.0590 0x0efc nv_agp - ok
    01:41:07.0870 0x0efc [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    01:41:07.0897 0x0efc odserv - ok
    01:41:08.0098 0x0efc [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    01:41:08.0098 0x0efc ohci1394 - ok
    01:41:08.0190 0x0efc OracleJobSchedulerXE - ok
    01:41:08.0210 0x0efc OracleServiceXE - ok
    01:41:08.0260 0x0efc OracleXEClrAgent - ok
    01:41:08.0370 0x0efc [ 8AF936CE45788974EFFF7D0F19143583 ] OracleXETNSListener C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    01:41:08.0460 0x0efc OracleXETNSListener - ok
    01:41:08.0540 0x0efc [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    01:41:08.0540 0x0efc ose - ok
    01:41:08.0610 0x0efc [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    01:41:08.0620 0x0efc p2pimsvc - ok
    01:41:08.0880 0x0efc [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    01:41:08.0880 0x0efc p2psvc - ok
    01:41:08.0910 0x0efc [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    01:41:08.0910 0x0efc Parport - ok
    01:41:08.0972 0x0efc [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    01:41:08.0972 0x0efc partmgr - ok
    01:41:09.0012 0x0efc [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    01:41:09.0012 0x0efc Parvdm - ok
    01:41:09.0052 0x0efc [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    01:41:09.0066 0x0efc PcaSvc - ok
    01:41:09.0244 0x0efc [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    01:41:09.0244 0x0efc pci - ok
    01:41:09.0304 0x0efc [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    01:41:09.0304 0x0efc pciide - ok
    01:41:09.0362 0x0efc [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    01:41:09.0366 0x0efc pcmcia - ok
    01:41:09.0444 0x0efc [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
    01:41:09.0447 0x0efc pcouffin - ok
    01:41:09.0483 0x0efc [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    01:41:09.0484 0x0efc pcw - ok
    01:41:09.0593 0x0efc [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    01:41:09.0630 0x0efc PEAUTH - ok
    01:41:09.0742 0x0efc [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    01:41:09.0760 0x0efc pla - ok
    01:41:09.0858 0x0efc [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    01:41:09.0866 0x0efc PlugPlay - ok
    01:41:09.0897 0x0efc [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    01:41:09.0901 0x0efc PNRPAutoReg - ok
    01:41:09.0939 0x0efc [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    01:41:09.0944 0x0efc PNRPsvc - ok
    01:41:09.0988 0x0efc [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    01:41:09.0993 0x0efc PolicyAgent - ok
    01:41:10.0061 0x0efc [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    01:41:10.0068 0x0efc Power - ok
    01:41:10.0111 0x0efc [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    01:41:10.0113 0x0efc PptpMiniport - ok
    01:41:10.0139 0x0efc [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    01:41:10.0142 0x0efc Processor - ok
    01:41:10.0198 0x0efc [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
    01:41:10.0198 0x0efc ProfSvc - ok
    01:41:10.0238 0x0efc [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    01:41:10.0238 0x0efc ProtectedStorage - ok
    01:41:10.0258 0x0efc [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    01:41:10.0268 0x0efc Psched - ok
    01:41:10.0343 0x0efc [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    01:41:10.0445 0x0efc ql2300 - ok
    01:41:10.0458 0x0efc [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    01:41:10.0461 0x0efc ql40xx - ok
    01:41:10.0507 0x0efc [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    01:41:10.0512 0x0efc QWAVE - ok
    01:41:10.0527 0x0efc [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    01:41:10.0528 0x0efc QWAVEdrv - ok
    01:41:10.0548 0x0efc [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    01:41:10.0549 0x0efc RasAcd - ok
    01:41:10.0618 0x0efc [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    01:41:10.0619 0x0efc RasAgileVpn - ok
    01:41:10.0640 0x0efc [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    01:41:10.0643 0x0efc RasAuto - ok
    01:41:10.0672 0x0efc [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    01:41:10.0673 0x0efc Rasl2tp - ok
    01:41:10.0738 0x0efc [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    01:41:10.0743 0x0efc RasMan - ok
    01:41:10.0776 0x0efc [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    01:41:10.0778 0x0efc RasPppoe - ok
    01:41:10.0820 0x0efc [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    01:41:10.0821 0x0efc RasSstp - ok
    01:41:10.0873 0x0efc [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    01:41:10.0875 0x0efc rdbss - ok
    01:41:10.0902 0x0efc [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    01:41:10.0904 0x0efc rdpbus - ok
    01:41:10.0958 0x0efc [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    01:41:10.0960 0x0efc RDPCDD - ok
    01:41:11.0006 0x0efc [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    01:41:11.0007 0x0efc RDPENCDD - ok
    01:41:11.0035 0x0efc [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    01:41:11.0037 0x0efc RDPREFMP - ok
    01:41:11.0112 0x0efc [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    01:41:11.0113 0x0efc RdpVideoMiniport - ok
    01:41:11.0163 0x0efc [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    01:41:11.0167 0x0efc RDPWD - ok
    01:41:11.0228 0x0efc [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    01:41:11.0230 0x0efc rdyboost - ok
    01:41:11.0272 0x0efc [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    01:41:11.0276 0x0efc RemoteAccess - ok
    01:41:11.0314 0x0efc [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    01:41:11.0318 0x0efc RemoteRegistry - ok
    01:41:11.0426 0x0efc [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    01:41:11.0454 0x0efc RpcEptMapper - ok
    01:41:11.0487 0x0efc [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    01:41:11.0491 0x0efc RpcLocator - ok
    01:41:11.0547 0x0efc [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
    01:41:11.0555 0x0efc RpcSs - ok
    01:41:11.0613 0x0efc [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    01:41:11.0614 0x0efc rspndr - ok
    01:41:11.0691 0x0efc [ 434DCF7AE4300C876AA40873E3113983 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    01:41:11.0695 0x0efc RSUSBSTOR - ok
    01:41:11.0758 0x0efc [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
    01:41:11.0762 0x0efc RTL8167 - ok
    01:41:11.0793 0x0efc RtsUIR - ok
    01:41:11.0828 0x0efc [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
    01:41:11.0831 0x0efc SamSs - ok
    01:41:11.0887 0x0efc [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    01:41:11.0917 0x0efc sbp2port - ok
    01:41:11.0952 0x0efc [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    01:41:11.0957 0x0efc SCardSvr - ok
    01:41:11.0978 0x0efc [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    01:41:11.0978 0x0efc scfilter - ok
    01:41:12.0052 0x0efc [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    01:41:12.0076 0x0efc Schedule - ok
    01:41:12.0149 0x0efc [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    01:41:12.0150 0x0efc SCPolicySvc - ok
    01:41:12.0219 0x0efc [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    01:41:12.0225 0x0efc SDRSVC - ok
    01:41:12.0304 0x0efc [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    01:41:12.0306 0x0efc secdrv - ok
    01:41:12.0380 0x0efc [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    01:41:12.0380 0x0efc seclogon - ok
    01:41:12.0430 0x0efc [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
    01:41:12.0440 0x0efc SENS - ok
    01:41:12.0492 0x0efc [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    01:41:12.0495 0x0efc SensrSvc - ok
    01:41:12.0531 0x0efc [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    01:41:12.0532 0x0efc Serenum - ok
    01:41:12.0572 0x0efc [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    01:41:12.0572 0x0efc Serial - ok
    01:41:12.0622 0x0efc [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    01:41:12.0624 0x0efc sermouse - ok
    01:41:12.0692 0x0efc [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    01:41:12.0699 0x0efc SessionEnv - ok
    01:41:12.0746 0x0efc [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    01:41:12.0779 0x0efc sffdisk - ok
    01:41:12.0816 0x0efc [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    01:41:12.0817 0x0efc sffp_mmc - ok
    01:41:12.0870 0x0efc [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    01:41:12.0877 0x0efc sffp_sd - ok
    01:41:12.0919 0x0efc [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    01:41:12.0921 0x0efc sfloppy - ok
    01:41:12.0994 0x0efc [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    01:41:13.0001 0x0efc SharedAccess - ok
    01:41:13.0070 0x0efc [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    01:41:13.0081 0x0efc ShellHWDetection - ok
    01:41:13.0118 0x0efc [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    01:41:13.0121 0x0efc sisagp - ok
    01:41:13.0174 0x0efc [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    01:41:13.0174 0x0efc SiSRaid2 - ok
    01:41:13.0184 0x0efc [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    01:41:13.0194 0x0efc SiSRaid4 - ok
    01:41:13.0334 0x0efc [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    01:41:13.0334 0x0efc SkypeUpdate - ok
    01:41:13.0374 0x0efc [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    01:41:13.0374 0x0efc Smb - ok
    01:41:13.0536 0x0efc [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    01:41:13.0546 0x0efc SNMPTRAP - ok
    01:41:13.0596 0x0efc [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    01:41:13.0596 0x0efc spldr - ok
    01:41:13.0689 0x0efc [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
    01:41:13.0695 0x0efc Spooler - ok
    01:41:13.0848 0x0efc [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    01:41:13.0945 0x0efc sppsvc - ok
    01:41:14.0254 0x0efc [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    01:41:14.0294 0x0efc sppuinotify - ok
    01:41:14.0456 0x0efc [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    01:41:14.0466 0x0efc srv - ok
    01:41:14.0506 0x0efc [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    01:41:14.0515 0x0efc srv2 - ok
    01:41:14.0718 0x0efc [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    01:41:14.0728 0x0efc SrvHsfHDA - ok
    01:41:14.0918 0x0efc [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    01:41:14.0958 0x0efc SrvHsfV92 - ok
    01:41:15.0003 0x0efc [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    01:41:15.0019 0x0efc SrvHsfWinac - ok
    01:41:15.0060 0x0efc [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    01:41:15.0060 0x0efc srvnet - ok
    01:41:15.0110 0x0efc [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    01:41:15.0110 0x0efc SSDPSRV - ok
    01:41:15.0179 0x0efc [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    01:41:15.0182 0x0efc SstpSvc - ok
    01:41:15.0232 0x0efc [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    01:41:15.0242 0x0efc stexstor - ok
    01:41:15.0322 0x0efc [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    01:41:15.0364 0x0efc StiSvc - ok
    01:41:15.0464 0x0efc [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
    01:41:15.0464 0x0efc swenum - ok
    01:41:15.0504 0x0efc [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    01:41:15.0584 0x0efc swprv - ok
    01:41:15.0684 0x0efc [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    01:41:15.0694 0x0efc SynTP - ok
    01:41:15.0814 0x0efc [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    01:41:15.0854 0x0efc SysMain - ok
    01:41:15.0944 0x0efc [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    01:41:15.0954 0x0efc TabletInputService - ok
    01:41:16.0044 0x0efc [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    01:41:16.0044 0x0efc TapiSrv - ok
    01:41:16.0126 0x0efc [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    01:41:16.0136 0x0efc TBS - ok
    01:41:16.0236 0x0efc [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    01:41:16.0276 0x0efc Tcpip - ok
    01:41:16.0408 0x0efc [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    01:41:16.0418 0x0efc TCPIP6 - ok
    01:41:16.0530 0x0efc [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    01:41:16.0530 0x0efc tcpipreg - ok
    01:41:16.0650 0x0efc [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    01:41:16.0650 0x0efc TDPIPE - ok
    01:41:16.0780 0x0efc [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    01:41:16.0790 0x0efc TDTCP - ok
    01:41:16.0850 0x0efc [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    01:41:16.0850 0x0efc tdx - ok
    01:41:16.0930 0x0efc [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
    01:41:16.0930 0x0efc TermDD - ok
    01:41:17.0062 0x0efc [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    01:41:17.0082 0x0efc TermService - ok
    01:41:17.0102 0x0efc [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    01:41:17.0112 0x0efc Themes - ok
    01:41:17.0152 0x0efc [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    01:41:17.0152 0x0efc THREADORDER - ok
    01:41:17.0192 0x0efc [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    01:41:17.0202 0x0efc TrkWks - ok
    01:41:17.0302 0x0efc [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    01:41:17.0302 0x0efc TrustedInstaller - ok
    01:41:17.0392 0x0efc [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    01:41:17.0392 0x0efc tssecsrv - ok
    01:41:17.0634 0x0efc [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    01:41:17.0634 0x0efc TsUsbFlt - ok
    01:41:17.0734 0x0efc [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    01:41:17.0734 0x0efc tunnel - ok
    01:41:17.0804 0x0efc [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    01:41:17.0804 0x0efc uagp35 - ok
    01:41:17.0864 0x0efc [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    01:41:17.0874 0x0efc udfs - ok
    01:41:17.0946 0x0efc [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    01:41:17.0956 0x0efc UI0Detect - ok
    01:41:18.0046 0x0efc [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    01:41:18.0056 0x0efc uliagpkx - ok
    01:41:18.0146 0x0efc [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    01:41:18.0146 0x0efc umbus - ok
    01:41:18.0236 0x0efc [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    01:41:18.0236 0x0efc UmPass - ok
    01:41:18.0306 0x0efc [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    01:41:18.0316 0x0efc upnphost - ok
    01:41:18.0346 0x0efc [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    01:41:18.0348 0x0efc usbccgp - ok
    01:41:18.0388 0x0efc USBCCID - ok
    01:41:18.0480 0x0efc [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    01:41:18.0480 0x0efc usbcir - ok
    01:41:18.0520 0x0efc [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    01:41:18.0530 0x0efc usbehci - ok
    01:41:18.0590 0x0efc [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    01:41:18.0590 0x0efc usbhub - ok
    01:41:18.0630 0x0efc [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    01:41:18.0640 0x0efc usbohci - ok
    01:41:18.0710 0x0efc [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    01:41:18.0710 0x0efc usbprint - ok
    01:41:18.0770 0x0efc [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    01:41:18.0770 0x0efc USBSTOR - ok
    01:41:18.0840 0x0efc [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    01:41:18.0850 0x0efc usbuhci - ok
    01:41:19.0032 0x0efc [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    01:41:19.0032 0x0efc usbvideo - ok
    01:41:19.0082 0x0efc [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    01:41:19.0092 0x0efc UxSms - ok
    01:41:19.0172 0x0efc [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
    01:41:19.0172 0x0efc VaultSvc - ok
    01:41:19.0252 0x0efc [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    01:41:19.0262 0x0efc vdrvroot - ok
    01:41:19.0372 0x0efc [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    01:41:19.0392 0x0efc vds - ok
    01:41:19.0454 0x0efc [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    01:41:19.0454 0x0efc vga - ok
    01:41:19.0606 0x0efc [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    01:41:19.0666 0x0efc VgaSave - ok
    01:41:19.0846 0x0efc [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    01:41:19.0866 0x0efc vhdmp - ok
    01:41:19.0986 0x0efc [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    01:41:19.0986 0x0efc viaagp - ok
    01:41:20.0026 0x0efc [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    01:41:20.0026 0x0efc ViaC7 - ok
    01:41:20.0116 0x0efc [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    01:41:20.0116 0x0efc viaide - ok
    01:41:20.0358 0x0efc [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
    01:41:20.0358 0x0efc vidsflt53 - ok
    01:41:20.0388 0x0efc [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    01:41:20.0388 0x0efc volmgr - ok
    01:41:20.0498 0x0efc [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    01:41:20.0508 0x0efc volmgrx - ok
    01:41:20.0552 0x0efc [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    01:41:20.0557 0x0efc volsnap - ok
    01:41:20.0640 0x0efc [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    01:41:20.0640 0x0efc vsmraid - ok
    01:41:20.0742 0x0efc [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    01:41:20.0792 0x0efc VSS - ok
    01:41:20.0822 0x0efc [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    01:41:20.0822 0x0efc vwifibus - ok
    01:41:20.0902 0x0efc [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    01:41:20.0902 0x0efc vwififlt - ok
    01:41:20.0992 0x0efc [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    01:41:20.0992 0x0efc vwifimp - ok
    01:41:21.0052 0x0efc [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    01:41:21.0062 0x0efc W32Time - ok
    01:41:21.0119 0x0efc [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    01:41:21.0121 0x0efc WacomPen - ok
    01:41:21.0274 0x0efc [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    01:41:21.0274 0x0efc WANARP - ok
    01:41:21.0284 0x0efc [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    01:41:21.0284 0x0efc Wanarpv6 - ok
    01:41:21.0544 0x0efc [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    01:41:21.0594 0x0efc WatAdminSvc - ok
    01:41:21.0716 0x0efc [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    01:41:21.0776 0x0efc wbengine - ok
    01:41:21.0868 0x0efc [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    01:41:21.0878 0x0efc WbioSrvc - ok
    01:41:21.0948 0x0efc [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    01:41:21.0958 0x0efc wcncsvc - ok
    01:41:21.0988 0x0efc [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    01:41:21.0998 0x0efc WcsPlugInService - ok
    01:41:22.0060 0x0efc [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
    01:41:22.0070 0x0efc Wd - ok
    01:41:22.0140 0x0efc [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    01:41:22.0150 0x0efc Wdf01000 - ok
    01:41:22.0180 0x0efc [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    01:41:22.0190 0x0efc WdiServiceHost - ok
    01:41:22.0200 0x0efc [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    01:41:22.0210 0x0efc WdiSystemHost - ok
    01:41:22.0402 0x0efc [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
    01:41:22.0412 0x0efc WebClient - ok
    01:41:22.0552 0x0efc [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    01:41:22.0552 0x0efc Wecsvc - ok
    01:41:22.0572 0x0efc [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    01:41:22.0582 0x0efc wercplsupport - ok
    01:41:22.0662 0x0efc [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    01:41:22.0662 0x0efc WerSvc - ok
    01:41:22.0752 0x0efc [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    01:41:22.0752 0x0efc WfpLwf - ok
    01:41:22.0792 0x0efc [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    01:41:22.0792 0x0efc WIMMount - ok
    01:41:23.0006 0x0efc [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    01:41:23.0056 0x0efc winachsf - ok
    01:41:23.0140 0x0efc [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    01:41:23.0510 0x0efc WinDefend - ok
    01:41:23.0561 0x0efc WinHttpAutoProxySvc - ok
    01:41:23.0796 0x0efc [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    01:41:23.0796 0x0efc Winmgmt - ok
    01:41:23.0926 0x0efc [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    01:41:23.0976 0x0efc WinRM - ok
    01:41:24.0136 0x0efc [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    01:41:24.0136 0x0efc WinUsb - ok
    01:41:24.0246 0x0efc [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    01:41:24.0286 0x0efc Wlansvc - ok
    01:41:24.0326 0x0efc [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    01:41:24.0336 0x0efc WmiAcpi - ok
    01:41:24.0396 0x0efc [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    01:41:24.0406 0x0efc wmiApSrv - ok
    01:41:24.0546 0x0efc [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    01:41:24.0576 0x0efc WMPNetworkSvc - ok
    01:41:24.0606 0x0efc [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    01:41:24.0617 0x0efc WPCSvc - ok
    01:41:24.0688 0x0efc [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    01:41:24.0698 0x0efc WPDBusEnum - ok
    01:41:24.0758 0x0efc [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    01:41:24.0758 0x0efc ws2ifsl - ok
    01:41:24.0798 0x0efc [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
    01:41:24.0798 0x0efc wscsvc - ok
    01:41:24.0818 0x0efc WSearch - ok
    01:41:25.0080 0x0efc [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    01:41:25.0160 0x0efc wuauserv - ok
    01:41:25.0242 0x0efc [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    01:41:25.0242 0x0efc WudfPf - ok
    01:41:25.0453 0x0efc [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    01:41:25.0457 0x0efc WUDFRd - ok
    01:41:2


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    the rootkit scan came back clean


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    hows the pc running


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    jsa112 wrote: »
    hows the pc running
    i only noticed that it had a problem when it kep uploading all the time.
    i did not know that there was a big rootkey infection running in the background.
    do you no how to fix the windows up date problem that i have?


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112




  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    jsa112 wrote: »
    tried it no difference.
    thanks for all you help with the other problem
    you must work in this area as it worked very well


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    do you have your windows cd around ?


  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    jsa112 wrote: »
    do you have your windows cd around ?
    no i got the laptop off my brother who got it from work a few yrs ago.
    i read that if you copy the folder that has the update for windows on a machine that is clean and paste the folder in to my one that it could work


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    don't do that yet. you'd be better off making a topic in the computers+tech forum looking for suggestions. this is just a side effect of the virus, and i'm not sure how to fix it myself.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,368 ✭✭✭naughto


    i will do that thanks for you help.
    do you have and xbox and are you getting GTa 5
    I could do with a good IT man in my crew
    if you do check me sig to sign up


Advertisement