Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus will not install or run [Closed]


  • This topic is locked This topic is locked

#1
lmart

lmart

    Member

  • Member
  • PipPip
  • 38 posts
Thank you in advance for any help.

Im running Windows 7 on a ASUS laptop and after noticing slowing internet speeds and recurring "non responsive web page" messages on Google Chrome, I tried running AVG. AVG will not boot though it shows up as a running process. I then tried downloading Malewarebytes but the programm would not install.

Any help would be greatly appreciated.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need some data first

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
lmart

lmart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thank you for the quick response.

I ran the OTL scan with success though it took a very long time to complete. The logs will be attachted to the end of this message. The other program you told me to run will not boot up.

OTL Logs:

OTL logfile created on: 7/5/2012 8:52:08 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Alicia\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.61 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 47.73% Memory free
7.21 Gb Paging File | 4.08 Gb Available in Paging File | 56.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256.35 Gb Total Space | 174.69 Gb Free Space | 68.15% Space Free | Partition Type: NTFS
Drive D: | 314.82 Gb Total Space | 314.62 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: ALICIA-PC | User Name: Alicia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/04 23:46:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Alicia\Desktop\OTL.exe
PRC - [2012/07/04 22:56:08 | 009,544,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R562OV1Y\mbam-setup.exe
PRC - [2012/07/04 22:45:36 | 010,063,024 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8DVBR8K\mbam-setup.exe
PRC - [2012/07/04 22:41:00 | 018,224,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH40HDR3\SUPERAntiSpyware.exe
PRC - [2012/05/10 22:29:50 | 003,349,488 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/05/08 23:18:07 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/03/19 16:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/11/22 21:09:34 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/11/17 17:34:00 | 001,548,448 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011/06/19 03:42:53 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/04/28 20:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 19:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/01/25 20:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/11/15 19:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/10/13 00:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/13 00:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/10/07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/09/24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/08/17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2010/02/02 16:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/18 20:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 20:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2009/12/15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/12/09 21:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/19 17:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/02/24 23:00:26 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/27 12:57:24 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
MOD - [2012/06/27 12:55:29 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/27 12:54:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/06/27 12:53:11 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
MOD - [2012/05/19 19:49:13 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012/05/19 18:48:12 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/19 18:47:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/19 18:47:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/19 18:47:28 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/19 18:46:59 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/05/10 22:28:12 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/05/10 22:28:10 | 000,517,632 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/05/10 22:28:10 | 000,410,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/04/03 19:28:09 | 000,072,576 | ---- | M] () -- C:\Users\Alicia\AppData\Local\Temp\SUPERSetup\setup.dll
MOD - [2011/11/22 21:09:30 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/11/17 17:33:58 | 000,209,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2011/05/26 19:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/09/24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/04/06 18:23:00 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/04/06 15:14:46 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/25 23:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)
SRV:64bit: - [2010/06/17 14:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/08 23:18:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/04/28 19:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/03/18 19:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/02 16:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/18 20:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/12/09 21:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/19 17:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/05 14:10:11 | 000,161,032 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2011/11/30 19:37:29 | 000,128,264 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011/11/23 10:59:45 | 000,149,768 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011/05/10 14:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/28 19:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011/04/28 19:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011/04/06 15:46:30 | 009,259,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/06 14:40:14 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 20:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/04 17:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/18 11:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/31 12:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/29 10:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/04 12:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/04 12:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/09/23 10:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/09/17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/09/17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/09/17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/04/16 22:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/02/18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 15:25:38 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2010/02/05 15:17:56 | 000,306,648 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/02/02 16:13:54 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/02/02 16:13:54 | 000,060,416 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010/02/02 16:13:54 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2009/09/23 22:10:04 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 19:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/07/26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-944575353-2315805094-3003267987-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-944575353-2315805094-3003267987-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aischool.org/index.cfm
IE - HKU\S-1-5-21-944575353-2315805094-3003267987-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-944575353-2315805094-3003267987-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....type=PCAFSI1190
IE - HKU\S-1-5-21-944575353-2315805094-3003267987-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-944575353-2315805094-3003267987-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alicia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alicia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alicia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011/02/03 16:21:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = c:\users\alicia\appdata\local\google\chrome\application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = c:\users\alicia\appdata\local\google\chrome\application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = c:\users\alicia\appdata\local\google\chrome\application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alicia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Alicia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Solitaire Card Games = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkelcbhdkpcdiiancfjhjcpdinbbfolp\1.0.0.6_0\
CHR - Extension: Peter Bjorn and John = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmemmjoiahegfgfcenggecfhoedchfdl\3_0\
CHR - Extension: 3D Bowling = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm\1.9_0\
CHR - Extension: Air Hockey = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\2.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Classic Flash Cups Game = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\opkhmahbhobjlomiombdghomfgjplkfg\3.2.6_0\
CHR - Extension: Gmail = C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-944575353-2315805094-3003267987-1001..\Run: [Facebook Update] C:\Users\Alicia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-944575353-2315805094-3003267987-1001..\Run: [Spotify] C:\Users\Alicia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-944575353-2315805094-3003267987-1001..\Run: [Spotify Web Helper] C:\Users\Alicia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{156C7411-9B7B-47F9-B257-3404DB1481D7}: DhcpNameServer = 100.100.3.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C507CFE1-3490-467E-B1E7-06412369333E}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 23:50:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Alicia\Desktop\aswMBR.exe
[2012/07/04 23:46:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Alicia\Desktop\OTL.exe
[2012/07/04 23:07:56 | 000,000,000 | ---D | C] -- C:\Users\Alicia\Desktop\Microsoft Office
[2012/07/04 22:48:42 | 000,000,000 | ---D | C] -- C:\Users\Alicia\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/04 22:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/04 22:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/04 22:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/04 22:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/06/25 05:10:54 | 000,000,000 | ---D | C] -- C:\Users\Alicia\AppData\Local\{214A6E7B-1E85-4672-A68B-EFDBBCAFC62F}
[2012/06/25 05:08:52 | 000,000,000 | ---D | C] -- C:\Users\Alicia\AppData\Local\{E582A42E-E892-4737-BB3E-90FC917380CA}
[2012/06/25 05:06:48 | 000,000,000 | ---D | C] -- C:\Users\Alicia\AppData\Local\{C7BB66E4-29E7-4764-8983-55A4528D7086}
[2012/06/25 05:04:48 | 000,000,000 | ---D | C] -- C:\Users\Alicia\AppData\Local\{F303524D-3D98-4CCA-99BB-79E43A6212BA}
[2012/06/25 05:02:38 | 000,000,000 | ---D | C] -- C:\Users\Alicia\AppData\Local\{18E24C29-B784-421E-A677-DB3C8C5312CC}
[2012/06/23 04:43:07 | 000,000,000 | ---D | C] -- C:\Users\Alicia\AppData\Local\{FF1CBE06-2334-43A6-A500-31C8DA2176B5}
[2012/06/23 04:04:48 | 000,000,000 | ---D | C] -- C:\Users\Alicia\AppData\Local\{EF6B49D0-90BC-44C7-869C-66BB98063EA6}
[2012/01/21 00:25:22 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Alicia\gotomypc_626.exe

========== Files - Modified Within 30 Days ==========

[2012/07/05 09:44:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/05 09:41:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/05 09:17:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001UA.job
[2012/07/05 08:55:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001UA.job
[2012/07/04 23:50:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Alicia\Desktop\aswMBR.exe
[2012/07/04 23:46:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Alicia\Desktop\OTL.exe
[2012/07/04 22:52:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 22:52:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 22:41:40 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/04 22:37:43 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001Core.job
[2012/07/04 22:36:54 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001Core.job
[2012/07/03 23:40:24 | 000,648,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/03 23:40:22 | 000,114,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/03 23:40:21 | 000,759,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/03 12:46:24 | 000,002,366 | ---- | M] () -- C:\Users\Alicia\Desktop\Google Chrome.lnk
[2012/07/03 12:31:57 | 2903,285,760 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 18:22:58 | 000,002,150 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/06/28 18:22:51 | 000,001,366 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/06/27 11:33:50 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/04 22:41:40 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/24 23:39:39 | 000,047,616 | ---- | C] () -- C:\Users\Alicia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/09 23:15:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Components
[2011/10/09 23:15:27 | 000,000,268 | RH-- | C] () -- C:\Users\Alicia\AppData\Roaming\Comedy Noises
[2011/10/09 23:15:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/10/09 23:03:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Commands
[2011/10/09 23:03:48 | 000,000,268 | RH-- | C] () -- C:\Users\Alicia\AppData\Roaming\ColorTable
[2011/10/09 23:03:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/06/19 03:23:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/19 03:20:46 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/08/10 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Alicia\AppData\Roaming\Asus WebStorage
[2012/03/25 06:39:43 | 000,000,000 | ---D | M] -- C:\Users\Alicia\AppData\Roaming\GetRightToGo
[2011/08/13 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Alicia\AppData\Roaming\ICAClient
[2011/10/09 23:25:53 | 000,000,000 | ---D | M] -- C:\Users\Alicia\AppData\Roaming\Nikon
[2011/08/10 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\Alicia\AppData\Roaming\Nuance
[2011/08/10 03:24:50 | 000,000,000 | ---D | M] -- C:\Users\Alicia\AppData\Roaming\Panda Security
[2012/07/03 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\Alicia\AppData\Roaming\Spotify
[2011/08/10 18:48:44 | 000,000,000 | ---D | M] -- C:\Users\Alicia\AppData\Roaming\Zeon
[2012/07/04 22:37:43 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001Core.job
[2012/07/05 08:55:07 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001UA.job
[2009/07/14 07:08:49 | 000,017,458 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/03 15:59:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/05/10 22:29:34 | 003,130,360 | ---- | M] (Safer-Networking Ltd.) MD5=59D65526510498A5C2EADF8D7BE2EDAE -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/03 15:50:25 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/02/03 15:59:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/02/03 15:50:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/02/03 15:59:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/02/03 15:50:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/03 15:59:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/02/03 15:50:25 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/08/04 08:04:09 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=18A525B3727F2AE7E8D440F42FC82C2E -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_68750ba1329f3c6f\services.exe.mui
[2009/08/04 08:30:31 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=41DB03418DF56EF7DCCA75086DBEB772 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_c8703eaeabc9a1e3\services.exe.mui
[2009/07/14 04:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 04:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2009/08/04 08:54:19 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=80715CABC9EC87D30CCBF3E5BF704332 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_2578a32c26c80e7a\services.exe.mui
[2009/08/04 08:23:36 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D08F9475A0A87D2D9A6870B61C3092E1 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_2974e0822438eaea\services.exe.mui
[2009/08/04 07:57:20 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=EBD7B77F4CAF420799840882B179ADC6 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5bd95a23fcd260d\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/08/04 08:04:07 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a2b6db8d0908d662\services.msc
[2009/08/04 08:04:10 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009/07/14 04:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 04:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 04:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 04:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/08/04 08:54:35 | 000,092,747 | ---- | M] () MD5=838D8BA778B6B9571019D0D680262914 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_5fba7317fd31a86d\services.msc
[2009/08/04 08:54:21 | 000,092,747 | ---- | M] () MD5=838D8BA778B6B9571019D0D680262914 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_039bd79444d43737\services.msc
[2009/08/04 08:23:50 | 000,092,751 | ---- | M] () MD5=8CC6BE85C722E5A18F153919D0816E0A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_63b6b06dfaa284dd\services.msc
[2009/08/04 08:23:38 | 000,092,751 | ---- | M] () MD5=8CC6BE85C722E5A18F153919D0816E0A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_079814ea424513a7\services.msc
[2009/08/04 07:57:18 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ffff658e1636c000\services.msc
[2009/08/04 07:57:22 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3e0ca0a5dd94eca\services.msc
[2009/08/04 08:30:29 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_02b20e9a82333bd6\services.msc
[2009/08/04 08:30:32 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_a6937316c9d5caa0\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 15:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/02/03 15:59:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/02/03 15:59:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2011/02/03 15:59:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
---------------------------------------------------------

OTL Extras logfile created on: 7/5/2012 8:52:08 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Alicia\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.61 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 47.73% Memory free
7.21 Gb Paging File | 4.08 Gb Available in Paging File | 56.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256.35 Gb Total Space | 174.69 Gb Free Space | 68.15% Space Free | Partition Type: NTFS
Drive D: | 314.82 Gb Total Space | 314.62 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: ALICIA-PC | User Name: Alicia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FDC9F3F-D562-4815-9566-9934B652CB40}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{5A657558-6A5D-4D1C-B185-156FCCA29D8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{86EA93F0-D2BA-4189-A37D-3DAB21CB70BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F5F92506-4554-4AB7-9780-48BB97389725}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{FDC0586C-F63A-4633-A65D-E0B86B6908E4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B20607D-305F-477C-B302-B99BF703A172}" = dir=in | app=c:\users\alicia\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{534FE1E3-E275-4E89-809E-E8A5F5DC274D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{635B9FEA-35BA-4EB3-BFF4-0F4AD639AE93}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6B7F1B1F-1308-4DD7-B49C-A509D4998038}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8A494201-9F71-4E25-90BE-DC43A99DFEDF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B79D1FED-FF42-4A82-BC84-5233E45B3363}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C1912587-14BB-4423-8B21-69BB21D65490}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CB82F614-BE33-4574-BD80-090CF07F9D2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED03ACEE-FD93-45AE-931D-A2C92BC74E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FB33CC14-169E-4969-BF02-CC9C5D45D74A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{72B490B8-C1C7-44D9-9676-94C130B557E7}C:\users\alicia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alicia\appdata\roaming\spotify\spotify.exe |
"TCP Query User{8A28E9BC-D53F-431A-8141-0EB59E70CCDC}C:\users\alicia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alicia\appdata\roaming\spotify\spotify.exe |
"TCP Query User{AED44D7D-89AD-42FF-BBA9-8530843D2B37}C:\users\alicia\appdata\local\temp\g2_626\g2viewer.exe" = protocol=6 | dir=in | app=c:\users\alicia\appdata\local\temp\g2_626\g2viewer.exe |
"UDP Query User{0887D923-5C60-4016-8D6C-3759EB668C1A}C:\users\alicia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alicia\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1333E52C-F836-4CAE-8D54-1C3B85E70357}C:\users\alicia\appdata\local\temp\g2_626\g2viewer.exe" = protocol=17 | dir=in | app=c:\users\alicia\appdata\local\temp\g2_626\g2viewer.exe |
"UDP Query User{8A0898B9-F388-4EF1-8D4A-2A2938D7DBB2}C:\users\alicia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alicia\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{190C1E78-EE3A-841D-C68D-97A9C1A48973}" = WMV9/VC-1 Video Playback
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{50431EE1-C1CC-4AE7-BDE3-B60536E7BA92}" = Panda Cloud Antivirus
"{58E99875-2E3B-1CA5-D7C4-2901453F3981}" = ATI Catalyst Install Manager
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5E9C8272-9487-7C4E-EE4E-EC3C9B833E80}" = ccc-utility64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{876B19F3-EA56-4E12-64E0-A14921EE8AD9}" = AMD Fuel
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1E9C645B-86BF-78F4-D0B2-E1B629F4860B}" = CCC Help Czech
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D831C28-16D9-68F4-62B9-EF0FEE6810E8}" = CCC Help French
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AEE149-348E-F96F-DD7E-E4AE8C0FA590}" = CCC Help Spanish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{436043C1-EBF5-D328-5352-2ECE58FFF14E}" = CCC Help Italian
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5E1F5F06-7739-C962-D1B9-A20352C315CF}" = CCC Help Dutch
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B6FCFC7-F1DD-2938-7F13-A53AF185EAA6}" = CCC Help Danish
"{6B86B5EA-3FC4-B61F-BF39-00908F4B1914}" = CCC Help German
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D1031D9-E025-D81A-60BB-2438F1DAD403}" = CCC Help Russian
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6F35C64F-B969-4ECE-3C27-D4FF62D8B602}" = CCC Help Polish
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737E2E0B-906A-CBE1-9B65-79A034A540BD}" = CCC Help Chinese Standard
"{744BFB3C-CABB-2EA9-EC04-4DC4CF1853D7}" = Catalyst Control Center
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{77C40B17-C0DD-7DE8-992E-7759771E64A3}" = CCC Help Turkish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{79B368BD-9EC0-49D9-F9E4-75E4AD0AD447}" = CCC Help Greek
"{7A1F625C-2893-C711-E539-3CA45476B5E7}" = CCC Help Portuguese
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{85487EE2-2A33-AA10-D70B-732B0C51D4C9}" = CCC Help Chinese Traditional
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885E5283-AC7B-A88E-562D-5CD7994FF862}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95E8725C-2238-999D-115D-F1EEE4F56EC7}" = CCC Help Korean
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{B19B82C9-4A8C-FB33-B42E-C676DA85B5FB}" = Catalyst Control Center InstallProxy
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B487939D-E296-3FF8-134B-FC936A164A3F}" = CCC Help Finnish
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA3E01A1-39B1-1F4C-1F9E-9E8AF675EF28}" = CCC Help English
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D86F8870-992D-ADD6-CB10-C05346B05DFD}" = CCC Help Thai
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFB62071-F38C-04C8-825A-F715333DB24E}" = Catalyst Control Center Localization All
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E432F3F1-6BB0-E228-6138-900DE6EA5F23}" = CCC Help Norwegian
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6592624-C28D-8406-CDE2-7E404D12CCC9}" = Catalyst Control Center Profiles Mobile
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC5836BE-32D1-4D45-9C04-B3980719DFBA}" = CCC Help Japanese
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ECD7A9A6-CDEC-E486-6992-7A26DAF28802}" = CCC Help Swedish
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"Spyware Doctor" = Spyware Doctor 7.0
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-944575353-2315805094-3003267987-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2011 11:06:29 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2559695

Error - 10/30/2011 11:06:29 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2559695

Error - 10/30/2011 11:06:30 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/30/2011 11:06:30 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2560709

Error - 10/30/2011 11:06:30 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2560709

Error - 10/30/2011 11:06:31 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/30/2011 11:06:31 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2561754

Error - 10/30/2011 11:06:31 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2561754

Error - 10/30/2011 11:06:32 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/30/2011 11:06:32 PM | Computer Name = Alicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2562831

[ Media Center Events ]
Error - 2/17/2012 11:23:45 PM | Computer Name = Alicia-PC | Source = MCUpdate | ID = 0
Description = 10:23:45 PM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/20/2012 6:08:58 PM | Computer Name = Alicia-PC | Source = MCUpdate | ID = 0
Description = 6:08:32 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 7/3/2012 5:38:02 PM | Computer Name = Alicia-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.41
with the system having network hardware address 90-00-4E-C3-9E-27. Network operations
on this system may be disrupted as a result.

Error - 7/3/2012 5:39:46 PM | Computer Name = Alicia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the sdCoreService service.

Error - 7/4/2012 4:36:36 PM | Computer Name = Alicia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the sdCoreService service.

Error - 7/4/2012 4:36:41 PM | Computer Name = Alicia-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.42
with the system having network hardware address 90-00-4E-C3-9E-27. Network operations
on this system may be disrupted as a result.

Error - 7/4/2012 4:37:19 PM | Computer Name = Alicia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the sdCoreService service.

Error - 7/5/2012 12:49:08 AM | Computer Name = Alicia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the sdCoreService service.

Error - 7/5/2012 2:48:30 AM | Computer Name = Alicia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/5/2012 2:49:08 AM | Computer Name = Alicia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the sdCoreService service.

Error - 7/5/2012 3:41:29 AM | Computer Name = Alicia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the sdCoreService service.

Error - 7/5/2012 3:42:11 AM | Computer Name = Alicia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the sdCoreService service.


< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The failure to run is a clue in itself

Could you go Start > Run and in the box type :

diskmgmt.msc

Press enter
This will open the disc management console
Could you take a screenshot of that and post it here



THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#5
lmart

lmart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks again for your reply.

The screenshot you requested is attached to this post.

Here is the Log from the scan. Cure was not an available option for the threat found during the scan.

18:38:12.0725 7248 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
18:38:13.0325 7248 ============================================================
18:38:13.0325 7248 Current date / time: 2012/07/06 18:38:13.0325
18:38:13.0325 7248 SystemInfo:
18:38:13.0325 7248
18:38:13.0325 7248 OS Version: 6.1.7600 ServicePack: 0.0
18:38:13.0325 7248 Product type: Workstation
18:38:13.0325 7248 ComputerName: ALICIA-PC
18:38:13.0325 7248 UserName: Alicia
18:38:13.0325 7248 Windows directory: C:\Windows
18:38:13.0325 7248 System windows directory: C:\Windows
18:38:13.0325 7248 Running under WOW64
18:38:13.0325 7248 Processor architecture: Intel x64
18:38:13.0325 7248 Number of processors: 2
18:38:13.0325 7248 Page size: 0x1000
18:38:13.0325 7248 Boot type: Normal boot
18:38:13.0325 7248 ============================================================
18:38:15.0445 7248 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:38:15.0455 7248 ============================================================
18:38:15.0455 7248 \Device\Harddisk0\DR0:
18:38:15.0455 7248 MBR partitions:
18:38:15.0455 7248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x200B5000
18:38:15.0485 7248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x232B6000, BlocksNum 0x275A2000
18:38:15.0485 7248 ============================================================
18:38:15.0525 7248 C: <-> \Device\Harddisk0\DR0\Partition0
18:38:15.0565 7248 D: <-> \Device\Harddisk0\DR0\Partition1
18:38:15.0565 7248 ============================================================
18:38:15.0565 7248 Initialize success
18:38:15.0565 7248 ============================================================
18:38:25.0805 8128 ============================================================
18:38:25.0805 8128 Scan started
18:38:25.0805 8128 Mode: Manual; SigCheck; TDLFS;
18:38:25.0805 8128 ============================================================
18:38:27.0035 8128 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:38:27.0495 8128 1394ohci - ok
18:38:27.0535 8128 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:38:27.0605 8128 ACPI - ok
18:38:27.0645 8128 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:38:27.0845 8128 AcpiPmi - ok
18:38:28.0045 8128 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:38:28.0095 8128 AdobeFlashPlayerUpdateSvc - ok
18:38:28.0185 8128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:38:28.0285 8128 adp94xx - ok
18:38:28.0325 8128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:38:28.0395 8128 adpahci - ok
18:38:28.0415 8128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:38:28.0525 8128 adpu320 - ok
18:38:28.0555 8128 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:38:28.0815 8128 AeLookupSvc - ok
18:38:28.0905 8128 AFBAgent (6e79a119b0ce418fe44e0c824bf3f039) C:\Windows\system32\FBAgent.exe
18:38:28.0995 8128 AFBAgent - ok
18:38:29.0265 8128 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:38:29.0485 8128 AFD - ok
18:38:29.0515 8128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:38:29.0585 8128 agp440 - ok
18:38:29.0615 8128 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:38:29.0815 8128 ALG - ok
18:38:29.0835 8128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:38:29.0935 8128 aliide - ok
18:38:29.0985 8128 AMD External Events Utility (a887f17abdc56a25270c51af0c667812) C:\Windows\system32\atiesrxx.exe
18:38:30.0245 8128 AMD External Events Utility - ok
18:38:30.0285 8128 AMD FUEL Service - ok
18:38:30.0365 8128 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
18:38:30.0415 8128 AMD Reservation Manager - ok
18:38:30.0445 8128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:38:30.0485 8128 amdide - ok
18:38:30.0515 8128 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:38:30.0555 8128 amdiox64 - ok
18:38:30.0595 8128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:38:30.0695 8128 AmdK8 - ok
18:38:31.0135 8128 amdkmdag (2e1e8616636141e6ba33bd3e61bf6939) C:\Windows\system32\DRIVERS\atikmdag.sys
18:38:31.0585 8128 amdkmdag - ok
18:38:31.0785 8128 amdkmdap (af0a8045ed45c961b555dd66ea8f10cf) C:\Windows\system32\DRIVERS\atikmpag.sys
18:38:31.0945 8128 amdkmdap - ok
18:38:31.0995 8128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:38:32.0155 8128 AmdPPM - ok
18:38:32.0205 8128 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:38:32.0245 8128 amdsata - ok
18:38:32.0325 8128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:38:32.0405 8128 amdsbs - ok
18:38:32.0425 8128 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:38:32.0515 8128 amdxata - ok
18:38:32.0555 8128 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\DRIVERS\amd_sata.sys
18:38:32.0615 8128 amd_sata - ok
18:38:32.0635 8128 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\DRIVERS\amd_xata.sys
18:38:32.0725 8128 amd_xata - ok
18:38:32.0825 8128 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
18:38:32.0895 8128 Amsp - ok
18:38:32.0935 8128 AODDriver4.0 - ok
18:38:32.0995 8128 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:38:33.0225 8128 AppID - ok
18:38:33.0255 8128 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:38:33.0385 8128 AppIDSvc - ok
18:38:33.0415 8128 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:38:33.0525 8128 Appinfo - ok
18:38:33.0695 8128 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:38:33.0735 8128 Apple Mobile Device - ok
18:38:33.0785 8128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:38:33.0835 8128 arc - ok
18:38:33.0845 8128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:38:33.0885 8128 arcsas - ok
18:38:33.0965 8128 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:38:34.0005 8128 ASLDRService - ok
18:38:34.0025 8128 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:38:34.0065 8128 ASMMAP64 - ok
18:38:34.0145 8128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:38:34.0345 8128 AsyncMac - ok
18:38:34.0365 8128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:38:34.0405 8128 atapi - ok
18:38:34.0525 8128 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
18:38:34.0725 8128 athr - ok
18:38:34.0905 8128 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
18:38:34.0955 8128 AtiHDAudioService - ok
18:38:35.0045 8128 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:38:35.0115 8128 ATKGFNEXSrv - ok
18:38:35.0165 8128 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
18:38:35.0225 8128 ATKWMIACPIIO - ok
18:38:35.0305 8128 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:38:35.0475 8128 AudioEndpointBuilder - ok
18:38:35.0485 8128 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:38:35.0645 8128 AudioSrv - ok
18:38:35.0675 8128 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:38:35.0915 8128 AxInstSV - ok
18:38:35.0985 8128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:38:36.0175 8128 b06bdrv - ok
18:38:36.0225 8128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:38:36.0325 8128 b57nd60a - ok
18:38:36.0375 8128 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:38:36.0455 8128 BDESVC - ok
18:38:36.0485 8128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:38:36.0625 8128 Beep - ok
18:38:36.0715 8128 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:38:36.0875 8128 BFE - ok
18:38:36.0955 8128 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
18:38:37.0245 8128 BITS - ok
18:38:37.0325 8128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:38:37.0625 8128 blbdrive - ok
18:38:37.0755 8128 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:38:37.0815 8128 Bonjour Service - ok
18:38:37.0875 8128 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:38:38.0365 8128 bowser - ok
18:38:38.0405 8128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:38:38.0535 8128 BrFiltLo - ok
18:38:38.0555 8128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:38:38.0675 8128 BrFiltUp - ok
18:38:38.0725 8128 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:38:38.0845 8128 Browser - ok
18:38:38.0865 8128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:38:38.0995 8128 Brserid - ok
18:38:39.0005 8128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:38:39.0085 8128 BrSerWdm - ok
18:38:39.0115 8128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:38:39.0215 8128 BrUsbMdm - ok
18:38:39.0225 8128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:38:39.0335 8128 BrUsbSer - ok
18:38:39.0465 8128 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:38:39.0635 8128 BthEnum - ok
18:38:39.0655 8128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:38:39.0935 8128 BTHMODEM - ok
18:38:39.0965 8128 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:38:40.0165 8128 BthPan - ok
18:38:40.0265 8128 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
18:38:40.0575 8128 BTHPORT - ok
18:38:40.0615 8128 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:38:41.0075 8128 bthserv - ok
18:38:41.0105 8128 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
18:38:41.0185 8128 BTHUSB - ok
18:38:41.0225 8128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:38:41.0345 8128 cdfs - ok
18:38:41.0395 8128 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:38:41.0495 8128 cdrom - ok
18:38:41.0555 8128 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:38:41.0685 8128 CertPropSvc - ok
18:38:41.0725 8128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:38:41.0855 8128 circlass - ok
18:38:41.0905 8128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:38:41.0955 8128 CLFS - ok
18:38:42.0045 8128 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:38:42.0085 8128 clr_optimization_v2.0.50727_32 - ok
18:38:42.0135 8128 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:38:42.0185 8128 clr_optimization_v2.0.50727_64 - ok
18:38:42.0265 8128 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:38:42.0325 8128 clr_optimization_v4.0.30319_32 - ok
18:38:42.0385 8128 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:38:42.0435 8128 clr_optimization_v4.0.30319_64 - ok
18:38:42.0485 8128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:38:42.0745 8128 CmBatt - ok
18:38:42.0775 8128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:38:42.0825 8128 cmdide - ok
18:38:42.0885 8128 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:38:43.0045 8128 CNG - ok
18:38:43.0065 8128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:38:43.0115 8128 Compbatt - ok
18:38:43.0135 8128 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:38:43.0385 8128 CompositeBus - ok
18:38:43.0415 8128 COMSysApp - ok
18:38:43.0435 8128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:38:43.0555 8128 crcdisk - ok
18:38:43.0635 8128 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
18:38:43.0725 8128 CryptSvc - ok
18:38:43.0815 8128 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:38:43.0855 8128 ctxusbm - ok
18:38:43.0925 8128 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:38:44.0065 8128 DcomLaunch - ok
18:38:44.0115 8128 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:38:44.0265 8128 defragsvc - ok
18:38:44.0325 8128 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:38:44.0415 8128 DfsC - ok
18:38:44.0465 8128 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:38:44.0755 8128 Dhcp - ok
18:38:44.0785 8128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:38:45.0105 8128 discache - ok
18:38:45.0145 8128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:38:45.0235 8128 Disk - ok
18:38:45.0305 8128 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:38:45.0505 8128 Dnscache - ok
18:38:45.0585 8128 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:38:45.0905 8128 dot3svc - ok
18:38:45.0945 8128 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:38:46.0105 8128 DPS - ok
18:38:46.0235 8128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:38:46.0345 8128 drmkaud - ok
18:38:46.0455 8128 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:38:46.0525 8128 DXGKrnl - ok
18:38:46.0615 8128 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:38:46.0745 8128 EapHost - ok
18:38:46.0975 8128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:38:47.0235 8128 ebdrv - ok
18:38:47.0425 8128 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:38:47.0575 8128 EFS - ok
18:38:47.0695 8128 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:38:47.0845 8128 ehRecvr - ok
18:38:47.0875 8128 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:38:48.0105 8128 ehSched - ok
18:38:48.0275 8128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:38:48.0355 8128 elxstor - ok
18:38:48.0355 8128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:38:48.0585 8128 ErrDev - ok
18:38:48.0695 8128 ETD (4c120d2b2ea269eae7a5744794eb6db1) C:\Windows\system32\DRIVERS\ETD.sys
18:38:48.0755 8128 ETD - ok
18:38:48.0875 8128 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:38:49.0045 8128 EventSystem - ok
18:38:49.0095 8128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:38:49.0235 8128 exfat - ok
18:38:49.0275 8128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:38:49.0425 8128 fastfat - ok
18:38:49.0545 8128 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:38:49.0685 8128 Fax - ok
18:38:49.0755 8128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:38:49.0895 8128 fdc - ok
18:38:49.0985 8128 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:38:50.0195 8128 fdPHost - ok
18:38:50.0255 8128 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:38:50.0435 8128 FDResPub - ok
18:38:50.0525 8128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:38:50.0575 8128 FileInfo - ok
18:38:50.0595 8128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:38:50.0725 8128 Filetrace - ok
18:38:50.0965 8128 FlipShare Service (0b9167adfe8e42b6b4c5e929bfbc7080) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
18:38:51.0055 8128 FlipShare Service - ok
18:38:51.0095 8128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:38:51.0245 8128 flpydisk - ok
18:38:51.0295 8128 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:38:51.0375 8128 FltMgr - ok
18:38:51.0495 8128 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:38:51.0625 8128 FontCache - ok
18:38:51.0775 8128 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:38:51.0815 8128 FontCache3.0.0.0 - ok
18:38:51.0865 8128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:38:51.0905 8128 FsDepends - ok
18:38:51.0965 8128 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:38:51.0995 8128 fssfltr - ok
18:38:52.0325 8128 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:38:52.0425 8128 fsssvc - ok
18:38:52.0605 8128 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:38:52.0645 8128 Fs_Rec - ok
18:38:52.0775 8128 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:38:52.0845 8128 fvevol - ok
18:38:52.0895 8128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:38:52.0955 8128 gagp30kx - ok
18:38:53.0005 8128 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:38:53.0055 8128 GEARAspiWDM - ok
18:38:53.0175 8128 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:38:53.0345 8128 gpsvc - ok
18:38:53.0465 8128 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:38:53.0535 8128 gusvc - ok
18:38:53.0575 8128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:38:53.0725 8128 hcw85cir - ok
18:38:53.0805 8128 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:38:54.0025 8128 HdAudAddService - ok
18:38:54.0055 8128 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:38:54.0175 8128 HDAudBus - ok
18:38:54.0185 8128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:38:54.0265 8128 HidBatt - ok
18:38:54.0285 8128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:38:54.0385 8128 HidBth - ok
18:38:54.0415 8128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:38:54.0505 8128 HidIr - ok
18:38:54.0565 8128 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:38:54.0695 8128 hidserv - ok
18:38:54.0765 8128 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:38:54.0865 8128 HidUsb - ok
18:38:54.0885 8128 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:38:55.0005 8128 hkmsvc - ok
18:38:55.0045 8128 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:38:55.0315 8128 HomeGroupListener - ok
18:38:55.0395 8128 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:38:55.0605 8128 HomeGroupProvider - ok
18:38:55.0655 8128 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:38:55.0705 8128 HpSAMD - ok
18:38:55.0805 8128 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:38:55.0985 8128 HTTP - ok
18:38:56.0035 8128 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:38:56.0075 8128 hwpolicy - ok
18:38:56.0105 8128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:38:56.0195 8128 i8042prt - ok
18:38:56.0255 8128 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:38:56.0325 8128 iaStorV - ok
18:38:56.0545 8128 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:38:56.0705 8128 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:38:56.0705 8128 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:38:56.0935 8128 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:38:57.0045 8128 idsvc - ok
18:38:57.0205 8128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:38:57.0265 8128 iirsp - ok
18:38:57.0435 8128 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:38:57.0655 8128 IKEEXT - ok
18:38:59.0365 8128 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
18:38:59.0575 8128 IntcAzAudAddService - ok
18:38:59.0795 8128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:38:59.0855 8128 intelide - ok
18:38:59.0885 8128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:38:59.0985 8128 intelppm - ok
18:39:00.0395 8128 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:39:00.0635 8128 IPBusEnum - ok
18:39:00.0655 8128 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:00.0905 8128 IpFilterDriver - ok
18:39:00.0955 8128 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:39:01.0185 8128 iphlpsvc - ok
18:39:01.0495 8128 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:39:01.0645 8128 IPMIDRV - ok
18:39:01.0665 8128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:39:01.0855 8128 IPNAT - ok
18:39:02.0075 8128 iPod Service (fdf57f795098ab29af780824315c9859) C:\Program Files\iPod\bin\iPodService.exe
18:39:02.0145 8128 iPod Service - ok
18:39:02.0195 8128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:39:02.0295 8128 IRENUM - ok
18:39:02.0335 8128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:39:02.0375 8128 isapnp - ok
18:39:02.0455 8128 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:39:02.0515 8128 iScsiPrt - ok
18:39:02.0575 8128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:39:02.0635 8128 kbdclass - ok
18:39:02.0645 8128 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:39:02.0765 8128 kbdhid - ok
18:39:02.0795 8128 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:39:02.0855 8128 kbfiltr - ok
18:39:02.0945 8128 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:03.0025 8128 KeyIso - ok
18:39:03.0045 8128 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:39:03.0105 8128 KSecDD - ok
18:39:03.0155 8128 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:39:03.0205 8128 KSecPkg - ok
18:39:03.0275 8128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:39:03.0485 8128 ksthunk - ok
18:39:04.0295 8128 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:39:04.0475 8128 KtmRm - ok
18:39:04.0595 8128 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:39:04.0695 8128 L1C - ok
18:39:04.0775 8128 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
18:39:04.0905 8128 LanmanServer - ok
18:39:04.0975 8128 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:39:05.0125 8128 LanmanWorkstation - ok
18:39:05.0175 8128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:39:05.0325 8128 lltdio - ok
18:39:06.0155 8128 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:39:06.0335 8128 lltdsvc - ok
18:39:06.0475 8128 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:39:06.0755 8128 lmhosts - ok
18:39:06.0855 8128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:39:06.0905 8128 LSI_FC - ok
18:39:06.0915 8128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:39:06.0975 8128 LSI_SAS - ok
18:39:06.0995 8128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:39:07.0075 8128 LSI_SAS2 - ok
18:39:07.0095 8128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:39:07.0155 8128 LSI_SCSI - ok
18:39:07.0265 8128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:39:07.0415 8128 luafv - ok
18:39:07.0465 8128 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:39:07.0555 8128 Mcx2Svc - ok
18:39:07.0565 8128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:39:07.0605 8128 megasas - ok
18:39:07.0695 8128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:39:07.0745 8128 MegaSR - ok
18:39:07.0835 8128 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:39:07.0955 8128 MMCSS - ok
18:39:07.0985 8128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:39:08.0105 8128 Modem - ok
18:39:08.0145 8128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:39:08.0365 8128 monitor - ok
18:39:08.0415 8128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:39:08.0455 8128 mouclass - ok
18:39:08.0465 8128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:39:08.0585 8128 mouhid - ok
18:39:08.0605 8128 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:39:08.0645 8128 mountmgr - ok
18:39:08.0975 8128 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:39:09.0045 8128 mpio - ok
18:39:09.0055 8128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:39:09.0265 8128 mpsdrv - ok
18:39:09.0695 8128 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:39:09.0855 8128 MpsSvc - ok
18:39:09.0865 8128 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:39:09.0955 8128 MRxDAV - ok
18:39:10.0005 8128 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:10.0215 8128 mrxsmb - ok
18:39:10.0445 8128 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:10.0525 8128 mrxsmb10 - ok
18:39:10.0575 8128 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:10.0715 8128 mrxsmb20 - ok
18:39:10.0965 8128 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:39:11.0055 8128 msahci - ok
18:39:11.0185 8128 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:39:11.0235 8128 msdsm - ok
18:39:11.0325 8128 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:39:11.0495 8128 MSDTC - ok
18:39:11.0535 8128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:39:11.0705 8128 Msfs - ok
18:39:11.0735 8128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:39:11.0915 8128 mshidkmdf - ok
18:39:11.0965 8128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:39:12.0005 8128 msisadrv - ok
18:39:12.0245 8128 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:39:12.0405 8128 MSiSCSI - ok
18:39:12.0415 8128 msiserver - ok
18:39:12.0535 8128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:39:12.0635 8128 MSKSSRV - ok
18:39:12.0665 8128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:12.0825 8128 MSPCLOCK - ok
18:39:12.0845 8128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:39:12.0955 8128 MSPQM - ok
18:39:13.0005 8128 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:39:13.0065 8128 MsRPC - ok
18:39:13.0135 8128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:39:13.0175 8128 mssmbios - ok
18:39:13.0205 8128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:39:13.0555 8128 MSTEE - ok
18:39:13.0615 8128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:39:13.0785 8128 MTConfig - ok
18:39:13.0935 8128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:39:13.0985 8128 Mup - ok
18:39:14.0395 8128 NanoServiceMain (a830e59f98827943686e90bf79fc96fa) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
18:39:14.0435 8128 NanoServiceMain - ok
18:39:14.0565 8128 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:39:14.0705 8128 napagent - ok
18:39:14.0795 8128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:39:14.0885 8128 NativeWifiP - ok
18:39:15.0025 8128 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:39:15.0085 8128 NDIS - ok
18:39:15.0135 8128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:15.0245 8128 NdisCap - ok
18:39:15.0325 8128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:15.0465 8128 NdisTapi - ok
18:39:15.0485 8128 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:15.0625 8128 Ndisuio - ok
18:39:15.0635 8128 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:15.0765 8128 NdisWan - ok
18:39:15.0895 8128 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:39:16.0085 8128 NDProxy - ok
18:39:16.0135 8128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:39:16.0285 8128 NetBIOS - ok
18:39:16.0495 8128 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:39:16.0635 8128 NetBT - ok
18:39:16.0725 8128 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:16.0815 8128 Netlogon - ok
18:39:16.0975 8128 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:39:17.0185 8128 Netman - ok
18:39:17.0235 8128 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:39:17.0435 8128 netprofm - ok
18:39:17.0585 8128 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:39:17.0625 8128 NetTcpPortSharing - ok
18:39:17.0715 8128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:39:17.0755 8128 nfrd960 - ok
18:39:17.0875 8128 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:39:18.0035 8128 NlaSvc - ok
18:39:18.0065 8128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:39:18.0225 8128 Npfs - ok
18:39:18.0355 8128 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:39:18.0505 8128 nsi - ok
18:39:18.0515 8128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:39:18.0745 8128 nsiproxy - ok
18:39:19.0615 8128 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:39:19.0725 8128 Ntfs - ok
18:39:19.0925 8128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:39:20.0045 8128 Null - ok
18:39:20.0105 8128 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:39:20.0155 8128 nvraid - ok
18:39:20.0185 8128 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:39:20.0235 8128 nvstor - ok
18:39:20.0265 8128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:39:20.0315 8128 nv_agp - ok
18:39:20.0325 8128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:39:20.0415 8128 ohci1394 - ok
18:39:20.0515 8128 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:39:20.0575 8128 ose - ok
18:39:20.0955 8128 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:39:21.0215 8128 osppsvc - ok
18:39:21.0465 8128 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:39:21.0625 8128 p2pimsvc - ok
18:39:21.0675 8128 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:39:21.0775 8128 p2psvc - ok
18:39:21.0895 8128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:39:21.0995 8128 Parport - ok
18:39:22.0065 8128 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
18:39:22.0105 8128 partmgr - ok
18:39:22.0165 8128 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:39:22.0305 8128 PcaSvc - ok
18:39:22.0355 8128 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:39:22.0395 8128 pci - ok
18:39:22.0405 8128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:39:22.0455 8128 pciide - ok
18:39:22.0475 8128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:39:22.0525 8128 pcmcia - ok
18:39:22.0625 8128 PCTCore (3a68080572b81577791a7b19bb880da9) C:\Windows\system32\drivers\PCTCore64.sys
18:39:22.0675 8128 PCTCore - ok
18:39:22.0735 8128 pctgntdi (d6ad12ef986484d692253caca6882d89) C:\Windows\system32\drivers\pctgntdi64.sys
18:39:22.0785 8128 pctgntdi - ok
18:39:22.0835 8128 pctplsg (ccc67d848660b513ad01356b324727b2) C:\Windows\System32\drivers\pctplsg64.sys
18:39:22.0875 8128 pctplsg - ok
18:39:22.0885 8128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:39:22.0925 8128 pcw - ok
18:39:22.0985 8128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:39:23.0125 8128 PEAUTH - ok
18:39:23.0235 8128 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:39:23.0325 8128 PerfHost - ok
18:39:23.0465 8128 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:39:23.0655 8128 pla - ok
18:39:23.0735 8128 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:39:23.0865 8128 PlugPlay - ok
18:39:23.0885 8128 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:39:23.0975 8128 PNRPAutoReg - ok
18:39:24.0025 8128 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:39:24.0105 8128 PNRPsvc - ok
18:39:24.0175 8128 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:39:24.0305 8128 PolicyAgent - ok
18:39:24.0355 8128 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:39:24.0475 8128 Power - ok
18:39:24.0555 8128 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:39:24.0675 8128 PptpMiniport - ok
18:39:24.0715 8128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:39:24.0815 8128 Processor - ok
18:39:24.0885 8128 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
18:39:24.0985 8128 ProfSvc - ok
18:39:25.0025 8128 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:25.0085 8128 ProtectedStorage - ok
18:39:25.0125 8128 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:39:25.0235 8128 Psched - ok
18:39:25.0295 8128 PSINAflt (bf6b640239be2c28a6bb43adc658fb7f) C:\Windows\system32\DRIVERS\PSINAflt.sys
18:39:25.0335 8128 PSINAflt - ok
18:39:25.0385 8128 PSINFile (2377f49c39725ed0021d75136fb0f746) C:\Windows\system32\DRIVERS\PSINFile.sys
18:39:25.0435 8128 PSINFile - ok
18:39:25.0475 8128 PSINKNC (a90f546b4f49122115768bc94bc81c04) C:\Windows\system32\DRIVERS\psinknc.sys
18:39:25.0525 8128 PSINKNC - ok
18:39:25.0555 8128 PSINProc (f8d7465cdd2a4ecae761ba8a0577d151) C:\Windows\system32\DRIVERS\PSINProc.sys
18:39:25.0605 8128 PSINProc - ok
18:39:25.0635 8128 PSINProt (076254556b4b03ade385619ff33e2f6b) C:\Windows\system32\DRIVERS\PSINProt.sys
18:39:25.0695 8128 PSINProt - ok
18:39:25.0815 8128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:39:25.0925 8128 ql2300 - ok
18:39:26.0055 8128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:39:26.0105 8128 ql40xx - ok
18:39:26.0155 8128 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:39:26.0295 8128 QWAVE - ok
18:39:26.0355 8128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:39:26.0515 8128 QWAVEdrv - ok
18:39:26.0565 8128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:39:26.0695 8128 RasAcd - ok
18:39:26.0745 8128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:39:26.0875 8128 RasAgileVpn - ok
18:39:26.0915 8128 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:39:27.0045 8128 RasAuto - ok
18:39:27.0075 8128 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:27.0225 8128 Rasl2tp - ok
18:39:27.0275 8128 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:39:27.0415 8128 RasMan - ok
18:39:27.0445 8128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:27.0575 8128 RasPppoe - ok
18:39:27.0605 8128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:39:27.0735 8128 RasSstp - ok
18:39:27.0765 8128 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:39:27.0875 8128 rdbss - ok
18:39:27.0895 8128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:39:27.0985 8128 rdpbus - ok
18:39:28.0015 8128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:28.0115 8128 RDPCDD - ok
18:39:28.0155 8128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:39:28.0275 8128 RDPENCDD - ok
18:39:28.0285 8128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:39:28.0405 8128 RDPREFMP - ok
18:39:28.0465 8128 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
18:39:28.0565 8128 RDPWD - ok
18:39:28.0635 8128 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
18:39:28.0685 8128 rdyboost - ok
18:39:28.0725 8128 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:39:28.0855 8128 RemoteAccess - ok
18:39:28.0915 8128 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:39:29.0045 8128 RemoteRegistry - ok
18:39:29.0105 8128 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:39:29.0215 8128 RFCOMM - ok
18:39:29.0275 8128 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:39:29.0415 8128 RpcEptMapper - ok
18:39:29.0455 8128 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:39:29.0545 8128 RpcLocator - ok
18:39:29.0605 8128 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:39:29.0715 8128 RpcSs - ok
18:39:29.0765 8128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:39:29.0895 8128 rspndr - ok
18:39:29.0955 8128 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
18:39:29.0995 8128 RSUSBSTOR - ok
18:39:30.0055 8128 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:39:30.0115 8128 RTL8167 - ok
18:39:30.0155 8128 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:30.0215 8128 SamSs - ok
18:39:30.0265 8128 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:39:30.0305 8128 sbp2port - ok
18:39:30.0355 8128 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:39:30.0495 8128 SCardSvr - ok
18:39:30.0525 8128 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:39:30.0645 8128 scfilter - ok
18:39:30.0745 8128 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:39:30.0885 8128 Schedule - ok
18:39:30.0925 8128 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:39:31.0035 8128 SCPolicySvc - ok
18:39:31.0265 8128 sdAuxService (ee088b31f5eb673a62e7e0d09b0007b0) C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
18:39:31.0315 8128 sdAuxService - ok
18:39:31.0425 8128 sdCoreService (747ffe0a5a34c349a363be97c632b7c4) C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
18:39:31.0505 8128 sdCoreService - ok
18:39:31.0665 8128 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:39:31.0785 8128 SDRSVC - ok
18:39:31.0875 8128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:39:32.0005 8128 secdrv - ok
18:39:32.0045 8128 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:39:32.0165 8128 seclogon - ok
18:39:32.0195 8128 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:39:32.0315 8128 SENS - ok
18:39:32.0355 8128 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:39:32.0435 8128 SensrSvc - ok
18:39:32.0465 8128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:39:32.0545 8128 Serenum - ok
18:39:32.0585 8128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:39:32.0665 8128 Serial - ok
18:39:32.0675 8128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:39:32.0745 8128 sermouse - ok
18:39:32.0815 8128 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:39:32.0955 8128 SessionEnv - ok
18:39:32.0965 8128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:39:33.0075 8128 sffdisk - ok
18:39:33.0075 8128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:39:33.0165 8128 sffp_mmc - ok
18:39:33.0165 8128 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:39:33.0255 8128 sffp_sd - ok
18:39:33.0275 8128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:39:33.0345 8128 sfloppy - ok
18:39:33.0395 8128 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:39:33.0565 8128 SharedAccess - ok
18:39:33.0625 8128 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:39:33.0735 8128 ShellHWDetection - ok
18:39:33.0775 8128 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
18:39:33.0865 8128 SiSGbeLH - ok
18:39:33.0885 8128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:39:33.0925 8128 SiSRaid2 - ok
18:39:33.0945 8128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:39:33.0985 8128 SiSRaid4 - ok
18:39:33.0995 8128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:39:34.0135 8128 Smb - ok
18:39:34.0195 8128 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:39:34.0295 8128 SNMPTRAP - ok
18:39:34.0325 8128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:39:34.0365 8128 spldr - ok
18:39:34.0425 8128 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:39:34.0535 8128 Spooler - ok
18:39:34.0765 8128 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:39:34.0985 8128 sppsvc - ok
18:39:35.0095 8128 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:39:35.0235 8128 sppuinotify - ok
18:39:35.0315 8128 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:39:35.0415 8128 srv - ok
18:39:35.0475 8128 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:39:35.0605 8128 srv2 - ok
18:39:35.0665 8128 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:39:35.0735 8128 srvnet - ok
18:39:35.0805 8128 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:39:35.0945 8128 SSDPSRV - ok
18:39:35.0955 8128 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:39:36.0075 8128 SstpSvc - ok
18:39:36.0115 8128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:39:36.0155 8128 stexstor - ok
18:39:36.0225 8128 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:39:36.0365 8128 stisvc - ok
18:39:36.0395 8128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:39:36.0435 8128 swenum - ok
18:39:36.0485 8128 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:39:36.0615 8128 swprv - ok
18:39:36.0975 8128 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:39:37.0125 8128 SysMain - ok
18:39:37.0235 8128 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:39:37.0355 8128 TabletInputService - ok
18:39:37.0405 8128 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:39:37.0515 8128 TapiSrv - ok
18:39:37.0535 8128 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:39:37.0645 8128 TBS - ok
18:39:37.0845 8128 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
18:39:37.0965 8128 Tcpip - ok
18:39:38.0205 8128 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
18:39:38.0295 8128 TCPIP6 - ok
18:39:38.0375 8128 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:39:38.0505 8128 tcpipreg - ok
18:39:38.0555 8128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:39:38.0665 8128 TDPIPE - ok
18:39:38.0695 8128 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:39:38.0805 8128 TDTCP - ok
18:39:38.0855 8128 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:39:38.0985 8128 tdx - ok
18:39:38.0995 8128 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:39:39.0035 8128 TermDD - ok
18:39:39.0115 8128 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:39:39.0265 8128 TermService - ok
18:39:39.0335 8128 TfFsMon (4b1c89130cf2e86921674de5ae7814e2) C:\Windows\system32\drivers\TfFsMon.sys
18:39:39.0375 8128 TfFsMon - ok
18:39:39.0395 8128 TfNetMon (a43b4746fb15e85ba816102c8ac5ef98) C:\Windows\system32\drivers\TfNetMon.sys
18:39:39.0435 8128 TfNetMon - ok
18:39:39.0465 8128 TfSysMon (761f2e2b759389a472bd3d94141742b9) C:\Windows\system32\drivers\TfSysMon.sys
18:39:39.0495 8128 TfSysMon - ok
18:39:39.0505 8128 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:39:39.0605 8128 Themes - ok
18:39:39.0635 8128 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:39:39.0735 8128 THREADORDER - ok
18:39:39.0935 8128 ThreatFire - ok
18:39:40.0035 8128 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
18:39:40.0085 8128 TiMiniService - ok
18:39:40.0115 8128 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
18:39:40.0155 8128 tmactmon - ok
18:39:40.0175 8128 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
18:39:40.0215 8128 tmcomm - ok
18:39:40.0225 8128 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:39:40.0265 8128 tmevtmgr - ok
18:39:40.0295 8128 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
18:39:40.0335 8128 tmtdi - ok
18:39:40.0375 8128 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:39:40.0525 8128 TrkWks - ok
18:39:40.0595 8128 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:39:40.0685 8128 TrustedInstaller - ok
18:39:40.0725 8128 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:40.0875 8128 tssecsrv - ok
18:39:40.0935 8128 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:39:41.0085 8128 tunnel - ok
18:39:41.0115 8128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:39:41.0155 8128 uagp35 - ok
18:39:41.0195 8128 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:39:41.0335 8128 udfs - ok
18:39:41.0395 8128 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:39:41.0505 8128 UI0Detect - ok
18:39:41.0525 8128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:39:41.0575 8128 uliagpkx - ok
18:39:41.0605 8128 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:39:41.0695 8128 umbus - ok
18:39:41.0715 8128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:39:41.0805 8128 UmPass - ok
18:39:41.0885 8128 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:39:42.0025 8128 upnphost - ok
18:39:42.0085 8128 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:39:42.0195 8128 USBAAPL64 - ok
18:39:42.0245 8128 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:42.0355 8128 usbccgp - ok
18:39:42.0405 8128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:39:42.0545 8128 usbcir - ok
18:39:42.0585 8128 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
18:39:42.0685 8128 usbehci - ok
18:39:42.0735 8128 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
18:39:42.0775 8128 usbfilter - ok
18:39:42.0835 8128 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
18:39:42.0965 8128 usbhub - ok
18:39:42.0985 8128 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
18:39:43.0095 8128 usbohci - ok
18:39:43.0155 8128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:39:43.0255 8128 usbprint - ok
18:39:43.0295 8128 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:39:43.0415 8128 USBSTOR - ok
18:39:43.0455 8128 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
18:39:43.0545 8128 usbuhci - ok
18:39:43.0585 8128 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
18:39:43.0725 8128 usbvideo - ok
18:39:43.0765 8128 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:39:43.0885 8128 UxSms - ok
18:39:43.0935 8128 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:44.0055 8128 VaultSvc - ok
18:39:44.0075 8128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:39:44.0125 8128 vdrvroot - ok
18:39:44.0195 8128 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:39:44.0335 8128 vds - ok
18:39:44.0365 8128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:44.0445 8128 vga - ok
18:39:44.0455 8128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:39:44.0585 8128 VgaSave - ok
18:39:44.0605 8128 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:39:44.0665 8128 vhdmp - ok
18:39:44.0665 8128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:39:44.0715 8128 viaide - ok
18:39:44.0725 8128 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:39:44.0765 8128 volmgr - ok
18:39:44.0795 8128 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:39:44.0855 8128 volmgrx - ok
18:39:44.0875 8128 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:39:44.0935 8128 volsnap - ok
18:39:44.0975 8128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:39:45.0025 8128 vsmraid - ok
18:39:45.0155 8128 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:39:45.0305 8128 VSS - ok
18:39:45.0455 8128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:39:45.0555 8128 vwifibus - ok
18:39:45.0565 8128 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:39:45.0665 8128 vwififlt - ok
18:39:45.0735 8128 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:39:45.0875 8128 W32Time - ok
18:39:45.0915 8128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:39:46.0035 8128 WacomPen - ok
18:39:46.0075 8128 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:46.0255 8128 WANARP - ok
18:39:46.0275 8128 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:46.0385 8128 Wanarpv6 - ok
18:39:46.0535 8128 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:39:46.0655 8128 WatAdminSvc - ok
18:39:46.0795 8128 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:39:47.0035 8128 wbengine - ok
18:39:47.0285 8128 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:39:47.0385 8128 WbioSrvc - ok
18:39:47.0455 8128 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:39:47.0565 8128 wcncsvc - ok
18:39:47.0595 8128 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:39:47.0696 8128 WcsPlugInService - ok
18:39:47.0786 8128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:39:47.0826 8128 Wd - ok
18:39:47.0886 8128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:39:47.0966 8128 Wdf01000 - ok
18:39:47.0986 8128 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:39:48.0076 8128 WdiServiceHost - ok
18:39:48.0086 8128 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:39:48.0176 8128 WdiSystemHost - ok
18:39:48.0226 8128 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:39:48.0326 8128 WebClient - ok
18:39:48.0386 8128 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:39:48.0536 8128 Wecsvc - ok
18:39:48.0576 8128 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:39:48.0716 8128 wercplsupport - ok
18:39:48.0756 8128 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:39:48.0896 8128 WerSvc - ok
18:39:48.0976 8128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:39:49.0106 8128 WfpLwf - ok
18:39:49.0166 8128 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
18:39:49.0216 8128 WimFltr - ok
18:39:49.0236 8128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:39:49.0276 8128 WIMMount - ok
18:39:49.0326 8128 WinDefend - ok
18:39:49.0346 8128 WinHttpAutoProxySvc - ok
18:39:49.0436 8128 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:39:49.0566 8128 Winmgmt - ok
18:39:49.0736 8128 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:39:49.0926 8128 WinRM - ok
18:39:50.0126 8128 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
18:39:50.0256 8128 WinUsb - ok
18:39:50.0336 8128 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:39:50.0446 8128 Wlansvc - ok
18:39:50.0526 8128 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:39:50.0556 8128 wlcrasvc - ok
18:39:50.0746 8128 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:39:50.0876 8128 wlidsvc - ok
18:39:51.0006 8128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:39:51.0096 8128 WmiAcpi - ok
18:39:51.0176 8128 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:39:51.0276 8128 wmiApSrv - ok
18:39:51.0336 8128 WMPNetworkSvc - ok
18:39:51.0366 8128 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:39:51.0476 8128 WPCSvc - ok
18:39:51.0506 8128 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:39:51.0626 8128 WPDBusEnum - ok
18:39:51.0656 8128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:39:51.0806 8128 ws2ifsl - ok
18:39:51.0856 8128 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
18:39:51.0956 8128 wscsvc - ok
18:39:51.0956 8128 WSearch - ok
18:39:52.0136 8128 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:39:52.0286 8128 wuauserv - ok
18:39:52.0626 8128 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:39:52.0786 8128 WudfPf - ok
18:39:52.0836 8128 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:52.0956 8128 WUDFRd - ok
18:39:52.0996 8128 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:39:53.0116 8128 wudfsvc - ok
18:39:53.0136 8128 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:39:53.0236 8128 WwanSvc - ok
18:39:53.0296 8128 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:39:53.0706 8128 \Device\Harddisk0\DR0 - ok
18:39:53.0716 8128 Boot (0x1200) (7fce7ad39f2fc2f0292065ae78fdb450) \Device\Harddisk0\DR0\Partition0
18:39:53.0716 8128 \Device\Harddisk0\DR0\Partition0 - ok
18:39:53.0746 8128 Boot (0x1200) (c88866c3db660004bd815ae66ae03c61) \Device\Harddisk0\DR0\Partition1
18:39:53.0756 8128 \Device\Harddisk0\DR0\Partition1 - ok
18:39:53.0756 8128 ============================================================
18:39:53.0756 8128 Scan finished
18:39:53.0756 8128 ============================================================
18:39:53.0786 6368 Detected object count: 1
18:39:53.0786 6368 Actual detected object count: 1
18:40:11.0366 6368 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:11.0366 6368 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:41:29.0866 7968 ============================================================
18:41:29.0866 7968 Scan started
18:41:29.0866 7968 Mode: Manual; SigCheck; TDLFS;
18:41:29.0866 7968 ============================================================
18:41:30.0366 7968 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:41:30.0466 7968 1394ohci - ok
18:41:30.0516 7968 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:41:30.0556 7968 ACPI - ok
18:41:30.0576 7968 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:41:30.0656 7968 AcpiPmi - ok
18:41:30.0766 7968 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:41:30.0806 7968 AdobeFlashPlayerUpdateSvc - ok
18:41:30.0866 7968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:41:30.0916 7968 adp94xx - ok
18:41:30.0946 7968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:41:30.0996 7968 adpahci - ok
18:41:31.0016 7968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:41:31.0056 7968 adpu320 - ok
18:41:31.0106 7968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:41:31.0216 7968 AeLookupSvc - ok
18:41:31.0286 7968 AFBAgent (6e79a119b0ce418fe44e0c824bf3f039) C:\Windows\system32\FBAgent.exe
18:41:31.0336 7968 AFBAgent - ok
18:41:31.0406 7968 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:41:31.0486 7968 AFD - ok
18:41:31.0516 7968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:41:31.0556 7968 agp440 - ok
18:41:31.0586 7968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:41:31.0656 7968 ALG - ok
18:41:31.0656 7968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:41:31.0706 7968 aliide - ok
18:41:31.0756 7968 AMD External Events Utility (a887f17abdc56a25270c51af0c667812) C:\Windows\system32\atiesrxx.exe
18:41:31.0826 7968 AMD External Events Utility - ok
18:41:31.0876 7968 AMD FUEL Service - ok
18:41:31.0926 7968 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
18:41:31.0966 7968 AMD Reservation Manager - ok
18:41:31.0976 7968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:41:32.0016 7968 amdide - ok
18:41:32.0026 7968 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:41:32.0066 7968 amdiox64 - ok
18:41:32.0076 7968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:41:32.0166 7968 AmdK8 - ok
18:41:32.0676 7968 amdkmdag (2e1e8616636141e6ba33bd3e61bf6939) C:\Windows\system32\DRIVERS\atikmdag.sys
18:41:32.0916 7968 amdkmdag - ok
18:41:33.0066 7968 amdkmdap (af0a8045ed45c961b555dd66ea8f10cf) C:\Windows\system32\DRIVERS\atikmpag.sys
18:41:33.0136 7968 amdkmdap - ok
18:41:33.0156 7968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:41:33.0226 7968 AmdPPM - ok
18:41:33.0266 7968 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:41:33.0306 7968 amdsata - ok
18:41:33.0346 7968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:41:33.0396 7968 amdsbs - ok
18:41:33.0416 7968 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:41:33.0456 7968 amdxata - ok
18:41:33.0496 7968 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\DRIVERS\amd_sata.sys
18:41:33.0536 7968 amd_sata - ok
18:41:33.0556 7968 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\DRIVERS\amd_xata.sys
18:41:33.0596 7968 amd_xata - ok
18:41:33.0686 7968 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
18:41:33.0726 7968 Amsp - ok
18:41:33.0756 7968 AODDriver4.0 - ok
18:41:33.0806 7968 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:41:33.0896 7968 AppID - ok
18:41:33.0926 7968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:41:34.0036 7968 AppIDSvc - ok
18:41:34.0056 7968 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:41:34.0136 7968 Appinfo - ok
18:41:34.0216 7968 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:41:34.0256 7968 Apple Mobile Device - ok
18:41:34.0296 7968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:41:34.0336 7968 arc - ok
18:41:34.0356 7968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:41:34.0396 7968 arcsas - ok
18:41:34.0476 7968 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:41:34.0516 7968 ASLDRService - ok
18:41:34.0536 7968 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:41:34.0576 7968 ASMMAP64 - ok
18:41:34.0586 7968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:41:34.0696 7968 AsyncMac - ok
18:41:34.0726 7968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:41:34.0756 7968 atapi - ok
18:41:34.0886 7968 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
18:41:34.0966 7968 athr - ok
18:41:35.0136 7968 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
18:41:35.0186 7968 AtiHDAudioService - ok
18:41:35.0246 7968 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:41:35.0306 7968 ATKGFNEXSrv - ok
18:41:35.0326 7968 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
18:41:35.0356 7968 ATKWMIACPIIO - ok
18:41:35.0436 7968 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:41:35.0546 7968 AudioEndpointBuilder - ok
18:41:35.0556 7968 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:41:35.0676 7968 AudioSrv - ok
18:41:35.0716 7968 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:41:35.0796 7968 AxInstSV - ok
18:41:35.0866 7968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:41:35.0946 7968 b06bdrv - ok
18:41:35.0986 7968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:41:36.0086 7968 b57nd60a - ok
18:41:36.0126 7968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:41:36.0216 7968 BDESVC - ok
18:41:36.0236 7968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:41:36.0336 7968 Beep - ok
18:41:36.0406 7968 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:41:36.0526 7968 BFE - ok
18:41:36.0606 7968 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
18:41:36.0736 7968 BITS - ok
18:41:36.0776 7968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:41:36.0866 7968 blbdrive - ok
18:41:36.0956 7968 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:41:36.0996 7968 Bonjour Service - ok
18:41:37.0036 7968 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:41:37.0106 7968 bowser - ok
18:41:37.0136 7968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:41:37.0206 7968 BrFiltLo - ok
18:41:37.0216 7968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:41:37.0286 7968 BrFiltUp - ok
18:41:37.0336 7968 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:41:37.0436 7968 Browser - ok
18:41:37.0466 7968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:41:37.0546 7968 Brserid - ok
18:41:37.0556 7968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:41:37.0626 7968 BrSerWdm - ok
18:41:37.0636 7968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:41:37.0716 7968 BrUsbMdm - ok
18:41:37.0726 7968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:41:37.0796 7968 BrUsbSer - ok
18:41:37.0846 7968 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:41:37.0926 7968 BthEnum - ok
18:41:37.0936 7968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:41:38.0016 7968 BTHMODEM - ok
18:41:38.0046 7968 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:41:38.0136 7968 BthPan - ok
18:41:38.0196 7968 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
18:41:38.0276 7968 BTHPORT - ok
18:41:38.0296 7968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:41:38.0406 7968 bthserv - ok
18:41:38.0456 7968 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
18:41:38.0526 7968 BTHUSB - ok
18:41:38.0556 7968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:41:38.0666 7968 cdfs - ok
18:41:38.0706 7968 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:41:38.0786 7968 cdrom - ok
18:41:38.0796 7968 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:41:38.0916 7968 CertPropSvc - ok
18:41:38.0946 7968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:41:39.0026 7968 circlass - ok
18:41:39.0076 7968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:41:39.0126 7968 CLFS - ok
18:41:39.0226 7968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:41:39.0266 7968 clr_optimization_v2.0.50727_32 - ok
18:41:39.0326 7968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:41:39.0366 7968 clr_optimization_v2.0.50727_64 - ok
18:41:39.0436 7968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:41:39.0486 7968 clr_optimization_v4.0.30319_32 - ok
18:41:39.0526 7968 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:41:39.0566 7968 clr_optimization_v4.0.30319_64 - ok
18:41:39.0606 7968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:41:39.0676 7968 CmBatt - ok
18:41:39.0696 7968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:41:39.0726 7968 cmdide - ok
18:41:39.0796 7968 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:41:39.0866 7968 CNG - ok
18:41:39.0876 7968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:41:39.0916 7968 Compbatt - ok
18:41:39.0926 7968 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:41:39.0996 7968 CompositeBus - ok
18:41:40.0006 7968 COMSysApp - ok
18:41:40.0016 7968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:41:40.0056 7968 crcdisk - ok
18:41:40.0306 7968 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
18:41:40.0386 7968 CryptSvc - ok
18:41:40.0446 7968 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:41:40.0486 7968 ctxusbm - ok
18:41:40.0556 7968 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:41:40.0666 7968 DcomLaunch - ok
18:41:40.0726 7968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:41:40.0836 7968 defragsvc - ok
18:41:40.0876 7968 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:41:40.0956 7968 DfsC - ok
18:41:40.0996 7968 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:41:41.0076 7968 Dhcp - ok
18:41:41.0106 7968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:41:41.0216 7968 discache - ok
18:41:41.0236 7968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:41:41.0276 7968 Disk - ok
18:41:41.0326 7968 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:41:41.0406 7968 Dnscache - ok
18:41:41.0446 7968 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:41:41.0556 7968 dot3svc - ok
18:41:41.0636 7968 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:41:41.0796 7968 DPS - ok
18:41:41.0816 7968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:41:41.0916 7968 drmkaud - ok
18:41:42.0016 7968 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:41:42.0076 7968 DXGKrnl - ok
18:41:42.0096 7968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:41:42.0216 7968 EapHost - ok
18:41:42.0396 7968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:41:42.0526 7968 ebdrv - ok
18:41:42.0646 7968 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:41:42.0716 7968 EFS - ok
18:41:42.0816 7968 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:41:42.0906 7968 ehRecvr - ok
18:41:42.0926 7968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:41:43.0036 7968 ehSched - ok
18:41:43.0106 7968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:41:43.0166 7968 elxstor - ok
18:41:43.0166 7968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:41:43.0266 7968 ErrDev - ok
18:41:43.0316 7968 ETD (4c120d2b2ea269eae7a5744794eb6db1) C:\Windows\system32\DRIVERS\ETD.sys
18:41:43.0366 7968 ETD - ok
18:41:43.0416 7968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:41:43.0546 7968 EventSystem - ok
18:41:43.0576 7968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:41:43.0736 7968 exfat - ok
18:41:43.0766 7968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:41:43.0896 7968 fastfat - ok
18:41:43.0966 7968 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:41:44.0076 7968 Fax - ok
18:41:44.0086 7968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:41:44.0216 7968 fdc - ok
18:41:44.0226 7968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:41:44.0346 7968 fdPHost - ok
18:41:44.0366 7968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:41:44.0516 7968 FDResPub - ok
18:41:44.0526 7968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:41:44.0566 7968 FileInfo - ok
18:41:44.0596 7968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:41:44.0726 7968 Filetrace - ok
18:41:44.0846 7968 FlipShare Service (0b9167adfe8e42b6b4c5e929bfbc7080) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
18:41:44.0896 7968 FlipShare Service - ok
18:41:44.0896 7968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:41:45.0006 7968 flpydisk - ok
18:41:45.0056 7968 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:41:45.0116 7968 FltMgr - ok
18:41:45.0216 7968 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:41:45.0316 7968 FontCache - ok
18:41:45.0396 7968 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:41:45.0436 7968 FontCache3.0.0.0 - ok
18:41:45.0486 7968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:41:45.0526 7968 FsDepends - ok
18:41:45.0546 7968 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:41:45.0596 7968 fssfltr - ok
18:41:45.0776 7968 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:41:45.0846 7968 fsssvc - ok
18:41:45.0986 7968 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:41:46.0026 7968 Fs_Rec - ok
18:41:46.0076 7968 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:41:46.0116 7968 fvevol - ok
18:41:46.0166 7968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:41:46.0196 7968 gagp30kx - ok
18:41:46.0236 7968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:41:46.0276 7968 GEARAspiWDM - ok
18:41:46.0356 7968 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:41:46.0436 7968 gpsvc - ok
18:41:46.0546 7968 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:41:46.0606 7968 gusvc - ok
18:41:46.0626 7968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:41:46.0716 7968 hcw85cir - ok
18:41:46.0746 7968 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:41:46.0836 7968 HdAudAddService - ok
18:41:46.0856 7968 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:41:46.0946 7968 HDAudBus - ok
18:41:46.0956 7968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:41:47.0036 7968 HidBatt - ok
18:41:47.0056 7968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:41:47.0136 7968 HidBth - ok
18:41:47.0166 7968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:41:47.0246 7968 HidIr - ok
18:41:47.0276 7968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:41:47.0386 7968 hidserv - ok
18:41:47.0396 7968 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:41:47.0476 7968 HidUsb - ok
18:41:47.0496 7968 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:41:47.0606 7968 hkmsvc - ok
18:41:47.0646 7968 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:41:47.0736 7968 HomeGroupListener - ok
18:41:47.0776 7968 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:41:47.0856 7968 HomeGroupProvider - ok
18:41:47.0886 7968 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:41:47.0926 7968 HpSAMD - ok
18:41:47.0996 7968 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:41:48.0116 7968 HTTP - ok
18:41:48.0146 7968 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:41:48.0176 7968 hwpolicy - ok
18:41:48.0196 7968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:41:48.0266 7968 i8042prt - ok
18:41:48.0326 7968 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:41:48.0396 7968 iaStorV - ok
18:41:48.0476 7968 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:41:48.0506 7968 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:41:48.0506 7968 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:41:48.0646 7968 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:41:48.0706 7968 idsvc - ok
18:41:48.0806 7968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:41:48.0836 7968 iirsp - ok
18:41:48.0936 7968 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:41:49.0056 7968 IKEEXT - ok
18:41:49.0246 7968 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
18:41:49.0416 7968 IntcAzAudAddService - ok
18:41:49.0506 7968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:41:49.0556 7968 intelide - ok
18:41:49.0556 7968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:41:49.0656 7968 intelppm - ok
18:41:49.0696 7968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:41:49.0816 7968 IPBusEnum - ok
18:41:49.0826 7968 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:41:49.0976 7968 IpFilterDriver - ok
18:41:50.0026 7968 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:41:50.0136 7968 iphlpsvc - ok
18:41:50.0156 7968 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:41:50.0236 7968 IPMIDRV - ok
18:41:50.0246 7968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:41:50.0356 7968 IPNAT - ok
18:41:50.0706 7968 iPod Service (fdf57f795098ab29af780824315c9859) C:\Program Files\iPod\bin\iPodService.exe
18:41:50.0766 7968 iPod Service - ok
18:41:50.0786 7968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:41:50.0856 7968 IRENUM - ok
18:41:50.0866 7968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:41:50.0906 7968 isapnp - ok
18:41:50.0946 7968 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:41:50.0986 7968 iScsiPrt - ok
18:41:51.0016 7968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:41:51.0066 7968 kbdclass - ok
18:41:51.0066 7968 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:41:51.0146 7968 kbdhid - ok
18:41:51.0176 7968 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:41:51.0206 7968 kbfiltr - ok
18:41:51.0246 7968 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:41:51.0316 7968 KeyIso - ok
18:41:51.0336 7968 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:41:51.0376 7968 KSecDD - ok
18:41:51.0406 7968 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:41:51.0446 7968 KSecPkg - ok
18:41:51.0456 7968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:41:51.0556 7968 ksthunk - ok
18:41:51.0626 7968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:41:51.0736 7968 KtmRm - ok
18:41:51.0756 7968 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:41:51.0846 7968 L1C - ok
18:41:51.0916 7968 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
18:41:52.0006 7968 LanmanServer - ok
18:41:52.0026 7968 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:41:52.0136 7968 LanmanWorkstation - ok
18:41:52.0166 7968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:41:52.0276 7968 lltdio - ok
18:41:52.0346 7968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:41:52.0456 7968 lltdsvc - ok
18:41:52.0476 7968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:41:52.0596 7968 lmhosts - ok
18:41:52.0626 7968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:41:52.0676 7968 LSI_FC - ok
18:41:52.0686 7968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:41:52.0726 7968 LSI_SAS - ok
18:41:52.0736 7968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:41:52.0776 7968 LSI_SAS2 - ok
18:41:52.0806 7968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:41:52.0846 7968 LSI_SCSI - ok
18:41:52.0856 7968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:41:52.0976 7968 luafv - ok
18:41:53.0006 7968 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:41:53.0096 7968 Mcx2Svc - ok
18:41:53.0116 7968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:41:53.0156 7968 megasas - ok
18:41:53.0186 7968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:41:53.0226 7968 MegaSR - ok
18:41:53.0256 7968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:41:53.0356 7968 MMCSS - ok
18:41:53.0366 7968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:41:53.0476 7968 Modem - ok
18:41:53.0476 7968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:41:53.0556 7968 monitor - ok
18:41:53.0566 7968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:41:53.0606 7968 mouclass - ok
18:41:53.0616 7968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:41:53.0696 7968 mouhid - ok
18:41:53.0706 7968 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:41:53.0746 7968 mountmgr - ok
18:41:53.0766 7968 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:41:53.0816 7968 mpio - ok
18:41:53.0826 7968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:41:53.0926 7968 mpsdrv - ok
18:41:54.0006 7968 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:41:54.0126 7968 MpsSvc - ok
18:41:54.0136 7968 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:41:54.0226 7968 MRxDAV - ok
18:41:54.0266 7968 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:41:54.0356 7968 mrxsmb - ok
18:41:54.0396 7968 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:41:54.0476 7968 mrxsmb10 - ok
18:41:54.0506 7968 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:41:54.0586 7968 mrxsmb20 - ok
18:41:54.0606 7968 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:41:54.0646 7968 msahci - ok
18:41:54.0676 7968 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:41:54.0716 7968 msdsm - ok
18:41:54.0806 7968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:41:54.0876 7968 MSDTC - ok
18:41:54.0896 7968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:41:55.0006 7968 Msfs - ok
18:41:55.0016 7968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:41:55.0126 7968 mshidkmdf - ok
18:41:55.0136 7968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:41:55.0176 7968 msisadrv - ok
18:41:55.0226 7968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:41:55.0346 7968 MSiSCSI - ok
18:41:55.0346 7968 msiserver - ok
18:41:55.0356 7968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:41:55.0476 7968 MSKSSRV - ok
18:41:55.0506 7968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:41:55.0606 7968 MSPCLOCK - ok
18:41:55.0616 7968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:41:55.0726 7968 MSPQM - ok
18:41:55.0896 7968 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:41:55.0956 7968 MsRPC - ok
18:41:55.0966 7968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:41:56.0006 7968 mssmbios - ok
18:41:56.0016 7968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:41:56.0116 7968 MSTEE - ok
18:41:56.0126 7968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:41:56.0196 7968 MTConfig - ok
18:41:56.0206 7968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:41:56.0246 7968 Mup - ok
18:41:56.0346 7968 NanoServiceMain (a830e59f98827943686e90bf79fc96fa) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
18:41:56.0396 7968 NanoServiceMain - ok
18:41:56.0466 7968 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:41:56.0576 7968 napagent - ok
18:41:56.0626 7968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:41:56.0726 7968 NativeWifiP - ok
18:41:56.0786 7968 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:41:56.0846 7968 NDIS - ok
18:41:56.0876 7968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:41:56.0986 7968 NdisCap - ok
18:41:57.0006 7968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:41:57.0126 7968 NdisTapi - ok
18:41:57.0156 7968 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:41:57.0266 7968 Ndisuio - ok
18:41:57.0276 7968 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:41:57.0416 7968 NdisWan - ok
18:41:57.0426 7968 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:41:57.0556 7968 NDProxy - ok
18:41:57.0566 7968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:41:57.0716 7968 NetBIOS - ok
18:41:57.0756 7968 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:41:57.0876 7968 NetBT - ok
18:41:57.0916 7968 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:41:58.0026 7968 Netlogon - ok
18:41:58.0076 7968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:41:58.0246 7968 Netman - ok
18:41:58.0456 7968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:41:58.0566 7968 netprofm - ok
18:41:58.0666 7968 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:41:58.0716 7968 NetTcpPortSharing - ok
18:41:58.0746 7968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:41:58.0786 7968 nfrd960 - ok
18:41:58.0826 7968 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:41:58.0936 7968 NlaSvc - ok
18:41:59.0016 7968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:41:59.0136 7968 Npfs - ok
18:41:59.0186 7968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:41:59.0286 7968 nsi - ok
18:41:59.0296 7968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:41:59.0396 7968 nsiproxy - ok
18:41:59.0516 7968 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:41:59.0596 7968 Ntfs - ok
18:41:59.0706 7968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:41:59.0816 7968 Null - ok
18:41:59.0866 7968 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:41:59.0916 7968 nvraid - ok
18:41:59.0946 7968 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:41:59.0986 7968 nvstor - ok
18:42:00.0006 7968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:42:00.0056 7968 nv_agp - ok
18:42:00.0066 7968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:42:00.0146 7968 ohci1394 - ok
18:42:00.0226 7968 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:00.0266 7968 ose - ok
18:42:00.0566 7968 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:42:00.0746 7968 osppsvc - ok
18:42:00.0936 7968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:01.0016 7968 p2pimsvc - ok
18:42:01.0066 7968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:42:01.0146 7968 p2psvc - ok
18:42:01.0186 7968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:42:01.0256 7968 Parport - ok
18:42:01.0296 7968 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
18:42:01.0336 7968 partmgr - ok
18:42:01.0376 7968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:42:01.0456 7968 PcaSvc - ok
18:42:01.0486 7968 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:42:01.0526 7968 pci - ok
18:42:01.0536 7968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:42:01.0566 7968 pciide - ok
18:42:01.0596 7968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:42:01.0636 7968 pcmcia - ok
18:42:01.0686 7968 PCTCore (3a68080572b81577791a7b19bb880da9) C:\Windows\system32\drivers\PCTCore64.sys
18:42:01.0726 7968 PCTCore - ok
18:42:01.0766 7968 pctgntdi (d6ad12ef986484d692253caca6882d89) C:\Windows\system32\drivers\pctgntdi64.sys
18:42:01.0816 7968 pctgntdi - ok
18:42:01.0866 7968 pctplsg (ccc67d848660b513ad01356b324727b2) C:\Windows\System32\drivers\pctplsg64.sys
18:42:01.0906 7968 pctplsg - ok
18:42:01.0926 7968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:42:01.0976 7968 pcw - ok
18:42:02.0036 7968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:42:02.0156 7968 PEAUTH - ok
18:42:02.0276 7968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:42:02.0346 7968 PerfHost - ok
18:42:02.0516 7968 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:42:02.0646 7968 pla - ok
18:42:02.0706 7968 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:42:02.0786 7968 PlugPlay - ok
18:42:02.0816 7968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:42:02.0896 7968 PNRPAutoReg - ok
18:42:02.0936 7968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:03.0016 7968 PNRPsvc - ok
18:42:03.0086 7968 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:42:03.0186 7968 PolicyAgent - ok
18:42:03.0236 7968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:42:03.0336 7968 Power - ok
18:42:03.0396 7968 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:03.0516 7968 PptpMiniport - ok
18:42:03.0546 7968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:42:03.0616 7968 Processor - ok
18:42:03.0676 7968 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
18:42:03.0746 7968 ProfSvc - ok
18:42:03.0786 7968 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:42:03.0856 7968 ProtectedStorage - ok
18:42:03.0886 7968 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:42:03.0996 7968 Psched - ok
18:42:04.0026 7968 PSINAflt (bf6b640239be2c28a6bb43adc658fb7f) C:\Windows\system32\DRIVERS\PSINAflt.sys
18:42:04.0066 7968 PSINAflt - ok
18:42:04.0106 7968 PSINFile (2377f49c39725ed0021d75136fb0f746) C:\Windows\system32\DRIVERS\PSINFile.sys
18:42:04.0136 7968 PSINFile - ok
18:42:04.0166 7968 PSINKNC (a90f546b4f49122115768bc94bc81c04) C:\Windows\system32\DRIVERS\psinknc.sys
18:42:04.0216 7968 PSINKNC - ok
18:42:04.0236 7968 PSINProc (f8d7465cdd2a4ecae761ba8a0577d151) C:\Windows\system32\DRIVERS\PSINProc.sys
18:42:04.0276 7968 PSINProc - ok
18:42:04.0306 7968 PSINProt (076254556b4b03ade385619ff33e2f6b) C:\Windows\system32\DRIVERS\PSINProt.sys
18:42:04.0346 7968 PSINProt - ok
18:42:04.0506 7968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:42:04.0576 7968 ql2300 - ok
18:42:04.0726 7968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:42:04.0766 7968 ql40xx - ok
18:42:04.0816 7968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:42:04.0906 7968 QWAVE - ok
18:42:04.0936 7968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:42:05.0026 7968 QWAVEdrv - ok
18:42:05.0036 7968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:42:05.0146 7968 RasAcd - ok
18:42:05.0176 7968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:42:05.0296 7968 RasAgileVpn - ok
18:42:05.0316 7968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:42:05.0426 7968 RasAuto - ok
18:42:05.0456 7968 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:05.0556 7968 Rasl2tp - ok
18:42:05.0596 7968 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:42:05.0716 7968 RasMan - ok
18:42:05.0726 7968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:05.0826 7968 RasPppoe - ok
18:42:05.0836 7968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:42:05.0946 7968 RasSstp - ok
18:42:06.0136 7968 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:42:06.0256 7968 rdbss - ok
18:42:06.0266 7968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:42:06.0336 7968 rdpbus - ok
18:42:06.0356 7968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:06.0456 7968 RDPCDD - ok
18:42:06.0466 7968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:42:06.0586 7968 RDPENCDD - ok
18:42:06.0606 7968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:42:06.0716 7968 RDPREFMP - ok
18:42:06.0766 7968 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
18:42:06.0846 7968 RDPWD - ok
18:42:06.0866 7968 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
18:42:06.0916 7968 rdyboost - ok
18:42:06.0956 7968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:42:07.0066 7968 RemoteAccess - ok
18:42:07.0106 7968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:42:07.0226 7968 RemoteRegistry - ok
18:42:07.0306 7968 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:42:07.0406 7968 RFCOMM - ok
18:42:07.0436 7968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:42:07.0556 7968 RpcEptMapper - ok
18:42:07.0586 7968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:42:07.0656 7968 RpcLocator - ok
18:42:07.0706 7968 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:42:07.0826 7968 RpcSs - ok
18:42:07.0866 7968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:42:07.0966 7968 rspndr - ok
18:42:08.0026 7968 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
18:42:08.0066 7968 RSUSBSTOR - ok
18:42:08.0126 7968 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:42:08.0166 7968 RTL8167 - ok
18:42:08.0206 7968 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:42:08.0276 7968 SamSs - ok
18:42:08.0306 7968 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:42:08.0346 7968 sbp2port - ok
18:42:08.0376 7968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:42:08.0486 7968 SCardSvr - ok
18:42:08.0516 7968 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:42:08.0616 7968 scfilter - ok
18:42:08.0736 7968 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:42:08.0826 7968 Schedule - ok
18:42:08.0876 7968 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:42:08.0986 7968 SCPolicySvc - ok
18:42:09.0186 7968 sdAuxService (ee088b31f5eb673a62e7e0d09b0007b0) C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
18:42:09.0236 7968 sdAuxService - ok
18:42:09.0336 7968 sdCoreService (747ffe0a5a34c349a363be97c632b7c4) C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
18:42:09.0396 7968 sdCoreService - ok
18:42:09.0526 7968 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:42:09.0606 7968 SDRSVC - ok
18:42:09.0666 7968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:42:09.0776 7968 secdrv - ok
18:42:09.0796 7968 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:42:09.0916 7968 seclogon - ok
18:42:09.0946 7968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:42:10.0066 7968 SENS - ok
18:42:10.0086 7968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:42:10.0246 7968 SensrSvc - ok
18:42:10.0276 7968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:42:10.0386 7968 Serenum - ok
18:42:10.0396 7968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:42:10.0526 7968 Serial - ok
18:42:10.0526 7968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:42:10.0636 7968 sermouse - ok
18:42:10.0686 7968 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:42:10.0786 7968 SessionEnv - ok
18:42:10.0796 7968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:42:10.0856 7968 sffdisk - ok
18:42:10.0866 7968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:42:10.0946 7968 sffp_mmc - ok
18:42:10.0956 7968 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:42:11.0036 7968 sffp_sd - ok
18:42:11.0046 7968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:42:11.0126 7968 sfloppy - ok
18:42:11.0196 7968 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:42:11.0306 7968 SharedAccess - ok
18:42:11.0356 7968 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:42:11.0446 7968 ShellHWDetection - ok
18:42:11.0466 7968 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
18:42:11.0556 7968 SiSGbeLH - ok
18:42:11.0566 7968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:42:11.0606 7968 SiSRaid2 - ok
18:42:11.0616 7968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:42:11.0666 7968 SiSRaid4 - ok
18:42:11.0676 7968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:42:11.0806 7968 Smb - ok
18:42:11.0836 7968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:42:11.0956 7968 SNMPTRAP - ok
18:42:11.0976 7968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:42:12.0016 7968 spldr - ok
18:42:12.0076 7968 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:42:12.0166 7968 Spooler - ok
18:42:12.0356 7968 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:42:12.0536 7968 sppsvc - ok
18:42:12.0646 7968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:42:12.0816 7968 sppuinotify - ok
18:42:12.0896 7968 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:42:12.0996 7968 srv - ok
18:42:13.0046 7968 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:42:13.0136 7968 srv2 - ok
18:42:13.0186 7968 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:42:13.0266 7968 srvnet - ok
18:42:13.0306 7968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:42:13.0436 7968 SSDPSRV - ok
18:42:13.0446 7968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:42:13.0556 7968 SstpSvc - ok
18:42:13.0596 7968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:42:13.0636 7968 stexstor - ok
18:42:13.0706 7968 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:42:13.0806 7968 stisvc - ok
18:42:13.0826 7968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:42:13.0866 7968 swenum - ok
18:42:13.0956 7968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:42:14.0066 7968 swprv - ok
18:42:14.0196 7968 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:42:14.0316 7968 SysMain - ok
18:42:14.0446 7968 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:42:14.0576 7968 TabletInputService - ok
18:42:14.0616 7968 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:42:14.0746 7968 TapiSrv - ok
18:42:14.0786 7968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:42:14.0896 7968 TBS - ok
18:42:15.0216 7968 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
18:42:15.0306 7968 Tcpip - ok
18:42:15.0486 7968 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
18:42:15.0576 7968 TCPIP6 - ok
18:42:15.0656 7968 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:42:15.0776 7968 tcpipreg - ok
18:42:15.0796 7968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:42:15.0886 7968 TDPIPE - ok
18:42:15.0916 7968 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:42:16.0006 7968 TDTCP - ok
18:42:16.0036 7968 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:42:16.0166 7968 tdx - ok
18:42:16.0256 7968 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:42:16.0296 7968 TermDD - ok
18:42:16.0526 7968 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:42:16.0636 7968 TermService - ok
18:42:16.0686 7968 TfFsMon (4b1c89130cf2e86921674de5ae7814e2) C:\Windows\system32\drivers\TfFsMon.sys
18:42:16.0726 7968 TfFsMon - ok
18:42:16.0746 7968 TfNetMon (a43b4746fb15e85ba816102c8ac5ef98) C:\Windows\system32\drivers\TfNetMon.sys
18:42:16.0776 7968 TfNetMon - ok
18:42:16.0806 7968 TfSysMon (761f2e2b759389a472bd3d94141742b9) C:\Windows\system32\drivers\TfSysMon.sys
18:42:16.0846 7968 TfSysMon - ok
18:42:16.0846 7968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:42:16.0936 7968 Themes - ok
18:42:16.0966 7968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:42:17.0076 7968 THREADORDER - ok
18:42:17.0306 7968 ThreatFire - ok
18:42:17.0406 7968 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
18:42:17.0446 7968 TiMiniService - ok
18:42:17.0486 7968 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
18:42:17.0546 7968 tmactmon - ok
18:42:17.0566 7968 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
18:42:17.0616 7968 tmcomm - ok
18:42:17.0626 7968 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:42:17.0696 7968 tmevtmgr - ok
18:42:17.0726 7968 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
18:42:17.0776 7968 tmtdi - ok
18:42:17.0806 7968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:42:17.0956 7968 TrkWks - ok
18:42:18.0026 7968 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:42:18.0116 7968 TrustedInstaller - ok
18:42:18.0156 7968 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:18.0286 7968 tssecsrv - ok
18:42:18.0316 7968 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:42:18.0436 7968 tunnel - ok
18:42:18.0466 7968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:42:18.0506 7968 uagp35 - ok
18:42:18.0546 7968 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:42:18.0666 7968 udfs - ok
18:42:18.0686 7968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:42:18.0776 7968 UI0Detect - ok
18:42:18.0786 7968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:42:18.0836 7968 uliagpkx - ok
18:42:18.0846 7968 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:42:18.0966 7968 umbus - ok
18:42:18.0986 7968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:42:19.0096 7968 UmPass - ok
18:42:19.0146 7968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:42:19.0256 7968 upnphost - ok
18:42:19.0356 7968 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:42:19.0426 7968 USBAAPL64 - ok
18:42:19.0466 7968 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:19.0546 7968 usbccgp - ok
18:42:19.0576 7968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:42:19.0646 7968 usbcir - ok
18:42:19.0676 7968 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
18:42:19.0756 7968 usbehci - ok
18:42:19.0786 7968 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
18:42:19.0826 7968 usbfilter - ok
18:42:19.0906 7968 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
18:42:19.0996 7968 usbhub - ok
18:42:20.0026 7968 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
18:42:20.0106 7968 usbohci - ok
18:42:20.0116 7968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:42:20.0216 7968 usbprint - ok
18:42:20.0246 7968 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:20.0336 7968 USBSTOR - ok
18:42:20.0366 7968 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
18:42:20.0496 7968 usbuhci - ok
18:42:20.0536 7968 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
18:42:20.0666 7968 usbvideo - ok
18:42:20.0726 7968 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:42:20.0886 7968 UxSms - ok
18:42:20.0916 7968 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:42:21.0066 7968 VaultSvc - ok
18:42:21.0076 7968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:42:21.0136 7968 vdrvroot - ok
18:42:21.0196 7968 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:42:21.0286 7968 vds - ok
18:42:21.0326 7968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:21.0446 7968 vga - ok
18:42:21.0446 7968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:42:21.0576 7968 VgaSave - ok
18:42:21.0596 7968 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:42:21.0646 7968 vhdmp - ok
18:42:21.0656 7968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:42:21.0696 7968 viaide - ok
18:42:21.0706 7968 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:42:21.0776 7968 volmgr - ok
18:42:21.0806 7968 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:42:21.0856 7968 volmgrx - ok
18:42:21.0876 7968 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:42:21.0926 7968 volsnap - ok
18:42:21.0986 7968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:42:22.0026 7968 vsmraid - ok
18:42:22.0136 7968 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:42:22.0256 7968 VSS - ok
18:42:22.0336 7968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:42:22.0436 7968 vwifibus - ok
18:42:22.0456 7968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:42:22.0546 7968 vwififlt - ok
18:42:22.0596 7968 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:42:22.0706 7968 W32Time - ok
18:42:22.0736 7968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:42:22.0816 7968 WacomPen - ok
18:42:22.0826 7968 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:22.0936 7968 WANARP - ok
18:42:22.0946 7968 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:23.0046 7968 Wanarpv6 - ok
18:42:23.0196 7968 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:42:23.0276 7968 WatAdminSvc - ok
18:42:23.0396 7968 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:42:23.0496 7968 wbengine - ok
18:42:23.0636 7968 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:42:23.0736 7968 WbioSrvc - ok
18:42:23.0796 7968 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:42:23.0886 7968 wcncsvc - ok
18:42:23.0896 7968 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:42:24.0006 7968 WcsPlugInService - ok
18:42:24.0036 7968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:42:24.0076 7968 Wd - ok
18:42:24.0146 7968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:42:24.0216 7968 Wdf01000 - ok
18:42:24.0246 7968 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:42:24.0336 7968 WdiServiceHost - ok
18:42:24.0346 7968 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:42:24.0436 7968 WdiSystemHost - ok
18:42:24.0496 7968 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:42:24.0606 7968 WebClient - ok
18:42:24.0646 7968 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:42:24.0796 7968 Wecsvc - ok
18:42:24.0826 7968 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:42:24.0976 7968 wercplsupport - ok
18:42:24.0996 7968 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:42:25.0116 7968 WerSvc - ok
18:42:25.0196 7968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:42:25.0356 7968 WfpLwf - ok
18:42:25.0406 7968 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
18:42:25.0486 7968 WimFltr - ok
18:42:25.0496 7968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:42:25.0536 7968 WIMMount - ok
18:42:25.0586 7968 WinDefend - ok
18:42:25.0606 7968 WinHttpAutoProxySvc - ok
18:42:25.0676 7968 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:42:25.0796 7968 Winmgmt - ok
18:42:26.0006 7968 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:42:26.0146 7968 WinRM - ok
18:42:26.0306 7968 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
18:42:26.0386 7968 WinUsb - ok
18:42:26.0476 7968 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:42:26.0586 7968 Wlansvc - ok
18:42:26.0766 7968 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:42:26.0806 7968 wlcrasvc - ok
18:42:26.0966 7968 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:42:27.0066 7968 wlidsvc - ok
18:42:27.0186 7968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:42:27.0286 7968 WmiAcpi - ok
18:42:27.0376 7968 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:42:27.0466 7968 wmiApSrv - ok
18:42:27.0506 7968 WMPNetworkSvc - ok
18:42:27.0586 7968 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:42:27.0726 7968 WPCSvc - ok
18:42:27.0766 7968 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:42:27.0876 7968 WPDBusEnum - ok
18:42:27.0906 7968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:42:28.0036 7968 ws2ifsl - ok
18:42:28.0076 7968 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
18:42:28.0176 7968 wscsvc - ok
18:42:28.0176 7968 WSearch - ok
18:42:28.0426 7968 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:42:28.0536 7968 wuauserv - ok
18:42:28.0646 7968 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:42:28.0756 7968 WudfPf - ok
18:42:28.0786 7968 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:28.0896 7968 WUDFRd - ok
18:42:28.0926 7968 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:42:29.0036 7968 wudfsvc - ok
18:42:29.0066 7968 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:42:29.0166 7968 WwanSvc - ok
18:42:29.0196 7968 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:42:29.0616 7968 \Device\Harddisk0\DR0 - ok
18:42:29.0626 7968 Boot (0x1200) (7fce7ad39f2fc2f0292065ae78fdb450) \Device\Harddisk0\DR0\Partition0
18:42:29.0626 7968 \Device\Harddisk0\DR0\Partition0 - ok
18:42:29.0686 7968 Boot (0x1200) (c88866c3db660004bd815ae66ae03c61) \Device\Harddisk0\DR0\Partition1
18:42:29.0686 7968 \Device\Harddisk0\DR0\Partition1 - ok
18:42:29.0696 7968 ============================================================
18:42:29.0696 7968 Scan finished
18:42:29.0696 7968 ============================================================
18:42:29.0706 6628 Detected object count: 1
18:42:29.0706 6628 Actual detected object count: 1
18:42:45.0206 6628 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:42:45.0206 6628 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Attached Thumbnails

  • screenshot dskmgt.jpg

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK onwards, when you download Combofix please rename it prior to downloading to Gotcha

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
lmart

lmart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I have been running the ComboFix scan and for about an hour the scan has been stuck on 'OutputFolder: C...'. Is this normal?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No it is not

OK we will attack this outside of windows now

You will need a CD and a USB drive

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

Download the following programme to a USB drive :

Farbar Recovery Scan Tool x64

Reboot the computer using the CD you have just created

When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

Insert the USB drive with FRST on it

At the command prompt type the following

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#9
lmart

lmart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks again for your reply.

Here is the log from the FRST scan:

Scan result of Farbar Recovery Scan Tool Version: 07-07-2012 04
Ran by SYSTEM at 07-07-2012 17:58:09
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2189416 2011-03-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [369 2012-07-07] ()
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar [439616 2011-04-28] (Panda Security, S.L.)
HKLM-x32\...\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [217256 2012-03-19] (Panda Security)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-02-24] (Nikon Corporation)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe" [1286608 2010-01-18] (PC Tools)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3349488 2012-05-10] (Safer-Networking Ltd.)
HKU\Alicia\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Alicia\...\Run: [Facebook Update] "C:\Users\Alicia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-09-20] (Facebook Inc.)
HKU\Alicia\...\Run: [Spotify] "C:\Users\Alicia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7609560 2012-07-03] (Spotify Ltd)
HKU\Alicia\...\Run: [Google Update] "C:\Users\Alicia\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-22] (Google Inc.)
HKU\Alicia\...\Run: [Spotify Web Helper] "C:\Users\Alicia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-03] ()
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Startup: C:\Users\Alicia\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()

==================== Services (Whitelisted) ======

2 AMD Reservation Manager; "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [194496 2010-06-17] (Advanced Micro Devices)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [455944 2009-11-19] ()
2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140608 2011-04-28] (Panda Security, S.L.)
2 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [365280 2009-12-09] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1141712 2010-01-18] (PC Tools)
3 ThreatFire; C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe service [70928 2010-02-02] (PC Tools)
2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
3 vds; C:\Windows\System32\vds.exe [532480 2009-07-13] (Microsoft Corporation)
3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-04-16] (Citrix Systems, Inc.)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [218056 2009-09-23] (PC Tools)
1 pctgntdi; \??\C:\Windows\system32\drivers\pctgntdi64.sys [306648 2010-02-05] (PC Tools)
3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92896 2010-02-05] (PC Tools)
2 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [161032 2012-01-05] (Panda Security, S.L.)
2 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [114760 2011-04-28] (Panda Security, S.L.)
1 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [149768 2011-11-23] (Panda Security, S.L.)
2 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [121928 2011-04-28] (Panda Security, S.L.)
2 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [128264 2011-11-30] (Panda Security, S.L.)
0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65072 2010-02-02] (PC Tools)
3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41888 2010-02-02] (PC Tools)
0 TfSysMon; C:\Windows\System32\Drivers\TfSysMon.sys [60416 2010-02-02] (PC Tools)
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-07 17:57 - 2012-07-07 17:58 - 00000000 ____D C:\FRST
2012-07-06 09:53 - 2012-07-06 09:53 - 00000000 ____D C:\32788R22FWJFW
2012-07-06 09:50 - 2012-07-06 09:50 - 04573044 ____R (Swearware) C:\Users\Alicia\Desktop\Gotcha.exe
2012-07-06 08:41 - 2012-07-06 08:42 - 00000000 ____D C:\Users\Alicia\AppData\Local\{212BF74E-1949-4709-9FFA-961B96A18119}
2012-07-06 08:39 - 2012-07-06 08:40 - 00000000 ____D C:\Users\Alicia\AppData\Local\{12A06B9D-C12A-41CA-9B05-B3D735DADB5A}
2012-07-06 08:37 - 2012-07-06 08:38 - 00000000 ____D C:\Users\Alicia\AppData\Local\{C2B10E9E-EA47-41C2-8445-16793F2C8B7D}
2012-07-06 08:36 - 2012-07-06 08:36 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Alicia\Desktop\tdsskiller.exe
2012-07-06 08:35 - 2012-07-06 08:36 - 00000000 ____D C:\Users\Alicia\AppData\Local\{9FCC8CC0-A781-4C62-850C-80006A9F29DE}
2012-07-05 01:50 - 2012-07-05 01:50 - 00065128 ____A C:\Users\Alicia\Desktop\Extras.Txt
2012-07-05 01:37 - 2012-07-05 01:37 - 00137338 ____A C:\Users\Alicia\Desktop\OTL.Txt
2012-07-04 13:50 - 2012-07-04 13:50 - 04731392 ____A (AVAST Software) C:\Users\Alicia\Desktop\aswMBR.exe
2012-07-04 13:46 - 2012-07-04 13:46 - 00595968 ____A (OldTimer Tools) C:\Users\Alicia\Desktop\OTL.exe
2012-07-04 13:07 - 2012-07-04 13:08 - 00000000 ____D C:\Users\Alicia\Desktop\Microsoft Office
2012-07-04 12:48 - 2012-07-04 12:48 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\SUPERAntiSpyware.com
2012-07-04 12:41 - 2012-07-04 12:41 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-07-04 12:41 - 2012-07-04 12:41 - 00000000 ____D C:\Users\All Users\SUPERSetup
2012-07-04 12:41 - 2012-07-04 12:41 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-07-04 12:41 - 2012-07-04 12:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-07-01 13:13 - 2010-02-23 00:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2012-06-24 19:10 - 2012-06-24 19:10 - 00000000 ____D C:\Users\Alicia\AppData\Local\{214A6E7B-1E85-4672-A68B-EFDBBCAFC62F}
2012-06-24 19:08 - 2012-06-24 19:09 - 00000000 ____D C:\Users\Alicia\AppData\Local\{E582A42E-E892-4737-BB3E-90FC917380CA}
2012-06-24 19:06 - 2012-06-24 19:07 - 00000000 ____D C:\Users\Alicia\AppData\Local\{C7BB66E4-29E7-4764-8983-55A4528D7086}
2012-06-24 19:04 - 2012-06-24 19:05 - 00000000 ____D C:\Users\Alicia\AppData\Local\{F303524D-3D98-4CCA-99BB-79E43A6212BA}
2012-06-24 19:02 - 2012-06-24 19:03 - 00000000 ____D C:\Users\Alicia\AppData\Local\{18E24C29-B784-421E-A677-DB3C8C5312CC}
2012-06-22 18:43 - 2012-06-22 18:43 - 00000000 ____D C:\Users\Alicia\AppData\Local\{FF1CBE06-2334-43A6-A500-31C8DA2176B5}
2012-06-22 18:04 - 2012-06-22 18:04 - 00000000 ____D C:\Users\Alicia\AppData\Local\{EF6B49D0-90BC-44C7-869C-66BB98063EA6}
2012-06-21 16:24 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-21 16:24 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-21 16:24 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-21 16:24 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-21 16:24 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-21 16:24 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-21 16:24 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-21 16:24 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-21 16:24 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-21 16:24 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-21 16:24 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-21 16:24 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-21 16:24 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-21 16:24 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-21 16:23 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-21 16:23 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-21 16:23 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-21 16:23 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-21 16:23 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-21 16:23 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-21 16:23 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-21 16:23 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-21 16:23 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-21 16:23 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-21 16:23 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-21 16:23 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-21 16:23 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-21 16:23 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-20 16:47 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-20 16:47 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-20 16:47 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-20 16:47 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-20 16:47 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-20 16:47 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-20 16:47 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-20 16:45 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-20 16:45 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-13 12:18 - 2012-05-14 17:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 12:18 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 12:18 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 12:18 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 12:18 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 12:17 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 12:17 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 12:17 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 12:17 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 12:17 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 12:17 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 12:13 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 12:13 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 12:13 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 12:13 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 12:13 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 12:13 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

============ 3 Months Modified Files ========================

2012-07-07 07:17 - 2012-05-24 00:47 - 00002372 ____A C:\Windows\setupact.log
2012-07-07 07:17 - 2011-08-09 17:23 - 00026591 ____A C:\Windows\SysWOW64\temp.txt
2012-07-07 07:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-07 07:09 - 2012-04-22 11:12 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001Core.job
2012-07-07 07:09 - 2011-06-18 17:01 - 01096817 ____A C:\Windows\WindowsUpdate.log
2012-07-07 07:04 - 2009-07-13 21:13 - 00759424 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-07 06:59 - 2012-04-29 09:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-07 06:59 - 2012-04-22 11:12 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001UA.job
2012-07-07 06:59 - 2011-09-20 13:50 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001UA.job
2012-07-06 09:50 - 2012-07-06 09:50 - 04573044 ____R (Swearware) C:\Users\Alicia\Desktop\Gotcha.exe
2012-07-06 08:36 - 2012-07-06 08:36 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Alicia\Desktop\tdsskiller.exe
2012-07-06 07:55 - 2011-09-20 13:50 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001Core.job
2012-07-05 01:50 - 2012-07-05 01:50 - 00065128 ____A C:\Users\Alicia\Desktop\Extras.Txt
2012-07-05 01:37 - 2012-07-05 01:37 - 00137338 ____A C:\Users\Alicia\Desktop\OTL.Txt
2012-07-04 13:50 - 2012-07-04 13:50 - 04731392 ____A (AVAST Software) C:\Users\Alicia\Desktop\aswMBR.exe
2012-07-04 13:46 - 2012-07-04 13:46 - 00595968 ____A (OldTimer Tools) C:\Users\Alicia\Desktop\OTL.exe
2012-07-04 12:52 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-04 12:52 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-04 12:41 - 2012-07-04 12:41 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-07-03 02:46 - 2012-04-22 11:17 - 00002366 ____A C:\Users\Alicia\Desktop\Google Chrome.lnk
2012-06-28 08:22 - 2011-06-18 17:41 - 00002150 ____A C:\Windows\System32\AutoRunFilter.ini
2012-06-28 08:22 - 2011-06-18 17:41 - 00001366 ____A C:\Windows\System32\ServiceFilter.ini
2012-06-27 03:29 - 2011-08-09 18:10 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-27 01:33 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-02 14:19 - 2012-06-20 16:47 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 16:47 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 16:47 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 16:47 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 16:47 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 16:47 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 16:47 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 16:45 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-20 16:45 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-22 18:23 - 2012-05-22 18:23 - 00002175 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-05-17 18:47 - 2012-06-21 16:23 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-21 16:23 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-21 16:23 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-21 16:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:59 - 2012-06-21 16:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:58 - 2012-06-21 16:24 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:58 - 2012-06-21 16:23 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:56 - 2012-06-21 16:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-21 16:24 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:55 - 2012-06-21 16:23 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:54 - 2012-06-21 16:24 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-21 16:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-21 16:24 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-21 16:24 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-21 16:23 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-21 16:23 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-21 16:23 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-21 16:24 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-21 16:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-21 16:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-21 16:24 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-21 16:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-21 16:24 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:29 - 2012-06-21 16:23 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:27 - 2012-06-21 16:24 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-21 16:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-21 16:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-21 16:24 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 01:58 - 2012-05-15 01:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-15 01:53 - 2012-04-24 13:39 - 00047616 ____A C:\Users\Alicia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-15 01:27 - 2012-05-15 01:27 - 00006684 ____A C:\Users\Alicia\Documents\My Movie.wlmp
2012-05-15 01:13 - 2012-05-15 01:13 - 01522599 ____A C:\Users\Alicia\Documents\final hopfeully.wma
2012-05-15 01:11 - 2012-05-15 01:10 - 00979309 ____A C:\Users\Alicia\Documents\fail.wma
2012-05-15 00:59 - 2012-05-15 00:59 - 01688729 ____A C:\Users\Alicia\Documents\second try.wma
2012-05-15 00:55 - 2012-05-15 00:55 - 04333339 ____A C:\Users\Alicia\Documents\first try.wma
2012-05-14 17:32 - 2012-06-13 12:18 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 18:46 - 2012-05-12 18:46 - 00001096 ____A C:\Users\Public\Desktop\FlipShare.lnk
2012-05-09 20:18 - 2012-05-09 20:18 - 00001110 ____A C:\Users\Public\Desktop\Splendid Utility.Lnk
2012-05-09 20:15 - 2012-05-09 20:15 - 00001022 ____A C:\Users\Public\Desktop\LifeFrame.lnk
2012-05-09 20:12 - 2011-06-18 17:39 - 00002595 ____A C:\Users\Public\Desktop\AI Recovery Burner.lnk
2012-05-08 13:18 - 2012-04-29 09:39 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-08 13:18 - 2012-04-29 09:39 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 02:52 - 2012-06-13 12:18 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-13 12:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-13 12:18 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 21:32 - 2012-06-13 12:17 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:50 - 2012-06-13 12:18 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:34 - 2012-06-13 12:17 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-13 12:17 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-13 12:17 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:59 - 2012-06-13 12:13 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:59 - 2012-06-13 12:13 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:59 - 2012-06-13 12:13 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:47 - 2012-06-13 12:13 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:47 - 2012-06-13 12:13 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:47 - 2012-06-13 12:13 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3691.72 MB
Available physical RAM: 2976.43 MB
Total Pagefile: 3689.87 MB
Available Pagefile: 3026.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:256.35 GB) (Free:173.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:314.82 GB) (Free:314.62 GB) NTFS
4 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
5 Drive g: () (Removable) (Total:3.99 GB) (Free:3.98 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 4090 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 256 GB 25 GB
Partition 0 Extended 314 GB 281 GB
Partition 3 Logical 314 GB 281 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 256 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 314 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4088 MB 1032 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 4088 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-05-09 16:21

======================= End Of Log ==========================
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached Fixlist.txt to the same USB as FRST



Restart FRST as previously

Then Press the Fix button
Once it has completed it will place a log on the USB drive could you post that

Posted Image

Then reboot to normal windows and try Combofix again please
  • 0

Advertisements


#11
lmart

lmart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi,

the ComboFix scan took a few hours but it has now completed and the log follows:

ComboFix 12-07-06.02 - Alicia 07/07/2012 18:57:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3692.2362 [GMT 2:00]
Running from: c:\users\Alicia\Desktop\Gotcha.exe
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1BAC53EC-B7CD-4305-A464-41C78FBF74E7}.xps
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-08 01:57 . 2012-07-08 01:58 -------- d-----w- C:\FRST
2012-07-07 19:07 . 2012-07-07 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 20:48 . 2012-07-04 20:48 -------- d-----w- c:\users\Alicia\AppData\Roaming\SUPERAntiSpyware.com
2012-07-04 20:41 . 2012-07-04 20:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-04 20:41 . 2012-07-04 20:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-04 20:41 . 2012-07-04 20:41 -------- d-----w- c:\programdata\SUPERSetup
2012-07-01 21:13 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-06-22 00:23 . 2012-05-17 23:21 748664 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2012-06-21 00:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 00:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 00:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 00:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 00:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 00:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 00:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 00:45 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 00:45 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 20:18 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 20:18 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 20:18 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 20:18 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:18 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:17 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 20:17 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 20:17 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 20:17 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 20:17 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 20:17 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 20:13 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:13 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 20:13 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:13 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 20:13 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 20:13 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-07 16:32 . 2011-08-10 01:07 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-08 21:18 . 2012-04-29 17:39 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-08 21:18 . 2012-04-29 17:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\users\Alicia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-20 137536]
"Spotify"="c:\users\Alicia\AppData\Roaming\Spotify\Spotify.exe" [2012-07-03 7609560]
"Spotify Web Helper"="c:\users\Alicia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-03 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-05-10 3349488]
.
c:\users\Alicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-30 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-3 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 257696]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-01-18 250984]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-04 38016]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2009-09-23 218056]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 65072]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 60416]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi64.sys [2010-02-05 306648]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 149768]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-06 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-06 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 161032]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 114760]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 121928]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 128264]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-06 9259008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-06 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2010-02-05 92896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-04 436840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 41888]
S3 ThreatFire;ThreatFire;c:\program files (x86)\Spyware Doctor\TFEngine\TFService.exe service [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 21:18]
.
2012-07-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001Core.job
- c:\users\Alicia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 21:50]
.
2012-07-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001UA.job
- c:\users\Alicia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 21:50]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001Core.job
- c:\users\Alicia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-22 19:11]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-944575353-2315805094-3003267987-1001UA.job
- c:\users\Alicia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-22 19:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-18 2189416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aischool.org/index.cfm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-pandasecuritytb - c:\program files (x86)\Panda Security\Panda Security Toolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-07 21:44:54
ComboFix-quarantined-files.txt 2012-07-07 19:44
.
Pre-Run: 189,402,181,632 bytes free
Post-Run: 189,356,474,368 bytes free
.
- - End Of File - - 28F8B2DF27290FEB110623D10C10335C
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you not try and see if Trend is working and also try MBAM

If they both run great, if not could you let me know what errors they return
  • 0

#13
lmart

lmart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Do you mean the aswMBR and tdsskiller that you mentioned in an earlier post?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No your main antivirus which I believe is trend mocro

But yes could you also try aswMBR
  • 0

#15
lmart

lmart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ah ok...

Malwarebytes has now successfully downloaded and I am currently running a full scan.

I will try AVG next.

Thanks you for your continued help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP