Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware or spyware infection on my son's laptop. Normal methods t


  • This topic is locked This topic is locked

#1
castelluchi

castelluchi

    New Member

  • Member
  • Pip
  • 7 posts
Hello. My son was away for a week and came home with his laptop all jacked up :D I attempted to "fix" it for him like I have been able to in the past with all the old reliable methods but this time I am out of my league. He reports that he didn't have any symptoms and that he had it in standby mode over night, upon startup in the am he received the "windows did not shut down normally" message with option to do startup repair. When he attempted the startup repair the computer was not able to repair. He attempted to restart several times, sometimes it would start and his Avast would beep at him saying it blocked a malicious trojan, other times it just crashed and went to blue screen. I was able to start up windows normally and run the OTL program. Thank you in advance for any help!!!!


here is the log:


OTL logfile created on: 8/6/12 11:10:36 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

7.93 Gb Total Physical Memory | 5.11 Gb Available Physical Memory | 64.47% Memory free
15.85 Gb Paging File | 12.67 Gb Available in Paging File | 79.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 38.79 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 16.35 Gb Free Space | 10.97% Space Free | Partition Type: NTFS
Drive E: | 204.03 Gb Total Space | 175.55 Gb Free Space | 86.04% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 105.34 Gb Free Space | 70.67% Space Free | Partition Type: NTFS

Computer Name: NOBLE-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 19:41:57 | 001,353,080 | ---- | M] (Valve Corporation) -- E:\steam.exe
PRC - [2012/08/06 23:08:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/06/19 05:11:52 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/05/17 11:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/01/04 17:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/11/09 19:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 20:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/10/26 10:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/01 02:00:09 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/08/19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/08/12 12:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/29 16:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/02/04 21:18:28 | 000,356,352 | ---- | M] (Pear Media, LLC) -- C:\Program Files (x86)\Chatango\Chatango.exe
PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/06 22:58:34 | 020,316,496 | ---- | M] () -- E:\bin\libcef.dll
MOD - [2012/08/06 22:58:27 | 001,099,576 | ---- | M] () -- E:\bin\avcodec-53.dll
MOD - [2012/08/06 22:58:27 | 000,900,944 | ---- | M] () -- E:\bin\chromehtml.dll
MOD - [2012/08/06 22:58:27 | 000,190,776 | ---- | M] () -- E:\bin\avformat-53.dll
MOD - [2012/08/06 22:58:27 | 000,123,192 | ---- | M] () -- E:\bin\avutil-51.dll
MOD - [2012/07/09 21:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/09 21:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/09 21:07:39 | 000,554,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/09 21:07:37 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/09 21:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/09 21:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/09 21:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 19:17:27 | 009,255,112 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/06/14 23:59:25 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/14 23:58:58 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/05/12 18:57:48 | 003,379,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\e710104d87885107738303d313efb006\WindowsBase.ni.dll
MOD - [2012/05/12 18:47:48 | 005,459,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e51b389e6d470d6920df51e7bbee6977\System.Xml.ni.dll
MOD - [2012/05/12 18:35:48 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97dccc257e6729c8bc2450a5caf030e5\System.Configuration.ni.dll
MOD - [2012/05/12 14:19:54 | 001,065,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f4079addaf8ef6dc56329bbd0f73d71\System.Management.ni.dll
MOD - [2012/05/11 21:39:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 21:35:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/11 20:56:20 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/05/11 20:56:08 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/05/11 20:56:08 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/23 15:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 15:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 15:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 15:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010/01/04 17:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/12/17 02:18:07 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/07 16:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/06 14:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/08/02 16:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/05 11:03:56 | 000,118,256 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/05 10:29:55 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/05 15:17:27 | 003,926,520 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/06/19 05:06:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/06/19 05:06:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/11/09 19:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/04/12 06:10:55 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/03/13 17:27:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/13 17:27:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/21 15:47:50 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/03/05 11:19:46 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/12/17 02:52:59 | 006,177,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/18 03:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 23:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 14:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/06 14:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 02:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 21:46:57 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/30 21:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 21:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 21:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/20 03:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 00:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/01 16:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/19 04:33:07] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2005/01/04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 16.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012/08/05 11:03:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 16.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/08 01:32:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 23:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/05 10:08:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 23:44:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/05 10:08:02 | 000,000,000 | ---D | M]

[2010/12/26 22:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/08/05 10:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions
[2012/03/30 12:10:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/07/12 16:43:41 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/08/05 10:55:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/01 15:27:36 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions\[email protected]
[2011/11/28 06:38:57 | 000,002,266 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\cardcaptor-sakura-en.xml
[2011/11/28 06:36:48 | 000,002,285 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\dragon-ball-wiki-en.xml
[2011/11/28 06:37:28 | 000,001,936 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\fairy-tail-wiki-en.xml
[2011/11/28 06:39:04 | 000,002,273 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\infamous-wiki-en.xml
[2011/11/28 06:36:31 | 000,006,485 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\magical-girl-lyrical-nanoha-wiki-en.xml
[2011/11/28 06:38:19 | 000,002,262 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\marvel-database-en.xml
[2011/11/28 06:36:42 | 000,001,941 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\pretty-cure-wiki-en.xml
[2011/11/28 06:37:20 | 000,002,594 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\zeldapedia-en.xml
[2012/08/05 10:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/05 10:08:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/08 01:32:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[1832/11/28 21:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FJO4E2HH.DEFAULT\EXTENSIONS\[email protected]
[2012/06/24 23:11:18 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FJO4E2HH.DEFAULT\EXTENSIONS\[email protected]
[2012/06/20 23:44:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 23:44:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 23:44:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\
CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: 1Click Downloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.5_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Chatango] C:\Program Files (x86)\Chatango\Chatango.exe (Pear Media, LLC)
O4 - HKCU..\Run: [HP] C:\Users\Chris\AppData\Local\Ilivid Player\HP\nvspyyszi.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] E:\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F88B8828-51E8-4598-8461-E65E5D69B537}: DhcpNameServer = 192.168.1.1 184.16.33.54
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 19:37:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6B688B38-EDD3-4CFB-A18E-16F8DDBE6FAD}
[2012/08/07 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{461EFAC6-8947-4CA6-BB5A-3AE37D14F74F}
[2012/08/06 22:58:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{70ADD180-B0D0-433D-9252-8D2DBD1590DB}
[2012/08/05 10:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/08/05 10:04:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/05 10:02:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A374CB4A-30C9-4B10-A70B-8ABCE5BFE063}
[2012/08/05 10:01:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{647F6646-78B7-4CE7-A34C-E71E49392DA3}
[2012/08/04 20:32:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F7B77C3C-57A4-446E-AF30-5ACAD9B542F7}
[2012/08/04 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BC7538E7-4E93-44BE-980C-513674DEB76D}
[2012/08/04 01:11:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{70E2806B-500D-429B-A5E4-7275E71985F5}
[2012/08/04 01:11:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1E87E1EB-D1C2-4725-901C-8726BA320F42}
[2012/08/03 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EC9D5687-47D8-48A0-A734-628339AD3651}
[2012/08/03 18:46:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7C8D6CA0-2823-4B0D-A5A9-E0F41FDD389C}
[2012/08/03 13:10:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2AD2B4C2-EBD4-4248-AECA-C152F2FF728E}
[2012/08/03 13:10:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{52887BA2-7950-4A58-8FFC-98EE6FCBA82F}
[2012/08/03 01:08:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5EB786AE-4ED4-42F4-9E97-40725BE62FD7}
[2012/08/03 01:08:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DAEDA679-AB7A-4E27-AD87-493A3C4519AE}
[2012/08/02 13:08:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{59EF37EC-0672-4786-AC78-B6F6DDBD397C}
[2012/08/02 13:08:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{34437175-9BAE-461F-BE31-180C0AD17311}
[2012/08/02 00:22:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{17FA5F78-99EB-442D-9EAC-C595B9F12F73}
[2012/08/02 00:22:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EC73A766-0FB5-4BFB-8E74-F63970B25A0D}
[2012/08/01 12:22:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8F9747E9-474A-4BDB-B50E-C0B5EE45FF6E}
[2012/08/01 12:22:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A1F7B2E3-1288-4F74-902E-67AA565144A8}
[2012/07/31 12:52:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E71109AC-392C-44E4-BFBF-9E7EA3BB6913}
[2012/07/31 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{74DDE669-24AA-4A08-B484-B142F79E522F}
[2012/07/30 16:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora
[2012/07/30 15:33:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E8EB8BFD-8F25-4329-ABE1-5B4A5A5F75AE}
[2012/07/30 15:33:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FEF691D5-0F41-4FB8-950B-930D323F429D}
[2012/07/30 03:32:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A81F7920-7B50-4CB6-A19F-091A8AFBE3F6}
[2012/07/30 03:32:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{970D8542-F513-4456-B4BF-D521A2A0B341}
[2012/07/29 15:32:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AA3D5DCA-D74D-40AF-BDD5-3F8D41D80854}
[2012/07/29 15:32:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FC9FC5B0-FB3E-4332-816E-0BA6800F3F92}
[2012/07/29 15:32:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5DD9978F-0541-4575-84F8-99CB975B57AA}
[2012/07/29 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F770A27B-0791-4776-8347-6DC030E1657A}
[2012/07/28 22:17:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6E6F81F8-DE3A-4883-9C2D-4BF01B2FA9BC}
[2012/07/28 22:17:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E34045AE-CE93-42EA-AD1F-65D5391DE37A}
[2012/07/28 22:17:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0EAECE8D-9460-4D2F-8513-432C606E8128}
[2012/07/28 22:17:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{060ED953-B61B-4E7D-845E-C4456FC70697}
[2012/07/28 10:16:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6CA11F48-4EA5-4E33-A960-B5CE79A73C44}
[2012/07/28 10:16:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4B093963-99A2-40B0-BC3B-B515A4A445E1}
[2012/07/28 10:16:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{81C89FA2-D08F-4582-B93A-3807D02DEBB6}
[2012/07/28 10:15:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FFD02840-BE5E-47DB-85D6-DC236621AABD}
[2012/07/27 14:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/27 14:14:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C77D0E0F-DC0F-499D-A649-D3FCEAF8ED84}
[2012/07/27 14:14:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3CC706DC-0F5D-4678-815D-5BB1877B15F5}
[2012/07/26 16:34:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FC662532-91CF-4D65-AF64-3EF3BA5E7443}
[2012/07/26 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{27ED07E6-0A1F-4D87-A24E-F8EC339DB3FB}
[2012/07/26 16:34:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D87F4494-C652-4CD0-A1B9-6B3BC4BB42AA}
[2012/07/26 16:33:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F4EB7970-24E9-44A8-89D6-33B99A8D94D5}
[2012/07/26 01:39:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{76EF5E50-D52C-406E-B15A-746A5F33B729}
[2012/07/26 01:39:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{31BAED2B-B8C8-417A-9843-12813F74A083}
[2012/07/26 01:38:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0D75DDC8-4B09-4C99-9E32-6B8BB9544166}
[2012/07/25 13:38:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F79DA29C-928C-4101-8353-20C4DB5E1D28}
[2012/07/25 13:38:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CDA089CB-4BE6-4D20-A9D4-D4308787B23F}
[2012/07/24 23:49:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1B970B55-28C8-4E5D-8BD7-2A8ACD74BFEF}
[2012/07/24 23:49:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9D0DE3DE-DE58-4951-A3CB-BA125A899193}
[2012/07/24 11:48:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{46E29796-4B84-45B0-98FD-D79D38C09DEB}
[2012/07/24 11:48:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A1F16087-E0DA-455F-BE24-DD258F0F40EE}
[2012/07/23 21:09:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4FED9810-604A-4113-A9B5-C60293B6B9B2}
[2012/07/23 21:09:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8A2DD184-6C1E-43A4-94BD-1B6C060C4E38}
[2012/07/23 09:08:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C2316E2A-8B0F-4A9A-997D-8B72AD7E500B}
[2012/07/23 09:08:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{752FB3AE-CF03-4172-BF9E-9BE0BAC3AFD2}
[2012/07/22 13:46:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{97AC3A30-E3AE-4D51-B0DE-CF07BE413CEA}
[2012/07/22 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1D4F61E9-4EF7-48C2-A660-42FBA0B0B571}
[2012/07/21 21:08:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{46455528-FD48-4183-BE19-9448C420745B}
[2012/07/21 21:08:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{46F442DD-E95A-4771-A3A8-64CB95F51153}
[2012/07/21 09:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/07/21 09:08:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B8872A08-5477-4D94-A46D-74DF7411E36C}
[2012/07/21 09:07:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5AD225D1-ECBA-4C35-A3F0-F056909C20D9}
[2012/07/21 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BBEB3CC9-27AC-4BED-AC14-2FA090703BD4}
[2012/07/20 15:04:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9819B4FA-4DD8-4F35-9E1C-47292AFD0C45}
[2012/07/20 15:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{80362796-8FAA-48FC-86DD-CBEC83E89832}
[2012/07/20 00:45:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4B4C9343-E9E1-4E4E-B736-D8A18690EF60}
[2012/07/20 00:45:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{12124FEF-2DA6-4FF2-AF6E-6401D7B9270B}
[2012/07/19 12:45:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BEAB7792-CB69-42F0-9B48-4BD92AB575D3}
[2012/07/19 00:44:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D329649D-C270-487C-AC59-F460AB501462}
[2012/07/19 00:44:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{45B95382-26EB-47E5-B032-36F9B3BCDC33}
[2012/07/18 12:43:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{87DB492A-DBB7-4603-ACE8-AB332F76445D}
[2012/07/18 12:43:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{105A8B08-49BF-4C51-A0A6-DB6029008B4C}
[2012/07/18 00:43:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B1946C95-DFAF-442F-8D9E-1AAC2621C09B}
[2012/07/18 00:43:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3B3343B5-1D0F-4CF2-A314-E0F996976055}
[2012/07/17 12:43:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3D509C5E-E1AD-4168-A234-B777E5AFAF68}
[2012/07/17 12:42:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D3A86636-1952-4FE3-BC1D-B6BC2A817BB8}
[2012/07/17 00:21:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D3735AEB-AA04-47AA-B954-ADBD6873FDAA}
[2012/07/17 00:21:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8DCD6A8A-471A-440A-B6CC-9C86F1662D71}
[2012/07/16 12:20:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{43549D49-B82C-4FFD-AD47-C92632A38C23}
[2012/07/16 12:20:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BF9E765F-CD6B-45E8-8AB4-C87D541DC604}
[2012/07/15 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{74565052-9C7B-4BED-8E0D-A3AA1AD5990C}
[2012/07/15 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1A0C523A-8131-48B4-9C86-C1FAC08C18DC}
[2012/07/15 11:50:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{74A04EBE-0111-4758-AEBE-EC100367287F}
[2012/07/15 11:49:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E032C289-8614-4343-8A06-2D0D8D256241}
[2012/07/14 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AC08ECEB-5676-4F43-BA3F-9BD8858766CD}
[2012/07/14 23:49:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E8E56186-1EF5-4DD3-A4B0-329E44E42870}
[2012/07/14 11:49:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B6EC3A7E-C19B-4DDC-B4BA-84CBAB2DDF7E}
[2012/07/14 11:49:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{524DC311-F61C-4D0E-8409-B65A4919A8B5}
[2012/07/13 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0B98F089-BA15-42A1-8347-D4C18C4E6DA9}
[2012/07/13 23:48:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C94CCF28-275D-4C7D-83F0-A944C9632E4E}
[2012/07/13 11:48:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F0CDB612-FECA-43A2-815E-03066403A868}
[2012/07/13 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{280C0952-BDC6-454D-A395-1DC51899B305}
[2012/07/12 19:11:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2C09FD69-65DA-46EB-A5F1-9D3B88A6429C}
[2012/07/12 19:11:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B91C49C2-06FE-46E0-AEE2-BFE2282E40A0}
[2012/07/12 07:10:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9DD12645-7C35-4667-8C31-CEEF5023CCDA}
[2012/07/12 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6B1BB71F-C3A4-45D5-B931-2BA483F685C2}
[2012/07/11 14:35:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AEEE1CFF-F32E-4517-8C49-7AC7736FE0D2}
[2012/07/11 14:35:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3EEE0E9D-4BE7-4CD9-89C7-27B469320DEC}
[2012/07/11 02:35:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CA79067D-7D7F-4880-A226-C041733E7616}
[2012/07/11 02:34:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3C981ED9-06AD-4D27-9644-3BA29CEE21A9}
[2012/07/10 10:38:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8FABCA7D-B461-4757-99FB-7CADF90BFB65}
[2012/07/10 10:38:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2B960A2C-C13C-4DC6-8F69-9461869B5693}
[2012/07/09 13:03:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{32C4DA09-881C-47B5-BBCD-9379637B2C5A}
[2012/07/09 13:02:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{12062342-E1D5-4756-958C-9CD1A4EAD2C6}
[2012/07/09 00:07:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A3F43E4D-6455-4150-8A2E-D195D0E8157E}
[2012/07/09 00:07:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8D795245-D49B-48C6-9290-BE4E3EC41EBC}
[2012/07/08 12:06:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A5C0CF67-2C80-441F-AC20-284EC030BF02}
[2012/07/08 12:06:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CCE2B09B-6972-480C-AF7F-0FA8798B7574}

========== Files - Modified Within 30 Days ==========

[2012/08/06 23:00:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 23:00:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 22:57:40 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/06 22:53:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 22:53:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/06 22:53:04 | 2088,144,895 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 11:30:54 | 307,908,838 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/05 11:26:13 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/08/05 10:59:50 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 10:02:47 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/05 10:02:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/24 23:50:50 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/24 23:50:50 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/24 23:50:50 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/21 09:15:44 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/07/21 09:15:44 | 000,001,850 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/07/12 08:33:49 | 000,285,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/08/05 11:30:54 | 307,908,838 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/05 11:26:13 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/01/23 22:59:12 | 000,007,609 | ---- | C] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2011/07/03 18:47:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/17 23:32:35 | 000,000,565 | ---- | C] () -- C:\Windows\Spidey.ini
[2011/03/30 22:25:32 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/06/19 04:48:34 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2010/12/26 22:21:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Asus WebStorage
[2012/08/05 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2012/08/05 10:21:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IObit
[2012/05/10 16:32:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Windows Live Writer
[2012/04/12 17:32:08 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can get you back up and running. The first two programmes can be run from safe mode

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O4 - HKCU..\Run: [HP] C:\Users\Chris\AppData\Local\Ilivid Player\HP\nvspyyszi.dll (Microsoft Corporation)

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

NEXT

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
castelluchi

castelluchi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello and thanks for your reply!

I completed the OTL portion of your directions and upon reboot notepad opened with a log and then the computer crashed. Should I re-run the custom scan/fix? On the second restart when I ran otl notepad opened with a log and I was able to run Quick Scan. Here is the log.

OTL logfile created on: 8/7/12 11:17:38 AM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

7.93 Gb Total Physical Memory | 5.19 Gb Available Physical Memory | 65.47% Memory free
15.85 Gb Paging File | 12.66 Gb Available in Paging File | 79.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 37.38 Gb Free Space | 50.17% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 16.35 Gb Free Space | 10.97% Space Free | Partition Type: NTFS
Drive E: | 204.03 Gb Total Space | 175.55 Gb Free Space | 86.04% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 105.34 Gb Free Space | 70.67% Space Free | Partition Type: NTFS

Computer Name: NOBLE-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 19:41:57 | 001,353,080 | ---- | M] (Valve Corporation) -- E:\steam.exe
PRC - [2012/08/06 23:08:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2012/07/30 22:36:16 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/06/19 05:11:52 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/05/17 11:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/01/04 17:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/11/09 19:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 20:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/10/26 10:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/01 02:00:09 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/08/19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/08/12 12:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/29 16:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/02/04 21:18:28 | 000,356,352 | ---- | M] (Pear Media, LLC) -- C:\Program Files (x86)\Chatango\Chatango.exe
PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/06 22:58:34 | 020,316,496 | ---- | M] () -- E:\bin\libcef.dll
MOD - [2012/08/06 22:58:27 | 001,099,576 | ---- | M] () -- E:\bin\avcodec-53.dll
MOD - [2012/08/06 22:58:27 | 000,900,944 | ---- | M] () -- E:\bin\chromehtml.dll
MOD - [2012/08/06 22:58:27 | 000,190,776 | ---- | M] () -- E:\bin\avformat-53.dll
MOD - [2012/08/06 22:58:27 | 000,123,192 | ---- | M] () -- E:\bin\avutil-51.dll
MOD - [2012/07/30 22:36:14 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll
MOD - [2012/07/30 22:36:13 | 012,235,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
MOD - [2012/07/30 22:36:12 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
MOD - [2012/07/30 22:34:57 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\libglesv2.dll
MOD - [2012/07/30 22:34:55 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\libegl.dll
MOD - [2012/07/30 22:34:45 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\avutil-51.dll
MOD - [2012/07/30 22:34:43 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\avformat-54.dll
MOD - [2012/07/30 22:34:42 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll
MOD - [2012/06/14 23:59:25 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/14 23:58:58 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/05/12 18:57:48 | 003,379,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\e710104d87885107738303d313efb006\WindowsBase.ni.dll
MOD - [2012/05/12 18:47:48 | 005,459,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e51b389e6d470d6920df51e7bbee6977\System.Xml.ni.dll
MOD - [2012/05/12 18:35:48 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97dccc257e6729c8bc2450a5caf030e5\System.Configuration.ni.dll
MOD - [2012/05/12 14:19:54 | 001,065,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f4079addaf8ef6dc56329bbd0f73d71\System.Management.ni.dll
MOD - [2012/05/11 21:39:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 21:35:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/11 20:56:20 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/05/11 20:56:08 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/05/11 20:56:08 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/23 15:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 15:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 15:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 15:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010/01/04 17:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/12/17 02:18:07 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/07 16:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/06 14:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/08/02 16:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/06 23:29:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/05 11:03:56 | 000,118,256 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/05 15:17:27 | 003,926,520 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/06/19 05:06:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/06/19 05:06:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/11/09 19:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/04/12 06:10:55 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/03/13 17:27:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/13 17:27:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/21 15:47:50 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/03/05 11:19:46 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/12/17 02:52:59 | 006,177,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/18 03:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 23:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 14:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/06 14:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 02:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 21:46:57 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/30 21:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 21:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 21:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/20 03:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 00:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/01 16:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/19 04:33:07] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2005/01/04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 16.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012/08/05 11:03:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 16.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/08 01:32:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 23:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/05 10:08:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 23:44:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/05 10:08:02 | 000,000,000 | ---D | M]

[2010/12/26 22:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/08/05 10:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions
[2012/03/30 12:10:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/07/12 16:43:41 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/08/05 10:55:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/01 15:27:36 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\extensions\[email protected]
[2011/11/28 06:38:57 | 000,002,266 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\cardcaptor-sakura-en.xml
[2011/11/28 06:36:48 | 000,002,285 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\dragon-ball-wiki-en.xml
[2011/11/28 06:37:28 | 000,001,936 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\fairy-tail-wiki-en.xml
[2011/11/28 06:39:04 | 000,002,273 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\infamous-wiki-en.xml
[2011/11/28 06:36:31 | 000,006,485 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\magical-girl-lyrical-nanoha-wiki-en.xml
[2011/11/28 06:38:19 | 000,002,262 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\marvel-database-en.xml
[2011/11/28 06:36:42 | 000,001,941 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\pretty-cure-wiki-en.xml
[2011/11/28 06:37:20 | 000,002,594 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\searchplugins\zeldapedia-en.xml
[2012/08/05 10:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/05 10:08:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/08 01:32:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[1832/11/28 21:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FJO4E2HH.DEFAULT\EXTENSIONS\[email protected]
[2012/06/24 23:11:18 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FJO4E2HH.DEFAULT\EXTENSIONS\[email protected]
[2012/06/20 23:44:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 23:44:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 23:44:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\
CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/07 11:04:09 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Chatango] C:\Program Files (x86)\Chatango\Chatango.exe (Pear Media, LLC)
O4 - HKCU..\Run: [Steam] E:\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F88B8828-51E8-4598-8461-E65E5D69B537}: DhcpNameServer = 192.168.1.1 184.16.33.54
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 19:37:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6B688B38-EDD3-4CFB-A18E-16F8DDBE6FAD}
[2012/08/07 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{461EFAC6-8947-4CA6-BB5A-3AE37D14F74F}
[2012/08/07 11:19:31 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2012/08/07 11:04:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/07 11:01:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{67240D47-CECE-4B62-963E-D993A5AE64AE}
[2012/08/07 11:01:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1D712781-DBF7-4F2F-9421-B9DCCE068F88}
[2012/08/06 22:58:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{70ADD180-B0D0-433D-9252-8D2DBD1590DB}
[2012/08/05 10:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/08/05 10:04:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/05 10:02:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A374CB4A-30C9-4B10-A70B-8ABCE5BFE063}
[2012/08/05 10:01:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{647F6646-78B7-4CE7-A34C-E71E49392DA3}
[2012/08/04 20:32:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F7B77C3C-57A4-446E-AF30-5ACAD9B542F7}
[2012/08/04 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BC7538E7-4E93-44BE-980C-513674DEB76D}
[2012/08/04 01:11:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{70E2806B-500D-429B-A5E4-7275E71985F5}
[2012/08/04 01:11:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1E87E1EB-D1C2-4725-901C-8726BA320F42}
[2012/08/03 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EC9D5687-47D8-48A0-A734-628339AD3651}
[2012/08/03 18:46:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7C8D6CA0-2823-4B0D-A5A9-E0F41FDD389C}
[2012/08/03 13:10:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2AD2B4C2-EBD4-4248-AECA-C152F2FF728E}
[2012/08/03 13:10:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{52887BA2-7950-4A58-8FFC-98EE6FCBA82F}
[2012/08/03 01:08:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5EB786AE-4ED4-42F4-9E97-40725BE62FD7}
[2012/08/03 01:08:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DAEDA679-AB7A-4E27-AD87-493A3C4519AE}
[2012/08/02 13:08:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{59EF37EC-0672-4786-AC78-B6F6DDBD397C}
[2012/08/02 13:08:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{34437175-9BAE-461F-BE31-180C0AD17311}
[2012/08/02 00:22:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{17FA5F78-99EB-442D-9EAC-C595B9F12F73}
[2012/08/02 00:22:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EC73A766-0FB5-4BFB-8E74-F63970B25A0D}
[2012/08/01 12:22:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8F9747E9-474A-4BDB-B50E-C0B5EE45FF6E}
[2012/08/01 12:22:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A1F7B2E3-1288-4F74-902E-67AA565144A8}
[2012/07/31 12:52:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E71109AC-392C-44E4-BFBF-9E7EA3BB6913}
[2012/07/31 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{74DDE669-24AA-4A08-B484-B142F79E522F}
[2012/07/30 16:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora
[2012/07/30 15:33:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E8EB8BFD-8F25-4329-ABE1-5B4A5A5F75AE}
[2012/07/30 15:33:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FEF691D5-0F41-4FB8-950B-930D323F429D}
[2012/07/30 03:32:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A81F7920-7B50-4CB6-A19F-091A8AFBE3F6}
[2012/07/30 03:32:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{970D8542-F513-4456-B4BF-D521A2A0B341}
[2012/07/29 15:32:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AA3D5DCA-D74D-40AF-BDD5-3F8D41D80854}
[2012/07/29 15:32:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FC9FC5B0-FB3E-4332-816E-0BA6800F3F92}
[2012/07/29 15:32:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5DD9978F-0541-4575-84F8-99CB975B57AA}
[2012/07/29 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F770A27B-0791-4776-8347-6DC030E1657A}
[2012/07/28 22:17:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6E6F81F8-DE3A-4883-9C2D-4BF01B2FA9BC}
[2012/07/28 22:17:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E34045AE-CE93-42EA-AD1F-65D5391DE37A}
[2012/07/28 22:17:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0EAECE8D-9460-4D2F-8513-432C606E8128}
[2012/07/28 22:17:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{060ED953-B61B-4E7D-845E-C4456FC70697}
[2012/07/28 10:16:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6CA11F48-4EA5-4E33-A960-B5CE79A73C44}
[2012/07/28 10:16:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4B093963-99A2-40B0-BC3B-B515A4A445E1}
[2012/07/28 10:16:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{81C89FA2-D08F-4582-B93A-3807D02DEBB6}
[2012/07/28 10:15:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FFD02840-BE5E-47DB-85D6-DC236621AABD}
[2012/07/27 14:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/27 14:14:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C77D0E0F-DC0F-499D-A649-D3FCEAF8ED84}
[2012/07/27 14:14:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3CC706DC-0F5D-4678-815D-5BB1877B15F5}
[2012/07/26 16:34:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FC662532-91CF-4D65-AF64-3EF3BA5E7443}
[2012/07/26 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{27ED07E6-0A1F-4D87-A24E-F8EC339DB3FB}
[2012/07/26 16:34:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D87F4494-C652-4CD0-A1B9-6B3BC4BB42AA}
[2012/07/26 16:33:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F4EB7970-24E9-44A8-89D6-33B99A8D94D5}
[2012/07/26 01:39:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{76EF5E50-D52C-406E-B15A-746A5F33B729}
[2012/07/26 01:39:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{31BAED2B-B8C8-417A-9843-12813F74A083}
[2012/07/26 01:38:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0D75DDC8-4B09-4C99-9E32-6B8BB9544166}
[2012/07/25 13:38:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F79DA29C-928C-4101-8353-20C4DB5E1D28}
[2012/07/25 13:38:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CDA089CB-4BE6-4D20-A9D4-D4308787B23F}
[2012/07/24 23:49:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1B970B55-28C8-4E5D-8BD7-2A8ACD74BFEF}
[2012/07/24 23:49:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9D0DE3DE-DE58-4951-A3CB-BA125A899193}
[2012/07/24 11:48:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{46E29796-4B84-45B0-98FD-D79D38C09DEB}
[2012/07/24 11:48:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A1F16087-E0DA-455F-BE24-DD258F0F40EE}
[2012/07/23 21:09:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4FED9810-604A-4113-A9B5-C60293B6B9B2}
[2012/07/23 21:09:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8A2DD184-6C1E-43A4-94BD-1B6C060C4E38}
[2012/07/23 09:08:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C2316E2A-8B0F-4A9A-997D-8B72AD7E500B}
[2012/07/23 09:08:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{752FB3AE-CF03-4172-BF9E-9BE0BAC3AFD2}
[2012/07/22 13:46:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{97AC3A30-E3AE-4D51-B0DE-CF07BE413CEA}
[2012/07/22 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1D4F61E9-4EF7-48C2-A660-42FBA0B0B571}
[2012/07/21 21:08:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{46455528-FD48-4183-BE19-9448C420745B}
[2012/07/21 21:08:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{46F442DD-E95A-4771-A3A8-64CB95F51153}
[2012/07/21 09:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/07/21 09:08:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B8872A08-5477-4D94-A46D-74DF7411E36C}
[2012/07/21 09:07:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5AD225D1-ECBA-4C35-A3F0-F056909C20D9}
[2012/07/21 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BBEB3CC9-27AC-4BED-AC14-2FA090703BD4}
[2012/07/20 15:04:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9819B4FA-4DD8-4F35-9E1C-47292AFD0C45}
[2012/07/20 15:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{80362796-8FAA-48FC-86DD-CBEC83E89832}
[2012/07/20 00:45:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4B4C9343-E9E1-4E4E-B736-D8A18690EF60}
[2012/07/20 00:45:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{12124FEF-2DA6-4FF2-AF6E-6401D7B9270B}
[2012/07/19 12:45:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BEAB7792-CB69-42F0-9B48-4BD92AB575D3}
[2012/07/19 00:44:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D329649D-C270-487C-AC59-F460AB501462}
[2012/07/19 00:44:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{45B95382-26EB-47E5-B032-36F9B3BCDC33}
[2012/07/18 12:43:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{87DB492A-DBB7-4603-ACE8-AB332F76445D}
[2012/07/18 12:43:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{105A8B08-49BF-4C51-A0A6-DB6029008B4C}
[2012/07/18 00:43:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B1946C95-DFAF-442F-8D9E-1AAC2621C09B}
[2012/07/18 00:43:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3B3343B5-1D0F-4CF2-A314-E0F996976055}
[2012/07/17 12:43:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3D509C5E-E1AD-4168-A234-B777E5AFAF68}
[2012/07/17 12:42:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D3A86636-1952-4FE3-BC1D-B6BC2A817BB8}
[2012/07/17 00:21:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D3735AEB-AA04-47AA-B954-ADBD6873FDAA}
[2012/07/17 00:21:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8DCD6A8A-471A-440A-B6CC-9C86F1662D71}
[2012/07/16 12:20:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{43549D49-B82C-4FFD-AD47-C92632A38C23}
[2012/07/16 12:20:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BF9E765F-CD6B-45E8-8AB4-C87D541DC604}
[2012/07/15 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{74565052-9C7B-4BED-8E0D-A3AA1AD5990C}
[2012/07/15 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1A0C523A-8131-48B4-9C86-C1FAC08C18DC}
[2012/07/15 11:50:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{74A04EBE-0111-4758-AEBE-EC100367287F}
[2012/07/15 11:49:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E032C289-8614-4343-8A06-2D0D8D256241}
[2012/07/14 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AC08ECEB-5676-4F43-BA3F-9BD8858766CD}
[2012/07/14 23:49:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E8E56186-1EF5-4DD3-A4B0-329E44E42870}
[2012/07/14 11:49:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B6EC3A7E-C19B-4DDC-B4BA-84CBAB2DDF7E}
[2012/07/14 11:49:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{524DC311-F61C-4D0E-8409-B65A4919A8B5}
[2012/07/13 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0B98F089-BA15-42A1-8347-D4C18C4E6DA9}
[2012/07/13 23:48:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C94CCF28-275D-4C7D-83F0-A944C9632E4E}
[2012/07/13 11:48:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F0CDB612-FECA-43A2-815E-03066403A868}
[2012/07/13 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{280C0952-BDC6-454D-A395-1DC51899B305}
[2012/07/12 19:11:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2C09FD69-65DA-46EB-A5F1-9D3B88A6429C}
[2012/07/12 19:11:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B91C49C2-06FE-46E0-AEE2-BFE2282E40A0}
[2012/07/12 07:10:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9DD12645-7C35-4667-8C31-CEEF5023CCDA}
[2012/07/12 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6B1BB71F-C3A4-45D5-B931-2BA483F685C2}
[2012/07/11 14:35:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AEEE1CFF-F32E-4517-8C49-7AC7736FE0D2}
[2012/07/11 14:35:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3EEE0E9D-4BE7-4CD9-89C7-27B469320DEC}
[2012/07/11 02:35:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CA79067D-7D7F-4880-A226-C041733E7616}
[2012/07/11 02:34:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3C981ED9-06AD-4D27-9644-3BA29CEE21A9}
[2012/07/10 10:38:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8FABCA7D-B461-4757-99FB-7CADF90BFB65}
[2012/07/10 10:38:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2B960A2C-C13C-4DC6-8F69-9461869B5693}
[2012/07/09 13:03:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{32C4DA09-881C-47B5-BBCD-9379637B2C5A}
[2012/07/09 13:02:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{12062342-E1D5-4756-958C-9CD1A4EAD2C6}
[2012/07/09 00:07:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A3F43E4D-6455-4150-8A2E-D195D0E8157E}
[2012/07/09 00:07:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8D795245-D49B-48C6-9290-BE4E3EC41EBC}
[2012/07/08 12:06:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A5C0CF67-2C80-441F-AC20-284EC030BF02}
[2012/07/08 12:06:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CCE2B09B-6972-480C-AF7F-0FA8798B7574}

========== Files - Modified Within 30 Days ==========

[2012/08/07 11:19:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 11:19:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 11:19:35 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2012/08/07 11:12:53 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/07 11:12:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 11:12:16 | 2088,144,895 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 11:04:09 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/07 00:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 23:48:38 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 11:30:54 | 307,908,838 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/05 11:26:13 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/08/05 10:02:47 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/05 10:02:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/24 23:50:50 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/24 23:50:50 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/24 23:50:50 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/21 09:15:44 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/07/21 09:15:44 | 000,001,850 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/07/12 08:33:49 | 000,285,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/08/05 11:30:54 | 307,908,838 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/05 11:26:13 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/01/23 22:59:12 | 000,007,609 | ---- | C] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2011/07/03 18:47:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/17 23:32:35 | 000,000,565 | ---- | C] () -- C:\Windows\Spidey.ini
[2011/03/30 22:25:32 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/06/19 04:48:34 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2010/12/26 22:21:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Asus WebStorage
[2012/08/05 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2012/08/05 10:21:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IObit
[2012/05/10 16:32:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Windows Live Writer
[2012/04/12 17:32:08 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
castelluchi

castelluchi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the Second log:



11:25:21.0625 5336 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:25:22.0077 5336 ============================================================
11:25:22.0077 5336 Current date / time: 2012/08/07 11:25:22.0077
11:25:22.0077 5336 SystemInfo:
11:25:22.0077 5336
11:25:22.0077 5336 OS Version: 6.1.7601 ServicePack: 1.0
11:25:22.0077 5336 Product type: Workstation
11:25:22.0077 5336 ComputerName: NOBLE-PC
11:25:22.0077 5336 UserName: Chris
11:25:22.0077 5336 Windows directory: C:\Windows
11:25:22.0077 5336 System windows directory: C:\Windows
11:25:22.0077 5336 Running under WOW64
11:25:22.0077 5336 Processor architecture: Intel x64
11:25:22.0077 5336 Number of processors: 8
11:25:22.0077 5336 Page size: 0x1000
11:25:22.0077 5336 Boot type: Normal boot
11:25:22.0077 5336 ============================================================
11:25:22.0639 5336 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:25:22.0951 5336 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:25:22.0966 5336 ============================================================
11:25:22.0966 5336 \Device\Harddisk0\DR0:
11:25:22.0966 5336 MBR partitions:
11:25:22.0966 5336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x950A408
11:25:22.0982 5336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBC1C800, BlocksNum 0x19811800
11:25:22.0982 5336 \Device\Harddisk1\DR1:
11:25:22.0982 5336 MBR partitions:
11:25:22.0982 5336 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A13800
11:25:22.0982 5336 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x12A14000, BlocksNum 0x12A196C1
11:25:22.0982 5336 ============================================================
11:25:23.0029 5336 C: <-> \Device\Harddisk0\DR0\Partition0
11:25:23.0075 5336 D: <-> \Device\Harddisk1\DR1\Partition0
11:25:23.0107 5336 E: <-> \Device\Harddisk0\DR0\Partition1
11:25:23.0138 5336 F: <-> \Device\Harddisk1\DR1\Partition1
11:25:23.0138 5336 ============================================================
11:25:23.0138 5336 Initialize success
11:25:23.0138 5336 ============================================================
11:26:20.0108 6956 ============================================================
11:26:20.0108 6956 Scan started
11:26:20.0108 6956 Mode: Manual; SigCheck; TDLFS;
11:26:20.0108 6956 ============================================================
11:26:20.0420 6956 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:26:20.0467 6956 !SASCORE - ok
11:26:20.0670 6956 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:26:20.0716 6956 1394ohci - ok
11:26:20.0763 6956 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:26:20.0779 6956 ACPI - ok
11:26:20.0794 6956 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:26:20.0841 6956 AcpiPmi - ok
11:26:20.0950 6956 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:26:20.0966 6956 AdobeFlashPlayerUpdateSvc - ok
11:26:21.0028 6956 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:26:21.0060 6956 adp94xx - ok
11:26:21.0091 6956 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:26:21.0106 6956 adpahci - ok
11:26:21.0122 6956 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:26:21.0138 6956 adpu320 - ok
11:26:21.0247 6956 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
11:26:21.0262 6956 AdvancedSystemCareService5 - ok
11:26:21.0278 6956 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:26:21.0356 6956 AeLookupSvc - ok
11:26:21.0403 6956 AFBAgent (2d00d3dadc1d3326ba788eb071f2726e) C:\Windows\system32\FBAgent.exe
11:26:21.0418 6956 AFBAgent - ok
11:26:21.0481 6956 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:26:21.0512 6956 AFD - ok
11:26:21.0559 6956 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:26:21.0574 6956 agp440 - ok
11:26:21.0621 6956 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:26:21.0668 6956 ALG - ok
11:26:21.0684 6956 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:26:21.0684 6956 aliide - ok
11:26:21.0715 6956 AMD External Events Utility (3298d088f050e0f9576f4910b7616253) C:\Windows\system32\atiesrxx.exe
11:26:21.0777 6956 AMD External Events Utility - ok
11:26:21.0808 6956 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:26:21.0824 6956 amdide - ok
11:26:21.0855 6956 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:26:21.0902 6956 AmdK8 - ok
11:26:21.0933 6956 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:26:21.0996 6956 AmdPPM - ok
11:26:22.0011 6956 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:26:22.0027 6956 amdsata - ok
11:26:22.0042 6956 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:26:22.0058 6956 amdsbs - ok
11:26:22.0074 6956 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:26:22.0089 6956 amdxata - ok
11:26:22.0120 6956 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
11:26:22.0167 6956 AmUStor - ok
11:26:22.0198 6956 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:26:22.0245 6956 AppID - ok
11:26:22.0276 6956 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:26:22.0354 6956 AppIDSvc - ok
11:26:22.0386 6956 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:26:22.0432 6956 Appinfo - ok
11:26:22.0526 6956 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:26:22.0542 6956 Apple Mobile Device - ok
11:26:22.0557 6956 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:26:22.0573 6956 arc - ok
11:26:22.0588 6956 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:26:22.0588 6956 arcsas - ok
11:26:22.0651 6956 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
11:26:22.0682 6956 ASLDRService - ok
11:26:22.0682 6956 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
11:26:22.0698 6956 ASMMAP64 - ok
11:26:22.0713 6956 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
11:26:22.0729 6956 aswFsBlk - ok
11:26:22.0760 6956 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
11:26:22.0760 6956 aswMonFlt - ok
11:26:22.0791 6956 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
11:26:22.0807 6956 aswRdr - ok
11:26:22.0869 6956 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
11:26:22.0900 6956 aswSnx - ok
11:26:22.0932 6956 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
11:26:22.0947 6956 aswSP - ok
11:26:22.0963 6956 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
11:26:22.0978 6956 aswTdi - ok
11:26:22.0994 6956 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:26:23.0056 6956 AsyncMac - ok
11:26:23.0088 6956 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:26:23.0088 6956 atapi - ok
11:26:23.0181 6956 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
11:26:23.0244 6956 athr - ok
11:26:23.0290 6956 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
11:26:23.0290 6956 AtiHdmiService - ok
11:26:23.0634 6956 atikmdag (6abdeacf12a74374cac307bc045d4662) C:\Windows\system32\DRIVERS\atikmdag.sys
11:26:23.0790 6956 atikmdag - ok
11:26:23.0852 6956 ATKGFNEXSrv (63f1212ffe13e62ca1e8d8ee19abd9a7) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
11:26:23.0868 6956 ATKGFNEXSrv - ok
11:26:24.0024 6956 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:26:24.0086 6956 AudioEndpointBuilder - ok
11:26:24.0086 6956 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:26:24.0117 6956 AudioSrv - ok
11:26:24.0180 6956 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:26:24.0195 6956 avast! Antivirus - ok
11:26:24.0226 6956 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:26:24.0273 6956 AxInstSV - ok
11:26:24.0336 6956 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:26:24.0367 6956 b06bdrv - ok
11:26:24.0398 6956 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:26:24.0460 6956 b57nd60a - ok
11:26:24.0538 6956 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:26:24.0554 6956 BBSvc - ok
11:26:24.0601 6956 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:26:24.0616 6956 BBUpdate - ok
11:26:24.0648 6956 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:26:24.0663 6956 BDESVC - ok
11:26:24.0694 6956 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:26:24.0741 6956 Beep - ok
11:26:24.0819 6956 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:26:24.0897 6956 BFE - ok
11:26:24.0991 6956 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:26:25.0038 6956 BITS - ok
11:26:25.0084 6956 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:26:25.0131 6956 blbdrive - ok
11:26:25.0209 6956 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:26:25.0225 6956 Bonjour Service - ok
11:26:25.0256 6956 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:26:25.0272 6956 bowser - ok
11:26:25.0287 6956 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:26:25.0318 6956 BrFiltLo - ok
11:26:25.0350 6956 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:26:25.0396 6956 BrFiltUp - ok
11:26:25.0443 6956 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:26:25.0506 6956 Browser - ok
11:26:25.0537 6956 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:26:25.0584 6956 Brserid - ok
11:26:25.0599 6956 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:26:25.0615 6956 BrSerWdm - ok
11:26:25.0630 6956 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:26:25.0693 6956 BrUsbMdm - ok
11:26:25.0708 6956 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:26:25.0755 6956 BrUsbSer - ok
11:26:25.0802 6956 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:26:25.0849 6956 BthEnum - ok
11:26:25.0864 6956 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:26:25.0896 6956 BTHMODEM - ok
11:26:25.0911 6956 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:26:25.0927 6956 BthPan - ok
11:26:25.0974 6956 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:26:26.0005 6956 BTHPORT - ok
11:26:26.0052 6956 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:26:26.0098 6956 bthserv - ok
11:26:26.0098 6956 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:26:26.0161 6956 BTHUSB - ok
11:26:26.0176 6956 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
11:26:26.0192 6956 btusbflt - ok
11:26:26.0208 6956 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
11:26:26.0223 6956 btwaudio - ok
11:26:26.0223 6956 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
11:26:26.0239 6956 btwavdt - ok
11:26:26.0364 6956 btwdins (1e08dc82525282e34ad66ffba0782565) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:26:26.0379 6956 btwdins - ok
11:26:26.0395 6956 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:26:26.0395 6956 btwl2cap - ok
11:26:26.0410 6956 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
11:26:26.0410 6956 btwrchid - ok
11:26:26.0442 6956 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:26:26.0488 6956 cdfs - ok
11:26:26.0520 6956 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:26:26.0566 6956 cdrom - ok
11:26:26.0582 6956 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:26:26.0644 6956 CertPropSvc - ok
11:26:26.0660 6956 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:26:26.0691 6956 circlass - ok
11:26:26.0754 6956 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:26:26.0769 6956 CLFS - ok
11:26:26.0816 6956 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:26:26.0847 6956 clr_optimization_v2.0.50727_32 - ok
11:26:26.0910 6956 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:26:26.0925 6956 clr_optimization_v2.0.50727_64 - ok
11:26:26.0941 6956 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:26:26.0988 6956 CmBatt - ok
11:26:27.0003 6956 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:26:27.0019 6956 cmdide - ok
11:26:27.0066 6956 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:26:27.0097 6956 CNG - ok
11:26:27.0112 6956 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:26:27.0112 6956 Compbatt - ok
11:26:27.0144 6956 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:26:27.0175 6956 CompositeBus - ok
11:26:27.0175 6956 COMSysApp - ok
11:26:27.0190 6956 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:26:27.0206 6956 crcdisk - ok
11:26:27.0284 6956 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
11:26:27.0315 6956 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:26:27.0315 6956 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:26:27.0315 6956 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
11:26:27.0331 6956 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:26:27.0331 6956 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:26:27.0378 6956 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:26:27.0409 6956 CryptSvc - ok
11:26:27.0471 6956 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:26:27.0534 6956 DcomLaunch - ok
11:26:27.0580 6956 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:26:27.0627 6956 defragsvc - ok
11:26:27.0658 6956 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:26:27.0705 6956 DfsC - ok
11:26:27.0752 6956 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:26:27.0783 6956 Dhcp - ok
11:26:27.0814 6956 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:26:27.0877 6956 discache - ok
11:26:27.0908 6956 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:26:27.0908 6956 Disk - ok
11:26:27.0955 6956 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:26:28.0002 6956 Dnscache - ok
11:26:28.0033 6956 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:26:28.0080 6956 dot3svc - ok
11:26:28.0126 6956 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:26:28.0189 6956 DPS - ok
11:26:28.0204 6956 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:26:28.0236 6956 drmkaud - ok
11:26:28.0267 6956 dump_wmimmc - ok
11:26:28.0345 6956 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:26:28.0376 6956 DXGKrnl - ok
11:26:28.0407 6956 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:26:28.0454 6956 EapHost - ok
11:26:28.0563 6956 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:26:28.0641 6956 ebdrv - ok
11:26:28.0672 6956 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:26:28.0688 6956 EFS - ok
11:26:28.0813 6956 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:26:28.0860 6956 ehRecvr - ok
11:26:28.0891 6956 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:26:28.0938 6956 ehSched - ok
11:26:29.0000 6956 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:26:29.0031 6956 elxstor - ok
11:26:29.0062 6956 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:26:29.0078 6956 ErrDev - ok
11:26:29.0140 6956 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:26:29.0203 6956 EventSystem - ok
11:26:29.0234 6956 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:26:29.0265 6956 exfat - ok
11:26:29.0296 6956 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:26:29.0359 6956 fastfat - ok
11:26:29.0421 6956 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:26:29.0468 6956 Fax - ok
11:26:29.0484 6956 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:26:29.0530 6956 fdc - ok
11:26:29.0562 6956 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:26:29.0640 6956 fdPHost - ok
11:26:29.0655 6956 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:26:29.0718 6956 FDResPub - ok
11:26:29.0764 6956 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:26:29.0780 6956 FileInfo - ok
11:26:29.0796 6956 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:26:29.0858 6956 Filetrace - ok
11:26:29.0858 6956 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:26:29.0889 6956 flpydisk - ok
11:26:29.0936 6956 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:26:29.0952 6956 FltMgr - ok
11:26:30.0061 6956 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:26:30.0123 6956 FontCache - ok
11:26:30.0201 6956 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:26:30.0201 6956 FontCache3.0.0.0 - ok
11:26:30.0248 6956 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:26:30.0279 6956 FsDepends - ok
11:26:30.0295 6956 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
11:26:30.0310 6956 fssfltr - ok
11:26:30.0466 6956 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:26:30.0498 6956 fsssvc - ok
11:26:30.0513 6956 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:26:30.0529 6956 Fs_Rec - ok
11:26:30.0576 6956 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:26:30.0591 6956 fvevol - ok
11:26:30.0622 6956 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:26:30.0638 6956 gagp30kx - ok
11:26:30.0669 6956 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:26:30.0685 6956 GEARAspiWDM - ok
11:26:30.0747 6956 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:26:30.0810 6956 gpsvc - ok
11:26:30.0888 6956 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:26:30.0888 6956 gupdate - ok
11:26:30.0903 6956 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:26:30.0903 6956 gupdatem - ok
11:26:30.0919 6956 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:26:30.0950 6956 hcw85cir - ok
11:26:30.0997 6956 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:26:31.0044 6956 HdAudAddService - ok
11:26:31.0090 6956 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:26:31.0122 6956 HDAudBus - ok
11:26:31.0137 6956 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:26:31.0153 6956 HECIx64 - ok
11:26:31.0168 6956 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:26:31.0184 6956 HidBatt - ok
11:26:31.0200 6956 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:26:31.0231 6956 HidBth - ok
11:26:31.0246 6956 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:26:31.0262 6956 HidIr - ok
11:26:31.0293 6956 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:26:31.0340 6956 hidserv - ok
11:26:31.0371 6956 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:26:31.0387 6956 HidUsb - ok
11:26:31.0402 6956 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:26:31.0449 6956 hkmsvc - ok
11:26:31.0496 6956 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:26:31.0512 6956 HomeGroupListener - ok
11:26:31.0543 6956 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:26:31.0558 6956 HomeGroupProvider - ok
11:26:31.0590 6956 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:26:31.0605 6956 HpSAMD - ok
11:26:31.0668 6956 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:26:31.0730 6956 HTTP - ok
11:26:31.0746 6956 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:26:31.0746 6956 hwpolicy - ok
11:26:31.0777 6956 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:26:31.0792 6956 i8042prt - ok
11:26:31.0855 6956 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
11:26:31.0870 6956 iaStor - ok
11:26:31.0917 6956 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:26:31.0933 6956 iaStorV - ok
11:26:32.0120 6956 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:26:32.0136 6956 idsvc - ok
11:26:32.0151 6956 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:26:32.0167 6956 iirsp - ok
11:26:32.0245 6956 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:26:32.0292 6956 IKEEXT - ok
11:26:32.0416 6956 IntcAzAudAddService (045555f0d572bb48498d040c31e9dc6a) C:\Windows\system32\drivers\RTKVHD64.sys
11:26:32.0448 6956 IntcAzAudAddService - ok
11:26:32.0557 6956 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:26:32.0572 6956 intelide - ok
11:26:32.0619 6956 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:26:32.0650 6956 intelppm - ok
11:26:32.0682 6956 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:26:32.0728 6956 IPBusEnum - ok
11:26:32.0760 6956 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:26:32.0791 6956 IpFilterDriver - ok
11:26:32.0853 6956 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:26:32.0916 6956 iphlpsvc - ok
11:26:32.0947 6956 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:26:32.0978 6956 IPMIDRV - ok
11:26:33.0009 6956 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:26:33.0056 6956 IPNAT - ok
11:26:33.0181 6956 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
11:26:33.0196 6956 iPod Service - ok
11:26:33.0228 6956 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:26:33.0274 6956 IRENUM - ok
11:26:33.0290 6956 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:26:33.0306 6956 isapnp - ok
11:26:33.0337 6956 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:26:33.0352 6956 iScsiPrt - ok
11:26:33.0384 6956 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:26:33.0399 6956 kbdclass - ok
11:26:33.0415 6956 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:26:33.0446 6956 kbdhid - ok
11:26:33.0462 6956 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
11:26:33.0477 6956 kbfiltr - ok
11:26:33.0508 6956 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:33.0508 6956 KeyIso - ok
11:26:33.0555 6956 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:26:33.0571 6956 KSecDD - ok
11:26:33.0586 6956 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:26:33.0602 6956 KSecPkg - ok
11:26:33.0618 6956 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:26:33.0664 6956 ksthunk - ok
11:26:33.0727 6956 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:26:33.0805 6956 KtmRm - ok
11:26:33.0836 6956 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
11:26:33.0852 6956 L1C - ok
11:26:33.0914 6956 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:26:33.0976 6956 LanmanServer - ok
11:26:33.0992 6956 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:26:34.0039 6956 LanmanWorkstation - ok
11:26:34.0070 6956 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:26:34.0117 6956 lltdio - ok
11:26:34.0148 6956 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:26:34.0195 6956 lltdsvc - ok
11:26:34.0210 6956 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:26:34.0273 6956 lmhosts - ok
11:26:34.0335 6956 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:26:34.0366 6956 LMS ( UnsignedFile.Multi.Generic ) - warning
11:26:34.0366 6956 LMS - detected UnsignedFile.Multi.Generic (1)
11:26:34.0398 6956 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:26:34.0413 6956 LSI_FC - ok
11:26:34.0429 6956 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:26:34.0444 6956 LSI_SAS - ok
11:26:34.0444 6956 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:26:34.0460 6956 LSI_SAS2 - ok
11:26:34.0476 6956 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:26:34.0491 6956 LSI_SCSI - ok
11:26:34.0522 6956 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:26:34.0554 6956 luafv - ok
11:26:34.0600 6956 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:26:34.0616 6956 Mcx2Svc - ok
11:26:34.0616 6956 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:26:34.0632 6956 megasas - ok
11:26:34.0663 6956 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:26:34.0678 6956 MegaSR - ok
11:26:34.0710 6956 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:26:34.0756 6956 MMCSS - ok
11:26:34.0772 6956 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:26:34.0819 6956 Modem - ok
11:26:34.0834 6956 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:26:34.0897 6956 monitor - ok
11:26:34.0928 6956 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:26:34.0944 6956 mouclass - ok
11:26:34.0959 6956 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:26:34.0990 6956 mouhid - ok
11:26:35.0022 6956 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:26:35.0037 6956 mountmgr - ok
11:26:35.0115 6956 MozillaMaintenance (5933660e2b9310b52d990df3bac8fb26) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:26:35.0131 6956 MozillaMaintenance - ok
11:26:35.0162 6956 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:26:35.0178 6956 mpio - ok
11:26:35.0193 6956 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:26:35.0240 6956 mpsdrv - ok
11:26:35.0349 6956 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:26:35.0396 6956 MpsSvc - ok
11:26:35.0427 6956 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:26:35.0443 6956 MRxDAV - ok
11:26:35.0474 6956 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:26:35.0505 6956 mrxsmb - ok
11:26:35.0552 6956 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:26:35.0583 6956 mrxsmb10 - ok
11:26:35.0599 6956 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:26:35.0646 6956 mrxsmb20 - ok
11:26:35.0661 6956 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:26:35.0677 6956 msahci - ok
11:26:35.0708 6956 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:26:35.0724 6956 msdsm - ok
11:26:35.0770 6956 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:26:35.0802 6956 MSDTC - ok
11:26:35.0833 6956 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:26:35.0895 6956 Msfs - ok
11:26:35.0895 6956 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:26:35.0958 6956 mshidkmdf - ok
11:26:35.0958 6956 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:26:35.0973 6956 msisadrv - ok
11:26:36.0020 6956 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:26:36.0082 6956 MSiSCSI - ok
11:26:36.0082 6956 msiserver - ok
11:26:36.0098 6956 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:26:36.0160 6956 MSKSSRV - ok
11:26:36.0176 6956 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:26:36.0207 6956 MSPCLOCK - ok
11:26:36.0207 6956 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:26:36.0254 6956 MSPQM - ok
11:26:36.0301 6956 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:26:36.0316 6956 MsRPC - ok
11:26:36.0348 6956 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:26:36.0363 6956 mssmbios - ok
11:26:36.0363 6956 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:26:36.0394 6956 MSTEE - ok
11:26:36.0410 6956 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:26:36.0441 6956 MTConfig - ok
11:26:36.0457 6956 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
11:26:36.0472 6956 MTsensor - ok
11:26:36.0488 6956 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:26:36.0504 6956 Mup - ok
11:26:36.0550 6956 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:26:36.0613 6956 napagent - ok
11:26:36.0644 6956 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:26:36.0691 6956 NativeWifiP - ok
11:26:36.0784 6956 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:26:36.0800 6956 NDIS - ok
11:26:36.0831 6956 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:26:36.0878 6956 NdisCap - ok
11:26:36.0909 6956 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:26:36.0956 6956 NdisTapi - ok
11:26:36.0987 6956 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:26:37.0050 6956 Ndisuio - ok
11:26:37.0096 6956 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:26:37.0128 6956 NdisWan - ok
11:26:37.0143 6956 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:26:37.0190 6956 NDProxy - ok
11:26:37.0206 6956 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:26:37.0268 6956 NetBIOS - ok
11:26:37.0299 6956 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:26:37.0346 6956 NetBT - ok
11:26:37.0362 6956 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:37.0377 6956 Netlogon - ok
11:26:37.0424 6956 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:26:37.0471 6956 Netman - ok
11:26:37.0518 6956 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:26:37.0549 6956 netprofm - ok
11:26:37.0642 6956 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:26:37.0642 6956 NetTcpPortSharing - ok
11:26:37.0674 6956 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:26:37.0689 6956 nfrd960 - ok
11:26:37.0720 6956 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:26:37.0783 6956 NlaSvc - ok
11:26:37.0798 6956 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:26:37.0830 6956 Npfs - ok
11:26:37.0830 6956 npggsvc - ok
11:26:37.0830 6956 NPPTNT2 - ok
11:26:37.0876 6956 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:26:37.0954 6956 nsi - ok
11:26:37.0970 6956 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:26:38.0017 6956 nsiproxy - ok
11:26:38.0173 6956 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:26:38.0204 6956 Ntfs - ok
11:26:38.0313 6956 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:26:38.0360 6956 Null - ok
11:26:38.0391 6956 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:26:38.0407 6956 nvraid - ok
11:26:38.0438 6956 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:26:38.0454 6956 nvstor - ok
11:26:38.0469 6956 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:26:38.0485 6956 nv_agp - ok
11:26:38.0516 6956 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:26:38.0547 6956 ohci1394 - ok
11:26:38.0594 6956 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:26:38.0625 6956 p2pimsvc - ok
11:26:38.0672 6956 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:26:38.0703 6956 p2psvc - ok
11:26:38.0734 6956 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:26:38.0766 6956 Parport - ok
11:26:38.0812 6956 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:26:38.0828 6956 partmgr - ok
11:26:38.0844 6956 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:26:38.0890 6956 PcaSvc - ok
11:26:38.0922 6956 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:26:38.0937 6956 pci - ok
11:26:38.0937 6956 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:26:38.0953 6956 pciide - ok
11:26:38.0984 6956 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:26:39.0000 6956 pcmcia - ok
11:26:39.0015 6956 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:26:39.0031 6956 pcw - ok
11:26:39.0078 6956 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:26:39.0124 6956 PEAUTH - ok
11:26:39.0202 6956 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:26:39.0234 6956 PerfHost - ok
11:26:39.0358 6956 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:26:39.0421 6956 pla - ok
11:26:39.0468 6956 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:26:39.0499 6956 PlugPlay - ok
11:26:39.0530 6956 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:26:39.0577 6956 PNRPAutoReg - ok
11:26:39.0608 6956 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:26:39.0639 6956 PNRPsvc - ok
11:26:39.0686 6956 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:26:39.0733 6956 PolicyAgent - ok
11:26:39.0764 6956 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:26:39.0826 6956 Power - ok
11:26:39.0873 6956 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:26:39.0920 6956 PptpMiniport - ok
11:26:39.0951 6956 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:26:39.0982 6956 Processor - ok
11:26:40.0029 6956 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:26:40.0045 6956 ProfSvc - ok
11:26:40.0076 6956 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:40.0092 6956 ProtectedStorage - ok
11:26:40.0123 6956 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:26:40.0170 6956 Psched - ok
11:26:40.0263 6956 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:26:40.0310 6956 ql2300 - ok
11:26:40.0326 6956 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:26:40.0341 6956 ql40xx - ok
11:26:40.0388 6956 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:26:40.0404 6956 QWAVE - ok
11:26:40.0419 6956 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:26:40.0466 6956 QWAVEdrv - ok
11:26:40.0482 6956 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:26:40.0528 6956 RasAcd - ok
11:26:40.0560 6956 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:26:40.0606 6956 RasAgileVpn - ok
11:26:40.0622 6956 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:26:40.0669 6956 RasAuto - ok
11:26:40.0716 6956 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:26:40.0762 6956 Rasl2tp - ok
11:26:40.0809 6956 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:26:40.0840 6956 RasMan - ok
11:26:40.0872 6956 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:26:40.0918 6956 RasPppoe - ok
11:26:40.0934 6956 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:26:40.0996 6956 RasSstp - ok
11:26:41.0059 6956 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:26:41.0090 6956 rdbss - ok
11:26:41.0106 6956 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:26:41.0137 6956 rdpbus - ok
11:26:41.0152 6956 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:26:41.0199 6956 RDPCDD - ok
11:26:41.0215 6956 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:26:41.0277 6956 RDPENCDD - ok
11:26:41.0293 6956 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:26:41.0340 6956 RDPREFMP - ok
11:26:41.0386 6956 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:26:41.0433 6956 RDPWD - ok
11:26:41.0480 6956 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:26:41.0496 6956 rdyboost - ok
11:26:41.0527 6956 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:26:41.0574 6956 RemoteAccess - ok
11:26:41.0605 6956 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:26:41.0652 6956 RemoteRegistry - ok
11:26:41.0698 6956 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:26:41.0730 6956 RFCOMM - ok
11:26:41.0761 6956 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:26:41.0808 6956 RpcEptMapper - ok
11:26:41.0823 6956 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:26:41.0854 6956 RpcLocator - ok
11:26:41.0932 6956 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:26:41.0964 6956 RpcSs - ok
11:26:41.0979 6956 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:26:42.0042 6956 rspndr - ok
11:26:42.0088 6956 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
11:26:42.0104 6956 RTHDMIAzAudService - ok
11:26:42.0120 6956 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:42.0135 6956 SamSs - ok
11:26:42.0198 6956 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:26:42.0213 6956 SASDIFSV - ok
11:26:42.0213 6956 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:26:42.0229 6956 SASKUTIL - ok
11:26:42.0260 6956 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:26:42.0276 6956 sbp2port - ok
11:26:42.0307 6956 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:26:42.0385 6956 SCardSvr - ok
11:26:42.0416 6956 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:26:42.0447 6956 scfilter - ok
11:26:42.0541 6956 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:26:42.0603 6956 Schedule - ok
11:26:42.0634 6956 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:26:42.0666 6956 SCPolicySvc - ok
11:26:42.0697 6956 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:26:42.0728 6956 SDRSVC - ok
11:26:42.0744 6956 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:26:42.0806 6956 seclogon - ok
11:26:42.0853 6956 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:26:42.0931 6956 SENS - ok
11:26:42.0946 6956 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:26:42.0993 6956 SensrSvc - ok
11:26:43.0040 6956 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:26:43.0087 6956 Serenum - ok
11:26:43.0102 6956 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:26:43.0149 6956 Serial - ok
11:26:43.0180 6956 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:26:43.0196 6956 sermouse - ok
11:26:43.0243 6956 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:26:43.0290 6956 SessionEnv - ok
11:26:43.0321 6956 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:26:43.0352 6956 sffdisk - ok
11:26:43.0352 6956 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:26:43.0399 6956 sffp_mmc - ok
11:26:43.0414 6956 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:26:43.0446 6956 sffp_sd - ok
11:26:43.0461 6956 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:26:43.0492 6956 sfloppy - ok
11:26:43.0555 6956 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:26:43.0617 6956 SharedAccess - ok
11:26:43.0695 6956 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:26:43.0726 6956 ShellHWDetection - ok
11:26:43.0742 6956 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
11:26:43.0773 6956 SiSGbeLH - ok
11:26:43.0804 6956 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:26:43.0804 6956 SiSRaid2 - ok
11:26:43.0820 6956 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:26:43.0836 6956 SiSRaid4 - ok
11:26:43.0914 6956 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:26:43.0945 6956 SkypeUpdate - ok
11:26:43.0976 6956 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:26:44.0023 6956 Smb - ok
11:26:44.0054 6956 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:26:44.0085 6956 SNMPTRAP - ok
11:26:44.0226 6956 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
11:26:44.0241 6956 SNP2UVC - ok
11:26:44.0272 6956 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:26:44.0272 6956 spldr - ok
11:26:44.0335 6956 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:26:44.0366 6956 Spooler - ok
11:26:44.0616 6956 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:26:44.0709 6956 sppsvc - ok
11:26:44.0834 6956 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:26:44.0881 6956 sppuinotify - ok
11:26:44.0943 6956 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:26:44.0990 6956 srv - ok
11:26:45.0021 6956 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:26:45.0068 6956 srv2 - ok
11:26:45.0084 6956 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:26:45.0130 6956 srvnet - ok
11:26:45.0177 6956 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:26:45.0240 6956 SSDPSRV - ok
11:26:45.0271 6956 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:26:45.0318 6956 SstpSvc - ok
11:26:45.0380 6956 Steam Client Service - ok
11:26:45.0411 6956 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:26:45.0411 6956 stexstor - ok
11:26:45.0474 6956 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:26:45.0520 6956 stisvc - ok
11:26:45.0552 6956 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:26:45.0567 6956 swenum - ok
11:26:45.0614 6956 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:26:45.0661 6956 swprv - ok
11:26:45.0692 6956 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
11:26:45.0708 6956 SynTP - ok
11:26:45.0848 6956 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:26:45.0895 6956 SysMain - ok
11:26:46.0020 6956 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:26:46.0035 6956 TabletInputService - ok
11:26:46.0082 6956 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:26:46.0113 6956 TapiSrv - ok
11:26:46.0144 6956 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:26:46.0207 6956 TBS - ok
11:26:46.0347 6956 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:26:46.0378 6956 Tcpip - ok
11:26:46.0597 6956 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:26:46.0628 6956 TCPIP6 - ok
11:26:46.0706 6956 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:26:46.0737 6956 tcpipreg - ok
11:26:46.0753 6956 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:26:46.0784 6956 TDPIPE - ok
11:26:46.0815 6956 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:26:46.0846 6956 TDTCP - ok
11:26:46.0893 6956 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:26:46.0940 6956 tdx - ok
11:26:46.0971 6956 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:26:46.0987 6956 TermDD - ok
11:26:47.0034 6956 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:26:47.0096 6956 TermService - ok
11:26:47.0127 6956 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:26:47.0143 6956 Themes - ok
11:26:47.0174 6956 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:26:47.0205 6956 THREADORDER - ok
11:26:47.0236 6956 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:26:47.0283 6956 TrkWks - ok
11:26:47.0346 6956 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:26:47.0392 6956 TrustedInstaller - ok
11:26:47.0424 6956 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:26:47.0502 6956 tssecsrv - ok
11:26:47.0548 6956 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:26:47.0595 6956 TsUsbFlt - ok
11:26:47.0626 6956 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:26:47.0689 6956 tunnel - ok
11:26:47.0704 6956 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
11:26:47.0720 6956 TurboB - ok
11:26:47.0751 6956 TurboBoost (baef86ebeaece76573fa822dea256f6c) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
11:26:47.0782 6956 TurboBoost - ok
11:26:47.0798 6956 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:26:47.0814 6956 uagp35 - ok
11:26:47.0860 6956 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:26:47.0923 6956 udfs - ok
11:26:47.0938 6956 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:26:47.0985 6956 UI0Detect - ok
11:26:48.0016 6956 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:26:48.0032 6956 uliagpkx - ok
11:26:48.0048 6956 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:26:48.0094 6956 umbus - ok
11:26:48.0110 6956 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:26:48.0141 6956 UmPass - ok
11:26:48.0375 6956 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:26:48.0406 6956 UNS ( UnsignedFile.Multi.Generic ) - warning
11:26:48.0406 6956 UNS - detected UnsignedFile.Multi.Generic (1)
11:26:48.0547 6956 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:26:48.0594 6956 upnphost - ok
11:26:48.0625 6956 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:26:48.0640 6956 USBAAPL64 - ok
11:26:48.0687 6956 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:26:48.0718 6956 usbaudio - ok
11:26:48.0750 6956 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:26:48.0765 6956 usbccgp - ok
11:26:48.0796 6956 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:26:48.0828 6956 usbcir - ok
11:26:48.0843 6956 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:26:48.0874 6956 usbehci - ok
11:26:48.0906 6956 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:26:48.0952 6956 usbhub - ok
11:26:48.0984 6956 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:26:48.0999 6956 usbohci - ok
11:26:49.0062 6956 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:26:49.0093 6956 usbprint - ok
11:26:49.0124 6956 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:26:49.0155 6956 usbscan - ok
11:26:49.0186 6956 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:26:49.0218 6956 USBSTOR - ok
11:26:49.0249 6956 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:26:49.0296 6956 usbuhci - ok
11:26:49.0327 6956 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:26:49.0358 6956 usbvideo - ok
11:26:49.0389 6956 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:26:49.0420 6956 UxSms - ok
11:26:49.0452 6956 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:49.0452 6956 VaultSvc - ok
11:26:49.0467 6956 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:26:49.0483 6956 vdrvroot - ok
11:26:49.0545 6956 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:26:49.0592 6956 vds - ok
11:26:49.0623 6956 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:26:49.0639 6956 vga - ok
11:26:49.0654 6956 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:26:49.0686 6956 VgaSave - ok
11:26:49.0717 6956 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:26:49.0732 6956 vhdmp - ok
11:26:49.0748 6956 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:26:49.0764 6956 viaide - ok
11:26:49.0779 6956 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:26:49.0795 6956 volmgr - ok
11:26:49.0842 6956 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:26:49.0857 6956 volmgrx - ok
11:26:49.0888 6956 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:26:49.0904 6956 volsnap - ok
11:26:49.0920 6956 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:26:49.0935 6956 vsmraid - ok
11:26:50.0076 6956 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:26:50.0138 6956 VSS - ok
11:26:50.0263 6956 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:26:50.0294 6956 vwifibus - ok
11:26:50.0310 6956 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:26:50.0341 6956 vwififlt - ok
11:26:50.0341 6956 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:26:50.0372 6956 vwifimp - ok
11:26:50.0434 6956 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:26:50.0497 6956 W32Time - ok
11:26:50.0512 6956 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:26:50.0544 6956 WacomPen - ok
11:26:50.0575 6956 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:26:50.0606 6956 WANARP - ok
11:26:50.0606 6956 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:26:50.0637 6956 Wanarpv6 - ok
11:26:50.0746 6956 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:26:50.0778 6956 WatAdminSvc - ok
11:26:50.0887 6956 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:26:50.0934 6956 wbengine - ok
11:26:51.0058 6956 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:26:51.0105 6956 WbioSrvc - ok
11:26:51.0152 6956 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:26:51.0183 6956 wcncsvc - ok
11:26:51.0199 6956 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:26:51.0230 6956 WcsPlugInService - ok
11:26:51.0277 6956 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:26:51.0308 6956 Wd - ok
11:26:51.0355 6956 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:26:51.0386 6956 Wdf01000 - ok
11:26:51.0402 6956 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:26:51.0433 6956 WdiServiceHost - ok
11:26:51.0433 6956 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:26:51.0464 6956 WdiSystemHost - ok
11:26:51.0495 6956 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:26:51.0558 6956 WebClient - ok
11:26:51.0589 6956 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:26:51.0636 6956 Wecsvc - ok
11:26:51.0651 6956 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:26:51.0698 6956 wercplsupport - ok
11:26:51.0729 6956 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:26:51.0792 6956 WerSvc - ok
11:26:51.0838 6956 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:26:51.0870 6956 WfpLwf - ok
11:26:51.0932 6956 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
11:26:51.0948 6956 WimFltr - ok
11:26:51.0963 6956 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:26:51.0979 6956 WIMMount - ok
11:26:52.0010 6956 WinDefend - ok
11:26:52.0026 6956 WinHttpAutoProxySvc - ok
11:26:52.0088 6956 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:26:52.0119 6956 Winmgmt - ok
11:26:52.0275 6956 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:26:52.0322 6956 WinRM - ok
11:26:52.0494 6956 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:26:52.0540 6956 Wlansvc - ok
11:26:52.0743 6956 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:26:52.0774 6956 wlidsvc - ok
11:26:52.0884 6956 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:26:52.0915 6956 WmiAcpi - ok
11:26:52.0993 6956 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:26:53.0024 6956 wmiApSrv - ok
11:26:53.0071 6956 WMPNetworkSvc - ok
11:26:53.0086 6956 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:26:53.0102 6956 WPCSvc - ok
11:26:53.0133 6956 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:26:53.0149 6956 WPDBusEnum - ok
11:26:53.0180 6956 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:26:53.0227 6956 ws2ifsl - ok
11:26:53.0258 6956 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:26:53.0289 6956 wscsvc - ok
11:26:53.0289 6956 WSearch - ok
11:26:53.0492 6956 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:26:53.0539 6956 wuauserv - ok
11:26:53.0679 6956 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:26:53.0726 6956 WudfPf - ok
11:26:53.0757 6956 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:26:53.0804 6956 WUDFRd - ok
11:26:53.0835 6956 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:26:53.0866 6956 wudfsvc - ok
11:26:53.0898 6956 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:26:53.0944 6956 WwanSvc - ok
11:26:54.0038 6956 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
11:26:54.0054 6956 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
11:26:54.0069 6956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:26:54.0116 6956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:26:54.0116 6956 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:26:54.0178 6956 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:26:54.0178 6956 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:26:54.0178 6956 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk1\DR1
11:26:54.0553 6956 \Device\Harddisk1\DR1 - ok
11:26:54.0553 6956 Boot (0x1200) (9337f30eb206a85ecce29f8266d7b85a) \Device\Harddisk0\DR0\Partition0
11:26:54.0553 6956 \Device\Harddisk0\DR0\Partition0 - ok
11:26:54.0584 6956 Boot (0x1200) (23211b09e44e68a27a3ce06976ffb3fd) \Device\Harddisk0\DR0\Partition1
11:26:54.0584 6956 \Device\Harddisk0\DR0\Partition1 - ok
11:26:54.0584 6956 Boot (0x1200) (5e3cc8cfcfb605d5fca437a91f585a1a) \Device\Harddisk1\DR1\Partition0
11:26:54.0584 6956 \Device\Harddisk1\DR1\Partition0 - ok
11:26:54.0584 6956 Boot (0x1200) (c4731c03bc5f0f2281dc582deaaecf37) \Device\Harddisk1\DR1\Partition1
11:26:54.0584 6956 \Device\Harddisk1\DR1\Partition1 - ok
11:26:54.0584 6956 ============================================================
11:26:54.0584 6956 Scan finished
11:26:54.0584 6956 ============================================================
11:26:54.0600 4624 Detected object count: 6
11:26:54.0600 4624 Actual detected object count: 6
11:27:04.0708 4624 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:27:04.0708 4624 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:27:04.0708 4624 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:27:04.0708 4624 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:27:04.0708 4624 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
11:27:04.0708 4624 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:27:04.0708 4624 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
11:27:04.0708 4624 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:27:05.0426 4624 \Device\Harddisk0\DR0\# - copied to quarantine
11:27:05.0426 4624 \Device\Harddisk0\DR0 - copied to quarantine
11:27:05.0488 4624 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:27:09.0279 4624 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:27:09.0295 4624 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:27:09.0358 4624 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:27:09.0405 4624 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:27:09.0446 4624 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:27:09.0478 4624 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:27:09.0478 4624 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:27:09.0478 4624 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:27:09.0478 4624 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:27:09.0505 4624 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:27:09.0545 4624 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:27:09.0545 4624 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:27:09.0545 4624 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:27:09.0602 4624 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:27:09.0602 4624 \Device\Harddisk0\DR0 - ok
11:27:09.0602 4624 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:27:09.0602 4624 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:27:09.0602 4624 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:) Nearly clean
  • 0

#6
castelluchi

castelluchi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello, I have completed all of your instructions. Avast is not constantly popping up with warnings as of now.

Here are combofix and farbar logs


COMBOFIX log:

ComboFix 12-08-07.03 - Chris e 08/07/12 11:35:23.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8117.5655 [GMT -7:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-08 02:39 . 2012-08-08 02:39 108544 -c--a-w- c:\programdata\Microsoft\Windows\DRM\A3C5.tmp.dat
2012-08-07 18:40 . 2012-08-07 18:40 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-08-07 18:27 . 2012-08-07 18:27 -------- dc----w- C:\TDSSKiller_Quarantine
2012-08-07 18:05 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D007E73-6139-4576-A2B1-FA3353CE3AB2}\mpengine.dll
2012-08-07 18:04 . 2012-08-07 18:04 -------- dc----w- C:\_OTL
2012-08-05 17:31 . 2012-08-05 17:32 -------- dc----w- c:\program files (x86)\K-Lite Codec Pack
2012-08-05 17:20 . 2012-08-05 17:20 918016 ----a-w- c:\windows\system32\jscript.dll
2012-08-05 17:20 . 2012-08-05 17:20 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-05 17:20 . 2012-08-05 17:20 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-05 17:20 . 2012-08-05 17:20 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-08-05 17:19 . 2012-08-05 17:19 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-05 17:19 . 2012-08-05 17:19 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-05 17:08 . 2012-08-05 17:07 476976 -c--a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-30 23:16 . 2012-08-05 18:03 -------- dc----w- c:\program files (x86)\Aurora
2012-07-27 21:20 . 2012-07-27 21:20 -------- dc----w- c:\programdata\McAfee
2012-07-11 19:20 . 2012-07-12 14:10 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:20 . 2012-07-12 14:10 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 19:20 . 2012-07-12 14:10 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 19:20 . 2012-07-12 14:10 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 19:20 . 2012-07-12 14:10 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 19:20 . 2012-07-12 14:10 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 19:20 . 2012-07-12 14:10 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 19:20 . 2012-07-12 14:10 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 19:20 . 2012-07-12 14:10 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 19:20 . 2012-07-12 14:10 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 19:20 . 2012-07-12 14:10 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 19:20 . 2012-07-12 14:10 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 19:20 . 2012-07-12 14:10 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 19:19 . 2012-07-12 14:11 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 19:19 . 2012-07-12 14:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 19:19 . 2012-07-12 14:11 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-11 19:19 . 2012-07-12 14:11 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-07-11 19:19 . 2012-07-12 14:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-07-11 19:19 . 2012-07-12 14:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 06:29 . 2012-04-04 04:13 426184 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-07 06:29 . 2011-06-22 04:56 70344 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-05 17:07 . 2011-05-01 12:52 472880 -c--a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 14:11 . 2011-01-27 05:33 59701280 -c--a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-03-10 05:34 54072 -c--a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-02-27 02:38 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-02-27 02:38 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-02-27 02:38 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-02-27 02:38 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-02-27 02:38 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-02-27 02:37 41224 -c--a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-02-27 02:37 227648 -c--a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-02-27 02:23 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-02 00:05 . 2012-06-23 18:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-02 00:05 . 2012-06-23 18:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-02 00:05 . 2012-06-23 18:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 23:04 . 2012-06-25 23:04 1394248 -c--a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 18:26 . 2012-06-23 18:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 18:26 . 2012-06-23 18:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 18:25 . 2012-06-23 18:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 18:25 . 2012-06-23 18:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 18:25 . 2012-06-23 18:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 18:25 . 2012-06-23 18:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-15 06:59 . 2012-06-14 22:51 12297216 ----a-w- c:\windows\system32\ieframe.dll
2012-06-15 06:59 . 2012-06-14 22:51 9059840 ----a-w- c:\windows\system32\mshtml.dll
2012-06-15 06:59 . 2012-06-14 22:50 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-15 06:59 . 2012-06-14 22:50 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-15 06:59 . 2012-06-14 22:50 1494016 ----a-w- c:\windows\system32\urlmon.dll
2012-06-15 06:59 . 2012-06-14 22:50 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-15 06:59 . 2012-06-14 22:50 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-15 06:59 . 2012-06-14 22:50 247808 ----a-w- c:\windows\system32\ieui.dll
2012-06-15 06:59 . 2012-06-14 22:50 2454528 ----a-w- c:\windows\system32\iertutil.dll
2012-06-15 06:59 . 2012-06-14 22:50 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-06-15 06:59 . 2012-06-14 22:50 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-15 06:59 . 2012-06-14 22:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-15 06:59 . 2012-06-14 22:50 134144 ----a-w- c:\windows\system32\url.dll
2012-06-15 06:59 . 2012-06-14 22:50 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-15 06:59 . 2012-06-14 22:50 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-15 06:59 . 2012-06-14 22:50 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-15 06:59 . 2012-06-14 22:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-15 06:59 . 2012-06-14 22:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-15 06:59 . 2012-06-14 22:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-15 06:59 . 2012-06-14 22:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-31 19:25 . 2011-10-16 07:58 279656 -c----w- c:\windows\system32\MpSigStub.exe
2012-05-12 03:56 . 2012-05-12 03:05 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 03:56 . 2012-05-12 03:05 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 03:56 . 2012-05-12 03:05 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 03:55 . 2012-05-12 03:05 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 05:02 . 2011-03-29 01:36 19352 -c--a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 -c--a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chatango"="c:\program files (x86)\Chatango\Chatango.exe" [2008-02-05 356352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-24 5661056]
"Steam"="E:\steam.exe" [2012-08-08 1353080]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-07 574296]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-06-19 2429]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-07 574296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-7-11 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-19 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-19 79360]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\GamesCampus\Asdastory\system\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-05 118256]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/06/19 04:33];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-15 913752]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-17 202752]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:29]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 03:31]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 03:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fjo4e2hh.default\
FF - user.js: extentions.y2layers.installId - 31f30d4d-10ab-46c3-9657-27f662b2d1d8
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ASUS_Notebook_G73 - c:\windows\system32\ASUS_Notebook_G73.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,64,1e,54,29,ac,68,41,ac,8a,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,64,1e,54,29,ac,68,41,ac,8a,11,\
.
[HKEY_USERS\S-1-5-21-2395078985-717816724-838938090-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2395078985-717816724-838938090-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\00\02\14\1f(?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-07 11:43:18
ComboFix-quarantined-files.txt 2012-08-07 18:43
.
Pre-Run: 40,043,663,360 bytes free
Post-Run: 39,965,937,664 bytes free
.
- - End Of File - - DF8B32E4A048F9A15185322FE061E83E





FARBAR:

Farbar Service Scanner Version: 06-08-2012
Ran by Chris (administrator) on 07-08-2012 at 11:47:22
Running from "C:\Users\Chris\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once these are done could you let me know of any remaining problems

Re-run TDSSKiller and when you see this element select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
castelluchi

castelluchi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Allrighty ...all those zeros are looking good to me :D


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Chris :: NOBLE-PC [administrator]

Protection: Enabled

8/7/12 12:29:36 PM
mbam-log-2012-08-07 (12-29-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195843
Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any outstanding problems ?
  • 0

#10
castelluchi

castelluchi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Nope...I am going to reboot.. do you recommend that we continue to use malwarebytes and if so are super antispyware and avast even worth using? I suppose I should go browse the forum for that info :)
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Malwarebytes and SuoerAntiSpyware both have their plus and minus points so the choice is yours. All AV's get caught out by this one and Zero Access infections. But a combination of Antivirus and Antimalware (MBAM, SAS) will generally give you protection in depth

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#12
castelluchi

castelluchi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Whoohoo :thumbsup:

I've completed all the cleanup steps. Another positive result from all that was done is that my son's c drive has gained back a ton of space, I had been trying to figure out why he was so low on space for a long time. Thank you sooo much for your time and help. I was pulling my hair out until I remembered this site!



Sincerely,
Christina Castelluchi
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It was my pleasure, I am glad that all is well. And thank you as well Christina 'tis appreciated :thumbsup:
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP