Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hit by a virus, Norton 360 crashed. Stll having issues [Solved]


  • This topic is locked This topic is locked

#1
truesalt

truesalt

    Member

  • Member
  • PipPip
  • 15 posts
HI there, please help!!
My computer locked up and crashed about a month ago whilst surfing the net. I was running Norton 360 which failed, needing a reload

After numerous attempts to clean etc I ended up wiping the drive and starting again. After a week the computer crashed again. I wiped again, and now things just seemed to run slowly.

I was using Norton 360, but that kept on freezing itself. Did the uninstall and reintall a few times. I had now removed this from my system and installed Avast instead. Also I am running super-anti spyware

I scanned with malawarebytes, nothiing found, program was removed

Note that my copy of photoshop is not an original.........

Things still dont seem quite right. Shutdown can take 5 minutes or more. Things just seems to run slow now.

Any help would be greatly appreciated


thanks


David

OTL logfile created on: 28/10/2012 7:19:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amy and David\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.97 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.35% Memory free
3.93 Gb Paging File | 2.35 Gb Available in Paging File | 59.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.56 Gb Total Space | 103.57 Gb Free Space | 22.25% Space Free | Partition Type: NTFS

Computer Name: AMYANDDAVID-PC | User Name: Amy and David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/28 07:18:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amy and David\Desktop\OTL.exe
PRC - [2012/10/23 20:17:40 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/23 20:17:40 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/23 20:17:37 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/10/09 16:13:33 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/09/10 17:01:48 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe
PRC - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
PRC - [2004/10/20 04:47:54 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/20 03:40:46 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/06 16:15:10 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanDll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/26 06:41:52 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/10/23 20:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/10/23 20:17:37 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2010/04/14 20:45:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/09 16:13:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2004/10/20 04:47:54 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/20 03:40:46 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/23 20:18:31 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/23 20:18:31 | 000,364,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/23 20:18:31 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/10/23 20:18:31 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/23 20:18:30 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/10/23 20:18:30 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/23 20:18:30 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/23 20:18:30 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/16 02:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/21 19:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/23 02:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 07:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 7A F4 75 5C 9B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Amy and David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Amy and David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Amy and David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Amy and David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\
CHR - Extension: Norton Identity Protection = C:\Users\Amy and David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\
CHR - Extension: Gmail = C:\Users\Amy and David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19D49069-2BD6-4212-9C83-4C796D133C57}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/28 07:17:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Amy and David\Desktop\OTL.exe
[2012/10/28 06:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2012/10/28 06:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMET
[2012/10/26 21:45:12 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/10/26 21:44:58 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/10/26 21:44:55 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/10/26 21:44:54 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/10/26 21:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/10/26 08:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/10/26 08:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/26 08:02:20 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/26 08:02:18 | 000,364,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/26 08:02:08 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/26 08:02:06 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/26 08:02:03 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/26 08:01:58 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/26 08:01:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/26 08:01:14 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/26 07:02:52 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Local\CrashDumps
[2012/10/26 06:38:50 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/26 06:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/26 06:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/26 06:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/22 05:35:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/15 20:30:29 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\Tracing
[2012/10/15 20:29:08 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/10/15 20:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/10/15 20:26:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/10/15 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/10/15 20:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/10/15 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012/10/15 20:20:42 | 000,000,000 | R--D | C] -- C:\Users\Amy and David\SkyDrive
[2012/10/15 20:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/10/15 20:18:17 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Local\Windows Live
[2012/10/15 20:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/10/14 08:51:50 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Roaming\Malwarebytes
[2012/10/14 08:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/13 15:25:51 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Local\ElevatedDiagnostics
[2012/10/13 09:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/10/13 09:54:02 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Local\Google
[2012/10/13 09:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/10/13 09:53:31 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/13 09:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/13 09:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/13 08:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/10/13 08:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/10/13 08:24:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/10/13 08:03:48 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Local\NPE
[2012/10/13 07:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/10/13 07:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/10/13 07:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2012/10/01 19:05:49 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/10/01 12:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/10/01 12:00:17 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\Documents\Adobe Scripts
[2012/10/01 11:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/10/01 11:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/10/01 11:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Photoshop CS6 Extended
[2012/09/30 18:56:54 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\Documents\DSI GAMES
[2012/09/28 18:45:08 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Local\Diagnostics
[2012/09/28 15:33:05 | 000,000,000 | ---D | C] -- C:\Users\Amy and David\AppData\Local\Adobe
[2012/09/28 15:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/09/28 15:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/09/28 15:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

========== Files - Modified Within 30 Days ==========

[2012/10/28 07:18:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amy and David\Desktop\OTL.exe
[2012/10/28 07:15:13 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 07:14:10 | 000,881,773 | ---- | M] () -- C:\Users\Amy and David\Desktop\SecurityCheck.exe
[2012/10/28 07:13:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/28 07:09:54 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 07:09:54 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 07:02:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 07:01:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/28 07:01:15 | 1583,153,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/26 21:44:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/26 21:37:32 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/10/26 21:37:17 | 000,001,628 | ---- | M] () -- C:\Users\Amy and David\Documents\License.avastlic
[2012/10/26 08:05:55 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/26 08:05:55 | 000,002,280 | ---- | M] () -- C:\Users\Amy and David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/26 06:54:38 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/26 06:54:38 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/26 06:54:38 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/26 06:38:27 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/23 20:18:31 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/23 20:18:31 | 000,364,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/23 20:18:31 | 000,262,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/10/23 20:18:31 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/23 20:18:30 | 000,132,864 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/10/23 20:18:30 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/23 20:18:30 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/23 20:18:30 | 000,021,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/10/23 20:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/23 20:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/23 20:17:13 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/16 02:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/15 20:27:11 | 000,002,153 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/14 12:00:16 | 000,002,544 | ---- | M] () -- C:\{1CBA4413-12F5-4441-94E6-F9A75BB8AF9E}
[2012/10/13 08:03:47 | 000,001,268 | ---- | M] () -- C:\Users\Amy and David\Desktop\Norton Installation Files.lnk
[2012/10/02 08:30:53 | 000,002,320 | ---- | M] () -- C:\Users\Amy and David\Desktop\Budget Master - Shortcut.lnk
[2012/10/02 08:30:45 | 000,002,304 | ---- | M] () -- C:\Users\Amy and David\Desktop\work daycare - Shortcut.lnk
[2012/10/01 17:22:07 | 004,972,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/01 12:43:40 | 009,971,709 | ---- | M] () -- C:\Users\Amy and David\Documents\Photoshop_CS6_-_MakeUseOf.com.pdf
[2012/09/28 18:38:29 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 3.0.lnk
[2012/09/28 18:37:53 | 000,001,188 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/09/28 18:36:29 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/09/28 15:31:28 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

========== Files Created - No Company Name ==========

[2012/10/28 07:14:10 | 000,881,773 | ---- | C] () -- C:\Users\Amy and David\Desktop\SecurityCheck.exe
[2012/10/26 21:37:32 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/10/26 21:37:17 | 000,001,628 | ---- | C] () -- C:\Users\Amy and David\Documents\License.avastlic
[2012/10/26 08:05:55 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/26 08:05:55 | 000,002,280 | ---- | C] () -- C:\Users\Amy and David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/26 08:02:42 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/26 08:02:39 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/26 06:38:27 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/15 20:28:34 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/10/15 20:28:23 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/10/15 20:27:54 | 000,001,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/10/15 20:27:36 | 000,002,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/10/15 20:27:11 | 000,002,153 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/15 20:20:37 | 000,002,194 | ---- | C] () -- C:\Users\Amy and David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/10/14 12:00:16 | 000,002,544 | ---- | C] () -- C:\{1CBA4413-12F5-4441-94E6-F9A75BB8AF9E}
[2012/10/13 09:53:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/02 08:30:53 | 000,002,320 | ---- | C] () -- C:\Users\Amy and David\Desktop\Budget Master - Shortcut.lnk
[2012/10/02 08:30:45 | 000,002,304 | ---- | C] () -- C:\Users\Amy and David\Desktop\work daycare - Shortcut.lnk
[2012/10/01 12:43:39 | 009,971,709 | ---- | C] () -- C:\Users\Amy and David\Documents\Photoshop_CS6_-_MakeUseOf.com.pdf
[2012/10/01 11:59:34 | 000,001,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/10/01 11:58:41 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/10/01 11:57:44 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/10/01 11:57:14 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/10/01 11:54:33 | 000,001,360 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/10/01 11:54:24 | 000,001,526 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/09/28 18:38:28 | 000,002,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 3.0.lnk
[2012/09/28 18:38:28 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 3.0.lnk
[2012/09/28 18:37:52 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/09/28 18:36:29 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/09/28 16:41:18 | 003,983,785 | ---- | C] () -- C:\Users\Amy and David\Documents\PottyChart_thomas_01.pdf
[2012/09/28 16:41:17 | 000,107,944 | ---- | C] () -- C:\Users\Amy and David\Documents\DAVID11-12.TAX
[2012/09/28 16:41:17 | 000,097,936 | ---- | C] () -- C:\Users\Amy and David\Documents\DAVID 2012.TAX
[2012/09/28 16:41:17 | 000,097,104 | ---- | C] () -- C:\Users\Amy and David\Documents\DAVID 2012.BAK
[2012/09/28 16:41:17 | 000,022,000 | ---- | C] () -- C:\Users\Amy and David\Documents\cc_20120905_132008.reg
[2012/09/28 16:41:16 | 000,097,568 | ---- | C] () -- C:\Users\Amy and David\Documents\AMY2012.TAX
[2012/09/28 16:41:16 | 000,096,736 | ---- | C] () -- C:\Users\Amy and David\Documents\AMY2012.BAK
[2012/09/28 15:31:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/28 15:31:27 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 15:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/01 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Amy and David\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I do not know if your problem is malware related but I will give you a checkup just in case.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
truesalt

truesalt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hey gringo!! Thanks so much for your help!!!!

I have done what you said and the following is is the order instructed


Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 9
Adobe Reader X (10.1.4)
Google Chrome 22.0.1229.96
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


# AdwCleaner v2.006 - Logfile created 11/01/2012 at 18:54:56
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Amy and David - AMYANDDAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\Amy and David\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Amy and David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [874 octets] - [01/11/2012 18:52:00]
AdwCleaner[R2].txt - [806 octets] - [01/11/2012 18:54:56]

########## EOF - C:\AdwCleaner[R2].txt - [865 octets] ##########

# AdwCleaner v2.006 - Logfile created 11/01/2012 at 18:55:30
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Amy and David - AMYANDDAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\Amy and David\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Amy and David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [874 octets] - [01/11/2012 18:52:00]
AdwCleaner[R2].txt - [933 octets] - [01/11/2012 18:54:56]
AdwCleaner[S1].txt - [867 octets] - [01/11/2012 18:55:30]

########## EOF - C:\AdwCleaner[S1].txt - [926 octets] ##########


RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Amy and David [Admin rights]
Mode : Remove -- Date : 11/01/2012 19:03:06

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500413AS ATA Device +++++
--- User ---
[MBR] 4b6cdc450fda65404b2f93f2906fd323
[BSP] 4ba4085647683bd1c12ab1ce4d7e0a1e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 476738 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Thanks again Gringo for your help!!!

David
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
truesalt

truesalt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Okay so here is the log

ComboFix 12-10-31.03 - Amy and David 02/11/2012 6:44.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2013.1002 [GMT 10:00]
Running from: c:\users\Amy and David\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 20:54 . 2012-11-01 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-27 23:50 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-10-27 23:50 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-10-27 23:50 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-10-27 23:50 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-10-27 23:45 . 2012-10-27 23:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 23:44 . 2012-10-27 23:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-27 23:44 . 2012-10-27 23:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-27 23:44 . 2012-10-27 23:44 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-27 23:44 . 2012-10-27 23:44 -------- d-----w- c:\program files (x86)\Java
2012-10-27 20:55 . 2012-10-27 20:55 -------- d-----w- c:\program files (x86)\EMET
2012-10-26 11:45 . 2012-10-30 22:51 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-26 11:44 . 2012-10-30 22:51 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-26 11:44 . 2012-10-30 22:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-26 11:44 . 2012-09-21 09:26 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-25 22:02 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-25 22:02 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-25 22:02 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-25 22:02 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-25 22:02 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-25 22:01 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-25 22:01 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-10-25 22:01 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-25 21:02 . 2012-11-01 07:00 -------- d-----w- c:\users\Amy and David\AppData\Local\CrashDumps
2012-10-25 20:38 . 2012-10-25 20:38 -------- d-----w- c:\users\Amy and David\AppData\Roaming\SUPERAntiSpyware.com
2012-10-25 20:38 . 2012-10-25 20:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-25 20:38 . 2012-10-25 20:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-15 10:30 . 2012-10-15 10:30 -------- d-----w- c:\users\Amy and David\Tracing
2012-10-15 10:29 . 2012-10-15 10:29 -------- d-----w- c:\windows\en
2012-10-15 10:28 . 2012-10-15 10:28 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-10-15 10:26 . 2012-09-12 05:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-10-15 10:26 . 2012-10-15 10:26 -------- d-----w- c:\program files\Windows Live
2012-10-15 10:25 . 2012-10-15 10:28 -------- d-----w- c:\program files (x86)\Windows Live
2012-10-15 10:23 . 2010-06-01 18:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-10-15 10:23 . 2010-06-01 18:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-10-15 10:23 . 2010-06-01 18:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-10-15 10:23 . 2010-06-01 18:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-10-15 10:23 . 2010-05-26 01:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-10-15 10:23 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-10-15 10:23 . 2010-05-26 01:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-10-15 10:23 . 2010-05-26 01:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-10-15 10:22 . 2009-09-04 07:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-10-15 10:22 . 2009-09-04 07:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-10-15 10:21 . 2006-11-29 03:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-10-15 10:21 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-10-15 10:20 . 2012-10-15 10:20 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-10-15 10:20 . 2012-10-15 10:20 -------- d-----r- c:\users\Amy and David\SkyDrive
2012-10-15 10:20 . 2012-10-15 10:20 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-10-15 10:18 . 2012-10-15 10:29 -------- d-----w- c:\users\Amy and David\AppData\Local\Windows Live
2012-10-15 10:15 . 2012-10-15 10:15 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-10-13 22:51 . 2012-10-13 22:51 -------- d-----w- c:\users\Amy and David\AppData\Roaming\Malwarebytes
2012-10-13 22:51 . 2012-10-13 22:51 -------- d-----w- c:\programdata\Malwarebytes
2012-10-13 05:25 . 2012-10-14 01:45 -------- d-----w- c:\users\Amy and David\AppData\Local\ElevatedDiagnostics
2012-10-12 23:59 . 2012-10-25 22:06 -------- d-----w- c:\program files\Google
2012-10-12 23:54 . 2012-10-25 22:06 -------- d-----w- c:\program files (x86)\Google
2012-10-12 23:54 . 2012-10-14 03:46 -------- d-----w- c:\users\Amy and David\AppData\Local\Google
2012-10-12 23:53 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-12 23:52 . 2012-10-25 22:00 -------- d-----w- c:\programdata\AVAST Software
2012-10-12 23:52 . 2012-10-25 22:00 -------- d-----w- c:\program files\AVAST Software
2012-10-12 22:24 . 2012-10-12 22:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-12 22:24 . 2012-10-12 22:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-10-12 22:23 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-12 22:23 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-12 22:03 . 2012-10-25 20:20 -------- d-----w- c:\users\Amy and David\AppData\Local\NPE
2012-10-12 21:50 . 2012-10-26 08:18 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-12 21:25 . 2012-10-26 08:24 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-10-12 21:06 . 2012-10-12 21:06 -------- d-----w- c:\programdata\PCSettings
2012-10-10 00:01 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 23:59 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 23:59 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-09 23:59 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 23:59 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 23:59 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 23:59 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-09 23:59 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-09 23:59 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:13 . 2012-09-26 10:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 06:13 . 2012-09-26 10:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 14:18 . 2012-09-25 17:00 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-26 09:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-26 09:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-25 12:26 . 2012-09-25 12:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-25 12:26 . 2012-09-25 12:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-25 12:26 . 2012-09-25 12:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-25 12:26 . 2012-09-25 12:26 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-25 12:26 . 2012-09-25 12:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-25 12:26 . 2012-09-25 12:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-25 12:26 . 2012-09-25 12:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-25 12:26 . 2012-09-25 12:26 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-25 12:26 . 2012-09-25 12:26 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-25 12:26 . 2012-09-25 12:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-25 12:26 . 2012-09-25 12:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-25 12:26 . 2012-09-25 12:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-25 12:26 . 2012-09-25 12:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-25 12:26 . 2012-09-25 12:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-25 12:26 . 2012-09-25 12:26 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-25 12:26 . 2012-09-25 12:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-25 12:26 . 2012-09-25 12:26 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-25 12:26 . 2012-09-25 12:26 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-25 12:26 . 2012-09-25 12:26 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-25 12:26 . 2012-09-25 12:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-25 12:26 . 2012-09-25 12:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-25 12:26 . 2012-09-25 12:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-25 12:26 . 2012-09-25 12:26 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-25 12:26 . 2012-09-25 12:26 448512 ----a-w- c:\windows\system32\html.iec
2012-09-25 12:26 . 2012-09-25 12:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-25 12:26 . 2012-09-25 12:26 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-25 12:26 . 2012-09-25 12:26 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-25 12:26 . 2012-09-25 12:26 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-25 12:26 . 2012-09-25 12:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-25 12:26 . 2012-09-25 12:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-25 12:26 . 2012-09-25 12:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-25 12:26 . 2012-09-25 12:26 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-25 12:26 . 2012-09-25 12:26 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-25 12:26 . 2012-09-25 12:26 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-25 12:26 . 2012-09-25 12:26 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-25 12:26 . 2012-09-25 12:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-25 12:26 . 2012-09-25 12:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-25 12:26 . 2012-09-25 12:26 237056 ----a-w- c:\windows\system32\url.dll
2012-09-25 12:26 . 2012-09-25 12:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-25 12:26 . 2012-09-25 12:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-25 12:26 . 2012-09-25 12:26 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-25 12:26 . 2012-09-25 12:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-25 12:26 . 2012-09-25 12:26 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-25 12:26 . 2012-09-25 12:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-25 12:26 . 2012-09-25 12:26 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-25 12:26 . 2012-09-25 12:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-25 12:26 . 2012-09-25 12:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-25 12:26 . 2012-09-25 12:26 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-25 12:26 . 2012-09-25 12:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-25 12:26 . 2012-09-25 12:26 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-25 12:26 . 2012-09-25 12:26 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-25 12:26 . 2012-09-25 12:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-25 12:26 . 2012-09-25 12:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-25 12:26 . 2012-09-25 12:26 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-25 12:26 . 2012-09-25 12:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-25 12:26 . 2012-09-25 12:26 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-25 12:26 . 2012-09-25 12:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-25 12:26 . 2012-09-25 12:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-25 12:26 . 2012-09-25 12:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-25 12:26 . 2012-09-25 12:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-25 12:26 . 2012-09-25 12:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-25 12:26 . 2012-09-25 12:26 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-25 12:26 . 2012-09-25 12:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-25 12:26 . 2012-09-25 12:26 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-25 12:26 . 2012-09-25 12:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-25 12:26 . 2012-09-25 12:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-25 12:26 . 2012-09-25 12:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-25 12:26 . 2012-09-25 12:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-25 12:26 . 2012-09-25 12:26 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-25 12:26 . 2012-09-25 12:26 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-25 12:26 . 2012-09-25 12:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-18 14:58 . 2012-09-25 12:47 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FC32B50-CF4E-4884-B95B-89E06E21CFE5}\mpengine.dll
2012-09-12 06:07 . 2012-09-12 06:07 58368 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-09-12 05:57 . 2012-09-12 05:57 322048 ----a-w- c:\windows\WLXPGSS.SCR
2012-08-22 18:12 . 2012-09-26 21:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-26 21:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-26 21:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-26 21:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 21:16 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 03:01 . 2012-09-27 07:28 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 03:01 . 2012-08-21 03:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 03:01 . 2012-08-21 03:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 00:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-15 10:20 220632 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-15 10:20 220632 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-15 10:20 220632 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-25 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832]
"aswasOutExt64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2012-10-30 49416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-131 revA\wirelesscm.exe [2012-9-25 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-19 98304]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 136176]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-19 118784]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-25 1255736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-25 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-23 133912]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2008-06-26 167936]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-28 695400]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 06:13]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 22:02]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 22:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-15 10:20 244696 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-15 10:20 244696 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-15 10:20 244696 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 10:17 133400 ------w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3446988377-483794562-929750911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3446988377-483794562-929750911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-02 06:58:17
ComboFix-quarantined-files.txt 2012-11-01 20:58
.
Pre-Run: 380,726,865,920 bytes free
Post-Run: 379,981,111,296 bytes free
.
- - End Of File - - 5F21827EC1910B8A2E5CF1A0CA3C3D3D


No issues doing this, but WOW what a difference, spent an hour or so jumping around websites with multiple windows open and no delays!!!!!!!!!!!!!!!!!!!


You sir have certainly helped me out!!!!

Thank you so much!!

David

I'll keep on eye on things over the next few days and update you

thanks again Gringo!!!!!
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#7
truesalt

truesalt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry Gringo, dumb question, how do I do this bit??
"At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:
"

thanks
David
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
start by the next line and open notepad

Open Notepad and copy/paste the text in the box into the window:
  • 0

#9
truesalt

truesalt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Okay did that.

cheers

David

ComboFix 12-11-04.01 - Amy and David 04/11/2012 14:10:07.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2013.1018 [GMT 10:00]
Running from: c:\users\Amy and David\Desktop\ComboFix.exe
Command switches used :: c:\users\Amy and David\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-11-04 04:49 . 2012-11-04 04:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-04 04:49 . 2012-11-04 04:49 -------- d-----w- c:\users\David & Amy\AppData\Local\temp
2012-11-04 04:49 . 2012-11-04 04:49 -------- d-----w- c:\users\Amy n David\AppData\Local\temp
2012-11-03 22:07 . 2012-11-03 22:07 -------- d-----w- c:\programdata\Lexmark S300-S400 Series
2012-10-27 23:50 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-10-27 23:50 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-10-27 23:50 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-10-27 23:50 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-10-27 23:45 . 2012-10-27 23:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 23:44 . 2012-10-27 23:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-27 23:44 . 2012-10-27 23:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-27 23:44 . 2012-10-27 23:44 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-27 23:44 . 2012-10-27 23:44 -------- d-----w- c:\program files (x86)\Java
2012-10-27 20:55 . 2012-10-27 20:55 -------- d-----w- c:\program files (x86)\EMET
2012-10-26 11:45 . 2012-10-30 22:51 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-26 11:44 . 2012-10-30 22:51 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-26 11:44 . 2012-10-30 22:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-26 11:44 . 2012-09-21 09:26 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-25 22:02 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-25 22:02 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-25 22:02 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-25 22:02 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-25 22:02 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-25 22:01 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-25 22:01 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-10-25 22:01 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-25 21:02 . 2012-11-03 07:10 -------- d-----w- c:\users\Amy and David\AppData\Local\CrashDumps
2012-10-25 20:38 . 2012-10-25 20:38 -------- d-----w- c:\users\Amy and David\AppData\Roaming\SUPERAntiSpyware.com
2012-10-25 20:38 . 2012-10-25 20:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-25 20:38 . 2012-10-25 20:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-15 10:30 . 2012-10-15 10:30 -------- d-----w- c:\users\Amy and David\Tracing
2012-10-15 10:29 . 2012-10-15 10:29 -------- d-----w- c:\windows\en
2012-10-15 10:28 . 2012-10-15 10:28 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-10-15 10:26 . 2012-09-12 05:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-10-15 10:26 . 2012-10-15 10:26 -------- d-----w- c:\program files\Windows Live
2012-10-15 10:25 . 2012-10-15 10:28 -------- d-----w- c:\program files (x86)\Windows Live
2012-10-15 10:23 . 2010-06-01 18:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-10-15 10:23 . 2010-06-01 18:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-10-15 10:23 . 2010-06-01 18:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-10-15 10:23 . 2010-06-01 18:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-10-15 10:23 . 2010-05-26 01:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-10-15 10:23 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-10-15 10:23 . 2010-05-26 01:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-10-15 10:23 . 2010-05-26 01:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-10-15 10:22 . 2009-09-04 07:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-10-15 10:22 . 2009-09-04 07:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-10-15 10:21 . 2006-11-29 03:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-10-15 10:21 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-10-15 10:20 . 2012-10-15 10:20 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-10-15 10:20 . 2012-10-15 10:20 -------- d-----r- c:\users\Amy and David\SkyDrive
2012-10-15 10:20 . 2012-10-15 10:20 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-10-15 10:18 . 2012-10-15 10:29 -------- d-----w- c:\users\Amy and David\AppData\Local\Windows Live
2012-10-15 10:15 . 2012-10-15 10:15 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-10-13 22:51 . 2012-10-13 22:51 -------- d-----w- c:\users\Amy and David\AppData\Roaming\Malwarebytes
2012-10-13 22:51 . 2012-10-13 22:51 -------- d-----w- c:\programdata\Malwarebytes
2012-10-13 05:25 . 2012-10-14 01:45 -------- d-----w- c:\users\Amy and David\AppData\Local\ElevatedDiagnostics
2012-10-12 23:59 . 2012-10-25 22:06 -------- d-----w- c:\program files\Google
2012-10-12 23:54 . 2012-10-25 22:06 -------- d-----w- c:\program files (x86)\Google
2012-10-12 23:54 . 2012-10-14 03:46 -------- d-----w- c:\users\Amy and David\AppData\Local\Google
2012-10-12 23:53 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-12 23:52 . 2012-10-25 22:00 -------- d-----w- c:\programdata\AVAST Software
2012-10-12 23:52 . 2012-10-25 22:00 -------- d-----w- c:\program files\AVAST Software
2012-10-12 22:24 . 2012-10-12 22:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-12 22:24 . 2012-10-12 22:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-10-12 22:23 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-12 22:23 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-12 22:03 . 2012-10-25 20:20 -------- d-----w- c:\users\Amy and David\AppData\Local\NPE
2012-10-12 21:50 . 2012-10-26 08:18 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-12 21:25 . 2012-10-26 08:24 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-10-12 21:06 . 2012-10-12 21:06 -------- d-----w- c:\programdata\PCSettings
2012-10-10 00:01 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 23:59 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 23:59 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-09 23:59 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 23:59 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 23:59 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 23:59 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-09 23:59 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-09 23:59 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:13 . 2012-09-26 10:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 06:13 . 2012-09-26 10:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 14:18 . 2012-09-25 17:00 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-26 09:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-26 09:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-25 12:26 . 2012-09-25 12:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-25 12:26 . 2012-09-25 12:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-25 12:26 . 2012-09-25 12:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-25 12:26 . 2012-09-25 12:26 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-25 12:26 . 2012-09-25 12:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-25 12:26 . 2012-09-25 12:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-25 12:26 . 2012-09-25 12:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-25 12:26 . 2012-09-25 12:26 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-25 12:26 . 2012-09-25 12:26 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-25 12:26 . 2012-09-25 12:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-25 12:26 . 2012-09-25 12:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-25 12:26 . 2012-09-25 12:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-25 12:26 . 2012-09-25 12:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-25 12:26 . 2012-09-25 12:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-25 12:26 . 2012-09-25 12:26 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-25 12:26 . 2012-09-25 12:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-25 12:26 . 2012-09-25 12:26 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-25 12:26 . 2012-09-25 12:26 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-25 12:26 . 2012-09-25 12:26 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-25 12:26 . 2012-09-25 12:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-25 12:26 . 2012-09-25 12:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-25 12:26 . 2012-09-25 12:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-25 12:26 . 2012-09-25 12:26 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-25 12:26 . 2012-09-25 12:26 448512 ----a-w- c:\windows\system32\html.iec
2012-09-25 12:26 . 2012-09-25 12:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-25 12:26 . 2012-09-25 12:26 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-25 12:26 . 2012-09-25 12:26 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-25 12:26 . 2012-09-25 12:26 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-25 12:26 . 2012-09-25 12:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-25 12:26 . 2012-09-25 12:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-25 12:26 . 2012-09-25 12:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-25 12:26 . 2012-09-25 12:26 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-25 12:26 . 2012-09-25 12:26 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-25 12:26 . 2012-09-25 12:26 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-25 12:26 . 2012-09-25 12:26 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-25 12:26 . 2012-09-25 12:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-25 12:26 . 2012-09-25 12:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-25 12:26 . 2012-09-25 12:26 237056 ----a-w- c:\windows\system32\url.dll
2012-09-25 12:26 . 2012-09-25 12:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-25 12:26 . 2012-09-25 12:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-25 12:26 . 2012-09-25 12:26 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-25 12:26 . 2012-09-25 12:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-25 12:26 . 2012-09-25 12:26 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-25 12:26 . 2012-09-25 12:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-25 12:26 . 2012-09-25 12:26 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-25 12:26 . 2012-09-25 12:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-25 12:26 . 2012-09-25 12:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-25 12:26 . 2012-09-25 12:26 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-25 12:26 . 2012-09-25 12:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-25 12:26 . 2012-09-25 12:26 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-25 12:26 . 2012-09-25 12:26 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-25 12:26 . 2012-09-25 12:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-25 12:26 . 2012-09-25 12:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-25 12:26 . 2012-09-25 12:26 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-25 12:26 . 2012-09-25 12:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-25 12:26 . 2012-09-25 12:26 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-25 12:26 . 2012-09-25 12:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-25 12:26 . 2012-09-25 12:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-25 12:26 . 2012-09-25 12:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-25 12:26 . 2012-09-25 12:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-25 12:26 . 2012-09-25 12:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-25 12:26 . 2012-09-25 12:26 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-25 12:26 . 2012-09-25 12:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-25 12:26 . 2012-09-25 12:26 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-25 12:26 . 2012-09-25 12:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-25 12:26 . 2012-09-25 12:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-25 12:26 . 2012-09-25 12:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-25 12:26 . 2012-09-25 12:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-25 12:26 . 2012-09-25 12:26 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-25 12:26 . 2012-09-25 12:26 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-25 12:26 . 2012-09-25 12:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-18 14:58 . 2012-09-25 12:47 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FC32B50-CF4E-4884-B95B-89E06E21CFE5}\mpengine.dll
2012-09-12 06:07 . 2012-09-12 06:07 58368 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-09-12 05:57 . 2012-09-12 05:57 322048 ----a-w- c:\windows\WLXPGSS.SCR
2012-08-22 18:12 . 2012-09-26 21:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-26 21:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-26 21:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-26 21:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 21:16 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 03:01 . 2012-09-27 07:28 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 03:01 . 2012-08-21 03:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 03:01 . 2012-08-21 03:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 00:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-15 10:20 220632 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-15 10:20 220632 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-15 10:20 220632 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-25 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-131 revA\wirelesscm.exe [2012-9-25 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-19 98304]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-19 118784]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-25 1255736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-25 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2008-06-26 167936]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-28 695400]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 06:13]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 22:02]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 22:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-15 10:20 244696 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-15 10:20 244696 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-15 10:20 244696 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3446988377-483794562-929750911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3446988377-483794562-929750911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-04 14:53:03
ComboFix-quarantined-files.txt 2012-11-04 04:53
ComboFix2.txt 2012-11-01 20:58
.
Pre-Run: 378,516,987,904 bytes free
Post-Run: 380,288,425,984 bytes free
.
- - End Of File - - DD93B4706ED0A2987D73AF1113880A80
  • 0

#10
truesalt

truesalt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Gringo, since doing the last task, suddnely my computer is running slow again. For example if I have 3 IE pages open, things lock up for 20 seconds

David
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#12
truesalt

truesalt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Okay, thanks Gringo

10:31:07.0321 4248 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:31:09.0361 4248 ============================================================
10:31:09.0361 4248 Current date / time: 2012/11/05 10:31:09.0361
10:31:09.0361 4248 SystemInfo:
10:31:09.0361 4248
10:31:09.0361 4248 OS Version: 6.1.7601 ServicePack: 1.0
10:31:09.0361 4248 Product type: Workstation
10:31:09.0361 4248 ComputerName: AMYANDDAVID-PC
10:31:09.0361 4248 UserName: Amy and David
10:31:09.0361 4248 Windows directory: C:\Windows
10:31:09.0361 4248 System windows directory: C:\Windows
10:31:09.0361 4248 Running under WOW64
10:31:09.0361 4248 Processor architecture: Intel x64
10:31:09.0361 4248 Number of processors: 2
10:31:09.0361 4248 Page size: 0x1000
10:31:09.0361 4248 Boot type: Normal boot
10:31:09.0361 4248 ============================================================
10:31:11.0583 4248 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:31:11.0763 4248 ============================================================
10:31:11.0763 4248 \Device\Harddisk0\DR0:
10:31:11.0831 4248 MBR partitions:
10:31:11.0831 4248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
10:31:11.0831 4248 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x3A321030
10:31:11.0831 4248 ============================================================
10:31:11.0985 4248 C: <-> \Device\Harddisk0\DR0\Partition2
10:31:11.0985 4248 ============================================================
10:31:11.0986 4248 Initialize success
10:31:11.0986 4248 ============================================================
10:31:16.0555 2884 ============================================================
10:31:16.0555 2884 Scan started
10:31:16.0555 2884 Mode: Manual;
10:31:16.0555 2884 ============================================================
10:31:18.0433 2884 ================ Scan system memory ========================
10:31:18.0433 2884 System memory - ok
10:31:18.0433 2884 ================ Scan services =============================
10:31:18.0693 2884 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:31:18.0696 2884 !SASCORE - ok
10:31:18.0871 2884 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:31:18.0875 2884 1394ohci - ok
10:31:18.0946 2884 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:31:18.0950 2884 ACPI - ok
10:31:18.0990 2884 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:31:18.0992 2884 AcpiPmi - ok
10:31:19.0179 2884 [ F487EE1425D9533AEF4B1D991FC5ABBE ] AdobeActiveFileMonitor C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
10:31:19.0182 2884 AdobeActiveFileMonitor - ok
10:31:19.0287 2884 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:31:19.0289 2884 AdobeARMservice - ok
10:31:19.0448 2884 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:31:19.0452 2884 AdobeFlashPlayerUpdateSvc - ok
10:31:19.0808 2884 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:31:19.0815 2884 adp94xx - ok
10:31:19.0860 2884 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:31:19.0865 2884 adpahci - ok
10:31:19.0880 2884 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:31:19.0883 2884 adpu320 - ok
10:31:19.0941 2884 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:31:19.0943 2884 AeLookupSvc - ok
10:31:20.0001 2884 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:31:20.0007 2884 AFD - ok
10:31:20.0049 2884 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:31:20.0052 2884 agp440 - ok
10:31:20.0079 2884 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:31:20.0082 2884 ALG - ok
10:31:20.0093 2884 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:31:20.0095 2884 aliide - ok
10:31:20.0107 2884 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:31:20.0109 2884 amdide - ok
10:31:20.0138 2884 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:31:20.0140 2884 AmdK8 - ok
10:31:20.0156 2884 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:31:20.0158 2884 AmdPPM - ok
10:31:20.0202 2884 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:31:20.0204 2884 amdsata - ok
10:31:20.0215 2884 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:31:20.0219 2884 amdsbs - ok
10:31:20.0236 2884 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:31:20.0237 2884 amdxata - ok
10:31:20.0288 2884 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:31:20.0290 2884 AppID - ok
10:31:20.0307 2884 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:31:20.0309 2884 AppIDSvc - ok
10:31:20.0345 2884 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:31:20.0349 2884 Appinfo - ok
10:31:20.0416 2884 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:31:20.0420 2884 Apple Mobile Device - ok
10:31:20.0475 2884 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:31:20.0478 2884 arc - ok
10:31:20.0485 2884 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:31:20.0487 2884 arcsas - ok
10:31:20.0526 2884 AsrCDDrv - ok
10:31:20.0585 2884 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
10:31:20.0587 2884 aswFsBlk - ok
10:31:20.0634 2884 [ 9FFC732E12FF53E05FE9E02C8C00CE87 ] aswFW C:\Windows\system32\drivers\aswFW.sys
10:31:20.0636 2884 aswFW - ok
10:31:20.0670 2884 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
10:31:20.0672 2884 aswKbd - ok
10:31:20.0679 2884 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
10:31:20.0682 2884 aswMonFlt - ok
10:31:20.0695 2884 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
10:31:20.0697 2884 aswNdis - ok
10:31:20.0716 2884 [ 5A832BBB1B563B6B3FDA46239B630037 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
10:31:20.0720 2884 aswNdis2 - ok
10:31:20.0772 2884 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
10:31:20.0774 2884 aswRdr - ok
10:31:20.0806 2884 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
10:31:20.0817 2884 aswSnx - ok
10:31:20.0849 2884 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
10:31:20.0854 2884 aswSP - ok
10:31:20.0875 2884 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
10:31:20.0878 2884 aswTdi - ok
10:31:20.0896 2884 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:31:20.0898 2884 AsyncMac - ok
10:31:20.0944 2884 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:31:20.0945 2884 atapi - ok
10:31:21.0004 2884 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:31:21.0013 2884 AudioEndpointBuilder - ok
10:31:21.0027 2884 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:31:21.0032 2884 AudioSrv - ok
10:31:21.0099 2884 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:31:21.0100 2884 avast! Antivirus - ok
10:31:21.0120 2884 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
10:31:21.0122 2884 avast! Firewall - ok
10:31:21.0178 2884 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:31:21.0181 2884 AxInstSV - ok
10:31:21.0232 2884 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:31:21.0239 2884 b06bdrv - ok
10:31:21.0304 2884 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:31:21.0308 2884 b57nd60a - ok
10:31:21.0353 2884 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:31:21.0356 2884 BDESVC - ok
10:31:21.0375 2884 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:31:21.0375 2884 Beep - ok
10:31:21.0438 2884 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:31:21.0447 2884 BFE - ok
10:31:21.0502 2884 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:31:21.0562 2884 BITS - ok
10:31:21.0627 2884 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:31:21.0629 2884 blbdrive - ok
10:31:21.0694 2884 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:31:21.0700 2884 Bonjour Service - ok
10:31:21.0764 2884 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:31:21.0767 2884 bowser - ok
10:31:21.0787 2884 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:31:21.0789 2884 BrFiltLo - ok
10:31:21.0806 2884 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:31:21.0807 2884 BrFiltUp - ok
10:31:21.0826 2884 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:31:21.0829 2884 BridgeMP - ok
10:31:21.0868 2884 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:31:21.0871 2884 Browser - ok
10:31:21.0887 2884 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:31:21.0891 2884 Brserid - ok
10:31:21.0908 2884 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:31:21.0909 2884 BrSerWdm - ok
10:31:21.0927 2884 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:31:21.0929 2884 BrUsbMdm - ok
10:31:21.0947 2884 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:31:21.0949 2884 BrUsbSer - ok
10:31:21.0966 2884 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:31:21.0970 2884 BTHMODEM - ok
10:31:22.0023 2884 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:31:22.0026 2884 bthserv - ok
10:31:22.0033 2884 catchme - ok
10:31:22.0067 2884 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:31:22.0069 2884 cdfs - ok
10:31:22.0130 2884 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:31:22.0133 2884 cdrom - ok
10:31:22.0183 2884 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:31:22.0185 2884 CertPropSvc - ok
10:31:22.0205 2884 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:31:22.0207 2884 circlass - ok
10:31:22.0255 2884 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:31:22.0260 2884 CLFS - ok
10:31:22.0359 2884 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:31:22.0363 2884 clr_optimization_v2.0.50727_32 - ok
10:31:22.0456 2884 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:31:22.0459 2884 clr_optimization_v2.0.50727_64 - ok
10:31:22.0555 2884 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:31:22.0588 2884 clr_optimization_v4.0.30319_32 - ok
10:31:22.0617 2884 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:31:22.0619 2884 clr_optimization_v4.0.30319_64 - ok
10:31:22.0674 2884 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:31:22.0676 2884 CmBatt - ok
10:31:22.0723 2884 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:31:22.0725 2884 cmdide - ok
10:31:22.0779 2884 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:31:22.0785 2884 CNG - ok
10:31:22.0800 2884 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:31:22.0803 2884 Compbatt - ok
10:31:22.0824 2884 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:31:22.0826 2884 CompositeBus - ok
10:31:22.0839 2884 COMSysApp - ok
10:31:22.0862 2884 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:31:22.0864 2884 crcdisk - ok
10:31:22.0926 2884 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:31:22.0929 2884 CryptSvc - ok
10:31:22.0980 2884 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:31:22.0989 2884 DcomLaunch - ok
10:31:23.0035 2884 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:31:23.0040 2884 defragsvc - ok
10:31:23.0094 2884 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:31:23.0097 2884 DfsC - ok
10:31:23.0116 2884 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:31:23.0121 2884 Dhcp - ok
10:31:23.0136 2884 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:31:23.0139 2884 discache - ok
10:31:23.0163 2884 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:31:23.0165 2884 Disk - ok
10:31:23.0218 2884 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:31:23.0222 2884 Dnscache - ok
10:31:23.0280 2884 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:31:23.0285 2884 dot3svc - ok
10:31:23.0336 2884 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:31:23.0340 2884 DPS - ok
10:31:23.0392 2884 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:31:23.0394 2884 drmkaud - ok
10:31:23.0458 2884 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:31:23.0469 2884 DXGKrnl - ok
10:31:23.0530 2884 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:31:23.0533 2884 EapHost - ok
10:31:23.0625 2884 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:31:23.0686 2884 ebdrv - ok
10:31:23.0736 2884 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:31:23.0740 2884 EFS - ok
10:31:23.0813 2884 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:31:23.0822 2884 ehRecvr - ok
10:31:23.0874 2884 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:31:23.0876 2884 ehSched - ok
10:31:23.0943 2884 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:31:23.0951 2884 elxstor - ok
10:31:23.0989 2884 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:31:23.0991 2884 ErrDev - ok
10:31:24.0066 2884 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:31:24.0072 2884 EventSystem - ok
10:31:24.0096 2884 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:31:24.0099 2884 exfat - ok
10:31:24.0245 2884 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:31:24.0249 2884 fastfat - ok
10:31:24.0308 2884 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:31:24.0318 2884 Fax - ok
10:31:24.0339 2884 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:31:24.0342 2884 fdc - ok
10:31:24.0358 2884 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:31:24.0361 2884 fdPHost - ok
10:31:24.0375 2884 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:31:24.0377 2884 FDResPub - ok
10:31:24.0389 2884 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:31:24.0392 2884 FileInfo - ok
10:31:24.0404 2884 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:31:24.0406 2884 Filetrace - ok
10:31:24.0421 2884 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:31:24.0423 2884 flpydisk - ok
10:31:24.0449 2884 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:31:24.0453 2884 FltMgr - ok
10:31:24.0601 2884 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:31:24.0678 2884 FontCache - ok
10:31:24.0757 2884 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:31:24.0760 2884 FontCache3.0.0.0 - ok
10:31:24.0787 2884 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:31:24.0789 2884 FsDepends - ok
10:31:24.0833 2884 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:31:24.0835 2884 fssfltr - ok
10:31:24.0901 2884 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:31:24.0935 2884 fsssvc - ok
10:31:24.0985 2884 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:31:24.0987 2884 Fs_Rec - ok
10:31:25.0044 2884 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:31:25.0048 2884 fvevol - ok
10:31:25.0075 2884 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:31:25.0077 2884 gagp30kx - ok
10:31:25.0136 2884 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:31:25.0137 2884 GEARAspiWDM - ok
10:31:25.0193 2884 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:31:25.0203 2884 gpsvc - ok
10:31:25.0332 2884 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:31:25.0334 2884 gupdate - ok
10:31:25.0350 2884 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:31:25.0352 2884 gupdatem - ok
10:31:25.0405 2884 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:31:25.0408 2884 gusvc - ok
10:31:25.0420 2884 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:31:25.0422 2884 hcw85cir - ok
10:31:25.0493 2884 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:31:25.0498 2884 HdAudAddService - ok
10:31:25.0553 2884 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:31:25.0557 2884 HDAudBus - ok
10:31:25.0576 2884 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:31:25.0578 2884 HidBatt - ok
10:31:25.0597 2884 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:31:25.0599 2884 HidBth - ok
10:31:25.0625 2884 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:31:25.0627 2884 HidIr - ok
10:31:25.0678 2884 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:31:25.0682 2884 hidserv - ok
10:31:25.0705 2884 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:31:25.0707 2884 HidUsb - ok
10:31:25.0757 2884 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:31:25.0760 2884 hkmsvc - ok
10:31:25.0821 2884 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:31:25.0826 2884 HomeGroupListener - ok
10:31:25.0872 2884 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:31:25.0876 2884 HomeGroupProvider - ok
10:31:25.0897 2884 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:31:25.0900 2884 HpSAMD - ok
10:31:25.0962 2884 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:31:25.0971 2884 HTTP - ok
10:31:25.0984 2884 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:31:25.0986 2884 hwpolicy - ok
10:31:26.0028 2884 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:31:26.0031 2884 i8042prt - ok
10:31:26.0187 2884 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:31:26.0196 2884 iaStorV - ok
10:31:26.0279 2884 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:31:26.0290 2884 idsvc - ok
10:31:27.0126 2884 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:31:28.0000 2884 igfx - ok
10:31:28.0041 2884 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:31:28.0043 2884 iirsp - ok
10:31:28.0108 2884 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:31:28.0119 2884 IKEEXT - ok
10:31:28.0168 2884 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:31:28.0170 2884 intelide - ok
10:31:28.0179 2884 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:31:28.0181 2884 intelppm - ok
10:31:28.0221 2884 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:31:28.0225 2884 IPBusEnum - ok
10:31:28.0269 2884 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:31:28.0272 2884 IpFilterDriver - ok
10:31:28.0312 2884 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:31:28.0321 2884 iphlpsvc - ok
10:31:28.0347 2884 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:31:28.0350 2884 IPMIDRV - ok
10:31:28.0384 2884 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:31:28.0387 2884 IPNAT - ok
10:31:28.0991 2884 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:31:29.0002 2884 iPod Service - ok
10:31:29.0028 2884 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:31:29.0030 2884 IRENUM - ok
10:31:29.0044 2884 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:31:29.0046 2884 isapnp - ok
10:31:29.0077 2884 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:31:29.0082 2884 iScsiPrt - ok
10:31:29.0102 2884 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:31:29.0106 2884 kbdclass - ok
10:31:29.0125 2884 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:31:29.0126 2884 kbdhid - ok
10:31:29.0139 2884 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:31:29.0142 2884 KeyIso - ok
10:31:29.0195 2884 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:31:29.0198 2884 KSecDD - ok
10:31:29.0400 2884 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:31:29.0559 2884 KSecPkg - ok
10:31:29.0649 2884 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:31:29.0659 2884 ksthunk - ok
10:31:29.0734 2884 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:31:29.0779 2884 KtmRm - ok
10:31:29.0872 2884 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
10:31:29.0875 2884 L1C - ok
10:31:29.0954 2884 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:31:29.0970 2884 LanmanServer - ok
10:31:30.0024 2884 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:31:30.0030 2884 LanmanWorkstation - ok
10:31:30.0051 2884 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:31:30.0053 2884 lltdio - ok
10:31:30.0108 2884 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:31:30.0114 2884 lltdsvc - ok
10:31:30.0137 2884 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:31:30.0142 2884 lmhosts - ok
10:31:30.0198 2884 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:31:30.0201 2884 LSI_FC - ok
10:31:30.0215 2884 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:31:30.0217 2884 LSI_SAS - ok
10:31:30.0233 2884 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:31:30.0235 2884 LSI_SAS2 - ok
10:31:30.0300 2884 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:31:30.0302 2884 LSI_SCSI - ok
10:31:30.0401 2884 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:31:30.0404 2884 luafv - ok
10:31:30.0412 2884 lxea_device - ok
10:31:30.0458 2884 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:31:30.0461 2884 Mcx2Svc - ok
10:31:30.0489 2884 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:31:30.0491 2884 megasas - ok
10:31:30.0504 2884 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:31:30.0513 2884 MegaSR - ok
10:31:30.0525 2884 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:31:30.0530 2884 MMCSS - ok
10:31:30.0548 2884 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:31:30.0550 2884 Modem - ok
10:31:30.0617 2884 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:31:30.0619 2884 monitor - ok
10:31:30.0641 2884 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
10:31:30.0644 2884 mouclass - ok
10:31:30.0668 2884 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:31:30.0677 2884 mouhid - ok
10:31:30.0729 2884 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:31:30.0731 2884 mountmgr - ok
10:31:30.0783 2884 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:31:30.0787 2884 mpio - ok
10:31:30.0801 2884 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:31:30.0803 2884 mpsdrv - ok
10:31:30.0858 2884 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:31:30.0870 2884 MpsSvc - ok
10:31:30.0911 2884 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:31:30.0914 2884 MRxDAV - ok
10:31:30.0962 2884 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:31:30.0965 2884 mrxsmb - ok
10:31:30.0986 2884 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:31:30.0990 2884 mrxsmb10 - ok
10:31:31.0043 2884 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:31:31.0047 2884 mrxsmb20 - ok
10:31:31.0091 2884 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:31:31.0093 2884 msahci - ok
10:31:31.0112 2884 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:31:31.0115 2884 msdsm - ok
10:31:31.0142 2884 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:31:31.0147 2884 MSDTC - ok
10:31:31.0212 2884 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:31:31.0214 2884 Msfs - ok
10:31:31.0227 2884 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:31:31.0229 2884 mshidkmdf - ok
10:31:31.0238 2884 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:31:31.0240 2884 msisadrv - ok
10:31:31.0284 2884 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:31:31.0288 2884 MSiSCSI - ok
10:31:31.0294 2884 msiserver - ok
10:31:31.0331 2884 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:31:31.0333 2884 MSKSSRV - ok
10:31:31.0347 2884 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:31:31.0349 2884 MSPCLOCK - ok
10:31:31.0361 2884 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:31:31.0364 2884 MSPQM - ok
10:31:31.0416 2884 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:31:31.0421 2884 MsRPC - ok
10:31:31.0435 2884 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:31:31.0436 2884 mssmbios - ok
10:31:31.0457 2884 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:31:31.0458 2884 MSTEE - ok
10:31:31.0475 2884 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:31:31.0477 2884 MTConfig - ok
10:31:31.0498 2884 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:31:31.0500 2884 Mup - ok
10:31:31.0552 2884 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:31:31.0561 2884 napagent - ok
10:31:31.0583 2884 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:31:31.0589 2884 NativeWifiP - ok
10:31:31.0657 2884 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:31:31.0667 2884 NDIS - ok
10:31:31.0710 2884 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:31:31.0712 2884 NdisCap - ok
10:31:31.0730 2884 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:31:31.0732 2884 NdisTapi - ok
10:31:31.0779 2884 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:31:31.0781 2884 Ndisuio - ok
10:31:31.0833 2884 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:31:31.0837 2884 NdisWan - ok
10:31:31.0889 2884 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:31:31.0891 2884 NDProxy - ok
10:31:31.0908 2884 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:31:31.0910 2884 NetBIOS - ok
10:31:31.0958 2884 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:31:31.0962 2884 NetBT - ok
10:31:31.0978 2884 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:31:31.0981 2884 Netlogon - ok
10:31:32.0041 2884 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:31:32.0049 2884 Netman - ok
10:31:32.0061 2884 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:31:32.0071 2884 netprofm - ok
10:31:32.0112 2884 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:31:32.0115 2884 NetTcpPortSharing - ok
10:31:32.0146 2884 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:31:32.0149 2884 nfrd960 - ok
10:31:32.0168 2884 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:31:32.0176 2884 NlaSvc - ok
10:31:32.0188 2884 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:31:32.0189 2884 Npfs - ok
10:31:32.0232 2884 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:31:32.0237 2884 nsi - ok
10:31:32.0250 2884 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:31:32.0250 2884 nsiproxy - ok
10:31:32.0332 2884 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:31:32.0366 2884 Ntfs - ok
10:31:32.0412 2884 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:31:32.0414 2884 Null - ok
10:31:32.0464 2884 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:31:32.0468 2884 nvraid - ok
10:31:32.0616 2884 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:31:32.0620 2884 nvstor - ok
10:31:32.0668 2884 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:31:32.0671 2884 nv_agp - ok
10:31:32.0690 2884 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:31:32.0693 2884 ohci1394 - ok
10:31:32.0785 2884 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:31:32.0788 2884 ose - ok
10:31:32.0955 2884 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:31:33.0034 2884 osppsvc - ok
10:31:33.0090 2884 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:31:33.0097 2884 p2pimsvc - ok
10:31:33.0120 2884 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:31:33.0128 2884 p2psvc - ok
10:31:33.0180 2884 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:31:33.0183 2884 Parport - ok
10:31:33.0233 2884 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:31:33.0236 2884 partmgr - ok
10:31:33.0248 2884 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:31:33.0253 2884 PcaSvc - ok
10:31:33.0297 2884 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:31:33.0301 2884 pci - ok
10:31:33.0313 2884 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:31:33.0315 2884 pciide - ok
10:31:33.0340 2884 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:31:33.0344 2884 pcmcia - ok
10:31:33.0352 2884 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:31:33.0354 2884 pcw - ok
10:31:33.0378 2884 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:31:33.0397 2884 PEAUTH - ok
10:31:33.0500 2884 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:31:33.0503 2884 PerfHost - ok
10:31:33.0640 2884 [ E9CA440FE7A5957EB2EB0C587958DD29 ] PhotoshopElementsDeviceConnect C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
10:31:33.0643 2884 PhotoshopElementsDeviceConnect - ok
10:31:33.0714 2884 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:31:33.0741 2884 pla - ok
10:31:33.0842 2884 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:31:33.0851 2884 PlugPlay - ok
10:31:33.0899 2884 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:31:33.0904 2884 PNRPAutoReg - ok
10:31:33.0922 2884 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:31:33.0928 2884 PNRPsvc - ok
10:31:33.0946 2884 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:31:33.0955 2884 PolicyAgent - ok
10:31:34.0002 2884 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:31:34.0008 2884 Power - ok
10:31:34.0054 2884 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:31:34.0057 2884 PptpMiniport - ok
10:31:34.0079 2884 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:31:34.0081 2884 Processor - ok
10:31:34.0131 2884 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:31:34.0137 2884 ProfSvc - ok
10:31:34.0151 2884 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:31:34.0154 2884 ProtectedStorage - ok
10:31:34.0258 2884 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:31:34.0294 2884 Psched - ok
10:31:34.0493 2884 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:31:34.0619 2884 ql2300 - ok
10:31:34.0636 2884 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:31:34.0645 2884 ql40xx - ok
10:31:34.0699 2884 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:31:34.0706 2884 QWAVE - ok
10:31:34.0718 2884 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:31:34.0721 2884 QWAVEdrv - ok
10:31:34.0741 2884 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:31:34.0743 2884 RasAcd - ok
10:31:34.0791 2884 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:31:34.0792 2884 RasAgileVpn - ok
10:31:34.0809 2884 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:31:34.0814 2884 RasAuto - ok
10:31:34.0866 2884 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:31:34.0869 2884 Rasl2tp - ok
10:31:34.0916 2884 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:31:34.0924 2884 RasMan - ok
10:31:34.0931 2884 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:31:34.0934 2884 RasPppoe - ok
10:31:34.0942 2884 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:31:34.0945 2884 RasSstp - ok
10:31:35.0004 2884 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:31:35.0009 2884 rdbss - ok
10:31:35.0026 2884 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:31:35.0028 2884 rdpbus - ok
10:31:35.0046 2884 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:31:35.0048 2884 RDPCDD - ok
10:31:35.0065 2884 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:31:35.0067 2884 RDPENCDD - ok
10:31:35.0086 2884 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:31:35.0087 2884 RDPREFMP - ok
10:31:35.0157 2884 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:31:35.0159 2884 RdpVideoMiniport - ok
10:31:35.0204 2884 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:31:35.0208 2884 RDPWD - ok
10:31:35.0279 2884 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:31:35.0282 2884 rdyboost - ok
10:31:35.0325 2884 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:31:35.0330 2884 RemoteAccess - ok
10:31:35.0378 2884 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:31:35.0383 2884 RemoteRegistry - ok
10:31:35.0404 2884 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:31:35.0410 2884 RpcEptMapper - ok
10:31:35.0422 2884 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:31:35.0426 2884 RpcLocator - ok
10:31:35.0484 2884 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
10:31:35.0492 2884 RpcSs - ok
10:31:35.0541 2884 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:31:35.0544 2884 rspndr - ok
10:31:35.0629 2884 [ A332DB1DAC07E95667A57AAEEC236C37 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
10:31:35.0637 2884 RTL8192su - ok
10:31:35.0649 2884 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:31:35.0652 2884 SamSs - ok
10:31:35.0740 2884 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:31:35.0742 2884 SASDIFSV - ok
10:31:35.0747 2884 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:31:35.0749 2884 SASKUTIL - ok
10:31:35.0798 2884 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:31:35.0801 2884 sbp2port - ok
10:31:35.0849 2884 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:31:35.0855 2884 SCardSvr - ok
10:31:35.0907 2884 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:31:35.0909 2884 scfilter - ok
10:31:35.0974 2884 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:31:35.0992 2884 Schedule - ok
10:31:36.0036 2884 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:31:36.0038 2884 SCPolicySvc - ok
10:31:36.0087 2884 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:31:36.0094 2884 SDRSVC - ok
10:31:36.0144 2884 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:31:36.0146 2884 secdrv - ok
10:31:36.0190 2884 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:31:36.0195 2884 seclogon - ok
10:31:36.0210 2884 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:31:36.0214 2884 SENS - ok
10:31:36.0230 2884 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:31:36.0234 2884 SensrSvc - ok
10:31:36.0249 2884 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:31:36.0250 2884 Serenum - ok
10:31:36.0321 2884 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:31:36.0324 2884 Serial - ok
10:31:36.0367 2884 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:31:36.0369 2884 sermouse - ok
10:31:36.0415 2884 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:31:36.0420 2884 SessionEnv - ok
10:31:36.0485 2884 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:31:36.0487 2884 sffdisk - ok
10:31:36.0513 2884 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:31:36.0522 2884 sffp_mmc - ok
10:31:36.0550 2884 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:31:36.0552 2884 sffp_sd - ok
10:31:36.0564 2884 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:31:36.0566 2884 sfloppy - ok
10:31:36.0625 2884 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:31:36.0631 2884 SharedAccess - ok
10:31:36.0729 2884 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:31:36.0738 2884 ShellHWDetection - ok
10:31:36.0752 2884 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:31:36.0754 2884 SiSRaid2 - ok
10:31:36.0762 2884 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:31:36.0765 2884 SiSRaid4 - ok
10:31:36.0783 2884 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:31:36.0786 2884 Smb - ok
10:31:36.0855 2884 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:31:36.0860 2884 SNMPTRAP - ok
10:31:36.0869 2884 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:31:36.0871 2884 spldr - ok
10:31:36.0928 2884 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:31:36.0938 2884 Spooler - ok
10:31:37.0040 2884 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:31:37.0101 2884 sppsvc - ok
10:31:37.0117 2884 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:31:37.0122 2884 sppuinotify - ok
10:31:37.0176 2884 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:31:37.0182 2884 srv - ok
10:31:37.0197 2884 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:31:37.0203 2884 srv2 - ok
10:31:37.0222 2884 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:31:37.0225 2884 srvnet - ok
10:31:37.0248 2884 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:31:37.0254 2884 SSDPSRV - ok
10:31:37.0263 2884 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:31:37.0271 2884 SstpSvc - ok
10:31:37.0322 2884 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:31:37.0324 2884 stexstor - ok
10:31:37.0411 2884 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:31:37.0421 2884 stisvc - ok
10:31:37.0469 2884 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:31:37.0471 2884 swenum - ok
10:31:37.0587 2884 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:31:37.0596 2884 SwitchBoard - ok
10:31:37.0609 2884 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:31:37.0620 2884 swprv - ok
10:31:37.0715 2884 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:31:37.0750 2884 SysMain - ok
10:31:37.0798 2884 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:31:37.0803 2884 TabletInputService - ok
10:31:37.0823 2884 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:31:37.0831 2884 TapiSrv - ok
10:31:37.0880 2884 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:31:37.0886 2884 TBS - ok
10:31:37.0930 2884 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:31:37.0965 2884 Tcpip - ok
10:31:38.0023 2884 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:31:38.0036 2884 TCPIP6 - ok
10:31:38.0086 2884 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:31:38.0088 2884 tcpipreg - ok
10:31:38.0143 2884 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:31:38.0145 2884 TDPIPE - ok
10:31:38.0203 2884 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:31:38.0205 2884 TDTCP - ok
10:31:38.0261 2884 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:31:38.0264 2884 tdx - ok
10:31:38.0321 2884 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:31:38.0323 2884 TermDD - ok
10:31:38.0389 2884 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:31:38.0401 2884 TermService - ok
10:31:38.0445 2884 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:31:38.0450 2884 Themes - ok
10:31:38.0467 2884 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:31:38.0471 2884 THREADORDER - ok
10:31:38.0483 2884 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:31:38.0489 2884 TrkWks - ok
10:31:38.0581 2884 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:31:38.0584 2884 TrustedInstaller - ok
10:31:38.0644 2884 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:31:38.0646 2884 tssecsrv - ok
10:31:38.0704 2884 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:31:38.0706 2884 TsUsbFlt - ok
10:31:38.0770 2884 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:31:38.0773 2884 tunnel - ok
10:31:38.0821 2884 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:31:38.0823 2884 uagp35 - ok
10:31:38.0876 2884 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:31:38.0881 2884 udfs - ok
10:31:38.0934 2884 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:31:38.0940 2884 UI0Detect - ok
10:31:38.0971 2884 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:31:38.0973 2884 uliagpkx - ok
10:31:39.0015 2884 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:31:39.0018 2884 umbus - ok
10:31:39.0038 2884 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:31:39.0040 2884 UmPass - ok
10:31:39.0069 2884 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:31:39.0077 2884 upnphost - ok
10:31:39.0117 2884 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:31:39.0120 2884 USBAAPL64 - ok
10:31:39.0146 2884 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:31:39.0148 2884 usbccgp - ok
10:31:39.0200 2884 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:31:39.0202 2884 usbcir - ok
10:31:39.0228 2884 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:31:39.0230 2884 usbehci - ok
10:31:39.0251 2884 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:31:39.0256 2884 usbhub - ok
10:31:39.0280 2884 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:31:39.0283 2884 usbohci - ok
10:31:39.0640 2884 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:31:39.0642 2884 usbprint - ok
10:31:39.0759 2884 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:31:39.0761 2884 usbscan - ok
10:31:39.0774 2884 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:31:39.0777 2884 USBSTOR - ok
10:31:39.0787 2884 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:31:39.0790 2884 usbuhci - ok
10:31:39.0818 2884 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:31:39.0823 2884 UxSms - ok
10:31:39.0830 2884 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:31:39.0833 2884 VaultSvc - ok
10:31:39.0859 2884 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:31:39.0861 2884 vdrvroot - ok
10:31:39.0919 2884 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:31:39.0929 2884 vds - ok
10:31:39.0943 2884 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:31:39.0945 2884 vga - ok
10:31:39.0958 2884 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:31:39.0960 2884 VgaSave - ok
10:31:39.0994 2884 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:31:39.0998 2884 vhdmp - ok
10:31:40.0023 2884 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:31:40.0025 2884 viaide - ok
10:31:40.0038 2884 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:31:40.0041 2884 volmgr - ok
10:31:40.0087 2884 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:31:40.0092 2884 volmgrx - ok
10:31:40.0111 2884 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:31:40.0116 2884 volsnap - ok
10:31:40.0141 2884 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:31:40.0144 2884 vsmraid - ok
10:31:40.0221 2884 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:31:40.0256 2884 VSS - ok
10:31:40.0270 2884 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:31:40.0273 2884 vwifibus - ok
10:31:40.0296 2884 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:31:40.0298 2884 vwififlt - ok
10:31:40.0353 2884 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:31:40.0362 2884 W32Time - ok
10:31:40.0389 2884 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:31:40.0391 2884 WacomPen - ok
10:31:40.0455 2884 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:31:40.0458 2884 WANARP - ok
10:31:40.0463 2884 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:31:40.0465 2884 Wanarpv6 - ok
10:31:40.0540 2884 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:31:40.0566 2884 WatAdminSvc - ok
10:31:40.0711 2884 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:31:40.0796 2884 wbengine - ok
10:31:40.0814 2884 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:31:40.0823 2884 WbioSrvc - ok
10:31:40.0874 2884 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:31:40.0882 2884 wcncsvc - ok
10:31:40.0893 2884 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:31:40.0898 2884 WcsPlugInService - ok
10:31:40.0941 2884 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:31:40.0943 2884 Wd - ok
10:31:40.0965 2884 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:31:40.0974 2884 Wdf01000 - ok
10:31:40.0985 2884 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:31:40.0991 2884 WdiServiceHost - ok
10:31:40.0996 2884 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:31:41.0001 2884 WdiSystemHost - ok
10:31:41.0058 2884 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:31:41.0065 2884 WebClient - ok
10:31:41.0095 2884 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:31:41.0104 2884 Wecsvc - ok
10:31:41.0119 2884 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:31:41.0129 2884 wercplsupport - ok
10:31:41.0185 2884 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:31:41.0191 2884 WerSvc - ok
10:31:41.0208 2884 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:31:41.0210 2884 WfpLwf - ok
10:31:41.0227 2884 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:31:41.0229 2884 WIMMount - ok
10:31:41.0249 2884 WinDefend - ok
10:31:41.0257 2884 WinHttpAutoProxySvc - ok
10:31:41.0341 2884 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:31:41.0345 2884 Winmgmt - ok
10:31:41.0456 2884 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:31:41.0500 2884 WinRM - ok
10:31:41.0568 2884 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:31:41.0582 2884 Wlansvc - ok
10:31:41.0700 2884 [ C71EE856C4F5B52E2D094F494CEE4936 ] WlanWpsSvc C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
10:31:41.0703 2884 WlanWpsSvc - ok
10:31:41.0796 2884 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:31:41.0831 2884 wlidsvc - ok
10:31:41.0871 2884 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:31:41.0873 2884 WmiAcpi - ok
10:31:41.0920 2884 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:31:41.0923 2884 wmiApSrv - ok
10:31:41.0971 2884 WMPNetworkSvc - ok
10:31:42.0020 2884 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:31:42.0026 2884 WPCSvc - ok
10:31:42.0077 2884 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:31:42.0083 2884 WPDBusEnum - ok
10:31:42.0130 2884 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:31:42.0132 2884 ws2ifsl - ok
10:31:42.0147 2884 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:31:42.0153 2884 wscsvc - ok
10:31:42.0162 2884 WSearch - ok
10:31:42.0247 2884 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:31:42.0290 2884 wuauserv - ok
10:31:42.0306 2884 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:31:42.0309 2884 WudfPf - ok
10:31:42.0375 2884 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:31:42.0378 2884 WUDFRd - ok
10:31:42.0428 2884 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:31:42.0434 2884 wudfsvc - ok
10:31:42.0485 2884 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:31:42.0493 2884 WwanSvc - ok
10:31:42.0504 2884 ================ Scan global ===============================
10:31:42.0546 2884 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:31:42.0595 2884 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:31:42.0610 2884 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:31:42.0654 2884 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:31:42.0708 2884 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:31:42.0715 2884 [Global] - ok
10:31:42.0716 2884 ================ Scan MBR ==================================
10:31:42.0728 2884 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:31:42.0847 2884 \Device\Harddisk0\DR0 - ok
10:31:42.0848 2884 ================ Scan VBR ==================================
10:31:42.0852 2884 [ 510F1731D38DBDBF47498CCDA66D5984 ] \Device\Harddisk0\DR0\Partition1
10:31:42.0853 2884 \Device\Harddisk0\DR0\Partition1 - ok
10:31:42.0862 2884 [ 019074331671C9F7E0360017740DE615 ] \Device\Harddisk0\DR0\Partition2
10:31:42.0864 2884 \Device\Harddisk0\DR0\Partition2 - ok
10:31:42.0864 2884 ============================================================
10:31:42.0864 2884 Scan finished
10:31:42.0864 2884 ============================================================
10:31:42.0879 2964 Detected object count: 0
10:31:42.0879 2964 Actual detected object count: 0
10:32:42.0694 4360 ============================================================
10:32:42.0694 4360 Scan started
10:32:42.0694 4360 Mode: Manual;
10:32:42.0694 4360 ============================================================
10:32:43.0928 4360 ================ Scan system memory ========================
10:32:43.0928 4360 System memory - ok
10:32:43.0928 4360 ================ Scan services =============================
10:32:44.0965 4360 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:32:44.0967 4360 !SASCORE - ok
10:32:46.0326 4360 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:32:46.0328 4360 1394ohci - ok
10:32:46.0518 4360 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:32:46.0521 4360 ACPI - ok
10:32:46.0537 4360 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:32:46.0538 4360 AcpiPmi - ok
10:32:47.0708 4360 [ F487EE1425D9533AEF4B1D991FC5ABBE ] AdobeActiveFileMonitor C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
10:32:47.0709 4360 AdobeActiveFileMonitor - ok
10:32:48.0832 4360 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:32:48.0833 4360 AdobeARMservice - ok
10:32:49.0500 4360 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:32:49.0502 4360 AdobeFlashPlayerUpdateSvc - ok
10:32:50.0094 4360 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:32:50.0098 4360 adp94xx - ok
10:32:50.0288 4360 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:32:50.0291 4360 adpahci - ok
10:32:50.0441 4360 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:32:50.0444 4360 adpu320 - ok
10:32:50.0493 4360 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:32:50.0494 4360 AeLookupSvc - ok
10:32:50.0704 4360 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:32:50.0708 4360 AFD - ok
10:32:50.0751 4360 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:32:50.0752 4360 agp440 - ok
10:32:50.0805 4360 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:32:50.0807 4360 ALG - ok
10:32:50.0862 4360 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:32:50.0863 4360 aliide - ok
10:32:50.0925 4360 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:32:50.0926 4360 amdide - ok
10:32:51.0098 4360 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:32:51.0099 4360 AmdK8 - ok
10:32:51.0283 4360 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:32:51.0285 4360 AmdPPM - ok
10:32:51.0344 4360 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:32:51.0346 4360 amdsata - ok
10:32:51.0492 4360 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:32:51.0494 4360 amdsbs - ok
10:32:51.0678 4360 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:32:51.0679 4360 amdxata - ok
10:32:51.0731 4360 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:32:51.0732 4360 AppID - ok
10:32:51.0955 4360 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:32:51.0956 4360 AppIDSvc - ok
10:32:52.0013 4360 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:32:52.0014 4360 Appinfo - ok
10:32:52.0425 4360 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:32:52.0427 4360 Apple Mobile Device - ok
10:32:52.0438 4360 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:32:52.0440 4360 arc - ok
10:32:52.0450 4360 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:32:52.0451 4360 arcsas - ok
10:32:52.0602 4360 AsrCDDrv - ok
10:32:55.0492 4360 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
10:32:55.0493 4360 aswFsBlk - ok
10:32:55.0873 4360 [ 9FFC732E12FF53E05FE9E02C8C00CE87 ] aswFW C:\Windows\system32\drivers\aswFW.sys
10:32:55.0875 4360 aswFW - ok
10:32:55.0926 4360 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
10:32:55.0926 4360 aswKbd - ok
10:32:55.0988 4360 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
10:32:55.0990 4360 aswMonFlt - ok
10:32:56.0034 4360 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
10:32:56.0035 4360 aswNdis - ok
10:32:56.0363 4360 [ 5A832BBB1B563B6B3FDA46239B630037 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
10:32:56.0365 4360 aswNdis2 - ok
10:32:56.0552 4360 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
10:32:56.0553 4360 aswRdr - ok
10:32:58.0392 4360 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
10:32:58.0399 4360 aswSnx - ok
10:32:58.0593 4360 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
10:32:58.0596 4360 aswSP - ok
10:32:58.0771 4360 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
10:32:58.0772 4360 aswTdi - ok
10:32:58.0825 4360 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:32:58.0826 4360 AsyncMac - ok
10:32:58.0889 4360 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:32:58.0890 4360 atapi - ok
10:32:58.0950 4360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:32:58.0955 4360 AudioEndpointBuilder - ok
10:32:59.0158 4360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:32:59.0163 4360 AudioSrv - ok
10:32:59.0626 4360 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:32:59.0627 4360 avast! Antivirus - ok
10:32:59.0955 4360 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
10:32:59.0957 4360 avast! Firewall - ok
10:33:00.0113 4360 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:33:00.0115 4360 AxInstSV - ok
10:33:00.0193 4360 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:33:00.0197 4360 b06bdrv - ok
10:33:00.0482 4360 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:33:00.0485 4360 b57nd60a - ok
10:33:00.0605 4360 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:33:00.0606 4360 BDESVC - ok
10:33:00.0660 4360 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:33:00.0661 4360 Beep - ok
10:33:00.0764 4360 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:33:00.0770 4360 BFE - ok
10:33:00.0971 4360 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:33:00.0981 4360 BITS - ok
10:33:01.0054 4360 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:33:01.0055 4360 blbdrive - ok
10:33:01.0405 4360 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:33:01.0409 4360 Bonjour Service - ok
10:33:02.0332 4360 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:33:02.0333 4360 bowser - ok
10:33:02.0503 4360 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:33:02.0504 4360 BrFiltLo - ok
10:33:02.0665 4360 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:33:02.0666 4360 BrFiltUp - ok
10:33:02.0735 4360 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:33:02.0736 4360 BridgeMP - ok
10:33:02.0925 4360 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:33:02.0928 4360 Browser - ok
10:33:03.0245 4360 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:33:03.0248 4360 Brserid - ok
10:33:03.0307 4360 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:33:03.0309 4360 BrSerWdm - ok
10:33:03.0335 4360 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:33:03.0336 4360 BrUsbMdm - ok
10:33:03.0504 4360 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:33:03.0505 4360 BrUsbSer - ok
10:33:03.0549 4360 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:33:03.0550 4360 BTHMODEM - ok
10:33:03.0623 4360 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:33:03.0625 4360 bthserv - ok
10:33:03.0628 4360 catchme - ok
10:33:03.0666 4360 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:33:03.0667 4360 cdfs - ok
10:33:03.0872 4360 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:33:03.0873 4360 cdrom - ok
10:33:03.0932 4360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:33:03.0934 4360 CertPropSvc - ok
10:33:03.0988 4360 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:33:03.0989 4360 circlass - ok
10:33:04.0054 4360 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:33:04.0058 4360 CLFS - ok
10:33:04.0583 4360 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:33:04.0584 4360 clr_optimization_v2.0.50727_32 - ok
10:33:05.0071 4360 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:33:05.0073 4360 clr_optimization_v2.0.50727_64 - ok
10:33:05.0419 4360 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:33:05.0421 4360 clr_optimization_v4.0.30319_32 - ok
10:33:05.0631 4360 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:33:05.0633 4360 clr_optimization_v4.0.30319_64 - ok
10:33:05.0681 4360 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:33:05.0682 4360 CmBatt - ok
10:33:05.0863 4360 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:33:05.0864 4360 cmdide - ok
10:33:06.0068 4360 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:33:06.0072 4360 CNG - ok
10:33:06.0207 4360 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:33:06.0208 4360 Compbatt - ok
10:33:06.0221 4360 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:33:06.0222 4360 CompositeBus - ok
10:33:06.0230 4360 COMSysApp - ok
10:33:06.0277 4360 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:33:06.0278 4360 crcdisk - ok
10:33:06.0482 4360 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:33:06.0484 4360 CryptSvc - ok
10:33:06.0694 4360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:33:06.0703 4360 DcomLaunch - ok
10:33:06.0907 4360 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:33:06.0910 4360 defragsvc - ok
10:33:07.0091 4360 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:33:07.0093 4360 DfsC - ok
10:33:07.0454 4360 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:33:07.0458 4360 Dhcp - ok
10:33:07.0517 4360 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:33:07.0518 4360 discache - ok
10:33:07.0559 4360 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:33:07.0561 4360 Disk - ok
10:33:07.0765 4360 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:33:07.0768 4360 Dnscache - ok
10:33:07.0968 4360 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:33:07.0971 4360 dot3svc - ok
10:33:10.0590 4360 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:33:10.0593 4360 DPS - ok
10:33:11.0527 4360 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:33:11.0528 4360 drmkaud - ok
10:33:15.0075 4360 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:33:15.0082 4360 DXGKrnl - ok
10:33:16.0376 4360 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:33:16.0378 4360 EapHost - ok
10:33:19.0336 4360 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:33:19.0359 4360 ebdrv - ok
10:33:19.0405 4360 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:33:19.0408 4360 EFS - ok
10:33:19.0474 4360 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:33:19.0479 4360 ehRecvr - ok
10:33:19.0526 4360 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:33:19.0527 4360 ehSched - ok
10:33:19.0598 4360 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:33:19.0602 4360 elxstor - ok
10:33:19.0625 4360 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:33:19.0625 4360 ErrDev - ok
10:33:19.0676 4360 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:33:19.0680 4360 EventSystem - ok
10:33:19.0707 4360 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:33:19.0708 4360 exfat - ok
10:33:19.0864 4360 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:33:19.0867 4360 fastfat - ok
10:33:19.0927 4360 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:33:19.0933 4360 Fax - ok
10:33:19.0951 4360 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:33:19.0951 4360 fdc - ok
10:33:19.0968 4360 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:33:19.0970 4360 fdPHost - ok
10:33:19.0986 4360 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:33:19.0988 4360 FDResPub - ok
10:33:20.0000 4360 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:33:20.0001 4360 FileInfo - ok
10:33:20.0014 4360 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:33:20.0015 4360 Filetrace - ok
10:33:20.0032 4360 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:33:20.0033 4360 flpydisk - ok
10:33:20.0059 4360 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:33:20.0062 4360 FltMgr - ok
10:33:20.0212 4360 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:33:20.0223 4360 FontCache - ok
10:33:20.0309 4360 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:33:20.0310 4360 FontCache3.0.0.0 - ok
10:33:20.0497 4360 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:33:20.0499 4360 FsDepends - ok
10:33:20.0569 4360 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:33:20.0570 4360 fssfltr - ok
10:33:20.0653 4360 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:33:20.0664 4360 fsssvc - ok
10:33:20.0712 4360 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:33:20.0713 4360 Fs_Rec - ok
10:33:20.0780 4360 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:33:20.0783 4360 fvevol - ok
10:33:20.0801 4360 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:33:20.0802 4360 gagp30kx - ok
10:33:20.0846 4360 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:33:20.0847 4360 GEARAspiWDM - ok
10:33:20.0903 4360 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:33:20.0910 4360 gpsvc - ok
10:33:21.0034 4360 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:33:21.0036 4360 gupdate - ok
10:33:21.0044 4360 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:33:21.0046 4360 gupdatem - ok
10:33:21.0090 4360 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:33:21.0092 4360 gusvc - ok
10:33:21.0106 4360 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:33:21.0108 4360 hcw85cir - ok
10:33:21.0162 4360 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:33:21.0166 4360 HdAudAddService - ok
10:33:21.0213 4360 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:33:21.0216 4360 HDAudBus - ok
10:33:21.0236 4360 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:33:21.0238 4360 HidBatt - ok
10:33:21.0258 4360 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:33:21.0260 4360 HidBth - ok
10:33:21.0286 4360 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:33:21.0288 4360 HidIr - ok
10:33:21.0339 4360 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:33:21.0341 4360 hidserv - ok
10:33:21.0357 4360 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:33:21.0359 4360 HidUsb - ok
10:33:21.0410 4360 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:33:21.0413 4360 hkmsvc - ok
10:33:21.0473 4360 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:33:21.0479 4360 HomeGroupListener - ok
10:33:21.0524 4360 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:33:21.0529 4360 HomeGroupProvider - ok
10:33:21.0541 4360 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:33:21.0543 4360 HpSAMD - ok
10:33:21.0606 4360 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:33:21.0616 4360 HTTP - ok
10:33:21.0627 4360 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:33:21.0629 4360 hwpolicy - ok
10:33:21.0672 4360 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:33:21.0674 4360 i8042prt - ok
10:33:21.0723 4360 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:33:21.0729 4360 iaStorV - ok
10:33:21.0773 4360 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:33:21.0783 4360 idsvc - ok
10:33:22.0587 4360 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:33:23.0359 4360 igfx - ok
10:33:23.0411 4360 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:33:23.0413 4360 iirsp - ok
10:33:23.0469 4360 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:33:23.0480 4360 IKEEXT - ok
10:33:23.0496 4360 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:33:23.0498 4360 intelide - ok
10:33:23.0515 4360 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:33:23.0516 4360 intelppm - ok
10:33:23.0557 4360 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:33:23.0561 4360 IPBusEnum - ok
10:33:23.0605 4360 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:33:23.0607 4360 IpFilterDriver - ok
10:33:23.0631 4360 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:33:23.0640 4360 iphlpsvc - ok
10:33:23.0692 4360 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:33:23.0694 4360 IPMIDRV - ok
10:33:23.0719 4360 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:33:23.0722 4360 IPNAT - ok
10:33:24.0270 4360 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:33:24.0282 4360 iPod Service - ok
10:33:24.0297 4360 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:33:24.0298 4360 IRENUM - ok
10:33:24.0347 4360 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:33:24.0349 4360 isapnp - ok
10:33:24.0405 4360 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:33:24.0409 4360 iScsiPrt - ok
10:33:24.0429 4360 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:33:24.0430 4360 kbdclass - ok
10:33:24.0444 4360 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:33:24.0445 4360 kbdhid - ok
10:33:24.0458 4360 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:33:24.0460 4360 KeyIso - ok
10:33:24.0514 4360 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:33:24.0516 4360 KSecDD - ok
10:33:24.0677 4360 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:33:24.0794 4360 KSecPkg - ok
10:33:24.0810 4360 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:33:24.0812 4360 ksthunk - ok
10:33:24.0864 4360 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:33:24.0872 4360 KtmRm - ok
10:33:24.0891 4360 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
10:33:24.0894 4360 L1C - ok
10:33:24.0948 4360 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:33:24.0955 4360 LanmanServer - ok
10:33:25.0001 4360 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:33:25.0007 4360 LanmanWorkstation - ok
10:33:25.0021 4360 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:33:25.0023 4360 lltdio - ok
10:33:25.0052 4360 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:33:25.0058 4360 lltdsvc - ok
10:33:25.0083 4360 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:33:25.0085 4360 lmhosts - ok
10:33:25.0101 4360 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:33:25.0104 4360 LSI_FC - ok
10:33:25.0119 4360 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:33:25.0121 4360 LSI_SAS - ok
10:33:25.0135 4360 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:33:25.0137 4360 LSI_SAS2 - ok
10:33:25.0204 4360 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:33:25.0208 4360 LSI_SCSI - ok
10:33:25.0288 4360 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:33:25.0291 4360 luafv - ok
10:33:25.0308 4360 lxea_device - ok
10:33:25.0360 4360 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:33:25.0365 4360 Mcx2Svc - ok
10:33:25.0400 4360 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:33:25.0403 4360 megasas - ok
10:33:25.0440 4360 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:33:25.0450 4360 MegaSR - ok
10:33:25.0472 4360 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:33:25.0489 4360 MMCSS - ok
10:33:25.0560 4360 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:33:25.0564 4360 Modem - ok
10:33:25.0662 4360 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:33:25.0663 4360 monitor - ok
10:33:25.0685 4360 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
10:33:25.0688 4360 mouclass - ok
10:33:25.0701 4360 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:33:25.0703 4360 mouhid - ok
10:33:25.0765 4360 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:33:25.0769 4360 mountmgr - ok
10:33:25.0835 4360 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:33:25.0843 4360 mpio - ok
10:33:25.0871 4360 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:33:25.0874 4360 mpsdrv - ok
10:33:25.0949 4360 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:33:25.0966 4360 MpsSvc - ok
10:33:26.0057 4360 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:33:26.0060 4360 MRxDAV - ok
10:33:26.0116 4360 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:33:26.0119 4360 mrxsmb - ok
10:33:26.0140 4360 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:33:26.0145 4360 mrxsmb10 - ok
10:33:26.0163 4360 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:33:26.0168 4360 mrxsmb20 - ok
10:33:26.0219 4360 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:33:26.0221 4360 msahci - ok
10:33:26.0242 4360 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:33:26.0245 4360 msdsm - ok
10:33:26.0273 4360 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:33:26.0280 4360 MSDTC - ok
10:33:26.0340 4360 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:33:26.0344 4360 Msfs - ok
10:33:26.0372 4360 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:33:26.0375 4360 mshidkmdf - ok
10:33:26.0391 4360 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:33:26.0393 4360 msisadrv - ok
10:33:26.0436 4360 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:33:26.0442 4360 MSiSCSI - ok
10:33:26.0456 4360 msiserver - ok
10:33:26.0500 4360 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:33:26.0503 4360 MSKSSRV - ok
10:33:26.0527 4360 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:33:26.0529 4360 MSPCLOCK - ok
10:33:26.0539 4360 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:33:26.0543 4360 MSPQM - ok
10:33:26.0594 4360 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:33:26.0600 4360 MsRPC - ok
10:33:26.0637 4360 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:33:26.0641 4360 mssmbios - ok
10:33:26.0660 4360 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:33:26.0662 4360 MSTEE - ok
10:33:26.0678 4360 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:33:26.0680 4360 MTConfig - ok
10:33:26.0700 4360 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:33:26.0702 4360 Mup - ok
10:33:26.0764 4360 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:33:26.0773 4360 napagent - ok
10:33:26.0811 4360 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:33:26.0816 4360 NativeWifiP - ok
10:33:26.0876 4360 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:33:26.0883 4360 NDIS - ok
10:33:26.0921 4360 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:33:26.0923 4360 NdisCap - ok
10:33:26.0951 4360 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:33:26.0954 4360 NdisTapi - ok
10:33:27.0015 4360 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:33:27.0018 4360 Ndisuio - ok
10:33:27.0153 4360 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:33:27.0156 4360 NdisWan - ok
10:33:27.0216 4360 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:33:27.0218 4360 NDProxy - ok
10:33:27.0244 4360 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:33:27.0246 4360 NetBIOS - ok
10:33:27.0261 4360 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:33:27.0271 4360 NetBT - ok
10:33:27.0289 4360 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:33:27.0291 4360 Netlogon - ok
10:33:27.0354 4360 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:33:27.0363 4360 Netman - ok
10:33:27.0385 4360 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:33:27.0397 4360 netprofm - ok
10:33:27.0453 4360 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:33:27.0456 4360 NetTcpPortSharing - ok
10:33:27.0492 4360 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:33:27.0494 4360 nfrd960 - ok
10:33:27.0546 4360 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:33:27.0596 4360 NlaSvc - ok
10:33:27.0640 4360 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:33:27.0651 4360 Npfs - ok
10:33:27.0676 4360 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:33:27.0681 4360 nsi - ok
10:33:27.0695 4360 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:33:27.0698 4360 nsiproxy - ok
10:33:27.0787 4360 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:33:27.0805 4360 Ntfs - ok
10:33:27.0835 4360 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:33:27.0836 4360 Null - ok
10:33:27.0930 4360 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:33:27.0933 4360 nvraid - ok
10:33:28.0052 4360 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:33:28.0056 4360 nvstor - ok
10:33:28.0087 4360 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:33:28.0092 4360 nv_agp - ok
10:33:28.0126 4360 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:33:28.0129 4360 ohci1394 - ok
10:33:28.0391 4360 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:33:28.0410 4360 ose - ok
10:33:28.0724 4360 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:33:28.0796 4360 osppsvc - ok
10:33:28.0883 4360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:33:28.0905 4360 p2pimsvc - ok
10:33:29.0029 4360 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:33:29.0056 4360 p2psvc - ok
10:33:29.0124 4360 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:33:29.0128 4360 Parport - ok
10:33:29.0185 4360 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:33:29.0191 4360 partmgr - ok
10:33:29.0208 4360 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:33:29.0214 4360 PcaSvc - ok
10:33:29.0266 4360 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:33:29.0270 4360 pci - ok
10:33:29.0290 4360 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:33:29.0291 4360 pciide - ok
10:33:29.0317 4360 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:33:29.0321 4360 pcmcia - ok
10:33:29.0334 4360 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:33:29.0336 4360 pcw - ok
10:33:29.0373 4360 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:33:29.0383 4360 PEAUTH - ok
10:33:29.0494 4360 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:33:29.0498 4360 PerfHost - ok
10:33:29.0650 4360 [ E9CA440FE7A5957EB2EB0C587958DD29 ] PhotoshopElementsDeviceConnect C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
10:33:29.0653 4360 PhotoshopElementsDeviceConnect - ok
10:33:29.0733 4360 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:33:29.0759 4360 pla - ok
10:33:29.0876 4360 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:33:29.0937 4360 PlugPlay - ok
10:33:29.0993 4360 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:33:29.0998 4360 PNRPAutoReg - ok
10:33:30.0061 4360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:33:30.0077 4360 PNRPsvc - ok
10:33:30.0157 4360 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:33:30.0176 4360 PolicyAgent - ok
10:33:30.0237 4360 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:33:30.0258 4360 Power - ok
10:33:30.0331 4360 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:33:30.0337 4360 PptpMiniport - ok
10:33:30.0364 4360 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:33:30.0366 4360 Processor - ok
10:33:30.0416 4360 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:33:30.0422 4360 ProfSvc - ok
10:33:30.0444 4360 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:33:30.0450 4360 ProtectedStorage - ok
10:33:30.0505 4360 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:33:30.0510 4360 Psched - ok
10:33:30.0850 4360 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:33:31.0005 4360 ql2300 - ok
10:33:31.0021 4360 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:33:31.0025 4360 ql40xx - ok
10:33:31.0076 4360 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:33:31.0083 4360 QWAVE - ok
10:33:31.0103 4360 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:33:31.0106 4360 QWAVEdrv - ok
10:33:31.0125 4360 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:33:31.0127 4360 RasAcd - ok
10:33:31.0150 4360 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:33:31.0152 4360 RasAgileVpn - ok
10:33:31.0168 4360 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:33:31.0176 4360 RasAuto - ok
10:33:31.0234 4360 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:33:31.0238 4360 Rasl2tp - ok
10:33:31.0292 4360 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:33:31.0300 4360 RasMan - ok
10:33:31.0313 4360 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:33:31.0316 4360 RasPppoe - ok
10:33:31.0328 4360 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:33:31.0330 4360 RasSstp - ok
10:33:31.0382 4360 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:33:31.0387 4360 rdbss - ok
10:33:31.0424 4360 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:33:31.0426 4360 rdpbus - ok
10:33:31.0457 4360 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:33:31.0458 4360 RDPCDD - ok
10:33:31.0474 4360 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:33:31.0477 4360 RDPENCDD - ok
10:33:31.0504 4360 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:33:31.0506 4360 RDPREFMP - ok
10:33:31.0584 4360 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:33:31.0589 4360 RdpVideoMiniport - ok
10:33:31.0656 4360 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:33:31.0660 4360 RDPWD - ok
10:33:31.0711 4360 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:33:31.0716 4360 rdyboost - ok
10:33:31.0768 4360 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:33:31.0773 4360 RemoteAccess - ok
10:33:31.0846 4360 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:33:31.0851 4360 RemoteRegistry - ok
10:33:31.0881 4360 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:33:31.0892 4360 RpcEptMapper - ok
10:33:31.0949 4360 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:33:31.0954 4360 RpcLocator - ok
10:33:32.0069 4360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
10:33:32.0079 4360 RpcSs - ok
10:33:32.0135 4360 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:33:32.0140 4360 rspndr - ok
10:33:32.0206 4360 [ A332DB1DAC07E95667A57AAEEC236C37 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
10:33:32.0216 4360 RTL8192su - ok
10:33:32.0234 4360 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:33:32.0237 4360 SamSs - ok
10:33:32.0343 4360 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:33:32.0345 4360 SASDIFSV - ok
10:33:32.0361 4360 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:33:32.0362 4360 SASKUTIL - ok
10:33:32.0424 4360 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:33:32.0428 4360 sbp2port - ok
10:33:32.0484 4360 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:33:32.0495 4360 SCardSvr - ok
10:33:32.0583 4360 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:33:32.0596 4360 scfilter - ok
10:33:32.0661 4360 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:33:32.0673 4360 Schedule - ok
10:33:32.0703 4360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:33:32.0706 4360 SCPolicySvc - ok
10:33:32.0748 4360 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:33:32.0754 4360 SDRSVC - ok
10:33:32.0818 4360 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:33:32.0831 4360 secdrv - ok
10:33:32.0891 4360 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:33:32.0897 4360 seclogon - ok
10:33:32.0945 4360 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:33:32.0950 4360 SENS - ok
10:33:32.0989 4360 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:33:33.0000 4360 SensrSvc - ok
10:33:33.0025 4360 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:33:33.0028 4360 Serenum - ok
10:33:33.0130 4360 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:33:33.0172 4360 Serial - ok
10:33:33.0245 4360 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:33:33.0247 4360 sermouse - ok
10:33:33.0333 4360 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:33:33.0338 4360 SessionEnv - ok
10:33:33.0386 4360 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:33:33.0388 4360 sffdisk - ok
10:33:33.0416 4360 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:33:33.0418 4360 sffp_mmc - ok
10:33:33.0445 4360 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:33:33.0447 4360 sffp_sd - ok
10:33:33.0466 4360 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:33:33.0468 4360 sfloppy - ok
10:33:33.0534 4360 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:33:33.0551 4360 SharedAccess - ok
10:33:33.0625 4360 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:33:33.0633 4360 ShellHWDetection - ok
10:33:33.0646 4360 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:33:33.0649 4360 SiSRaid2 - ok
10:33:33.0672 4360 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:33:33.0674 4360 SiSRaid4 - ok
10:33:33.0701 4360 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:33:33.0704 4360 Smb - ok
10:33:33.0764 4360 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:33:33.0773 4360 SNMPTRAP - ok
10:33:33.0787 4360 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:33:33.0789 4360 spldr - ok
10:33:33.0866 4360 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:33:33.0885 4360 Spooler - ok
10:33:34.0007 4360 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:33:34.0087 4360 sppsvc - ok
10:33:34.0220 4360 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:33:34.0230 4360 sppuinotify - ok
10:33:34.0316 4360 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:33:34.0324 4360 srv - ok
10:33:34.0343 4360 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:33:34.0351 4360 srv2 - ok
10:33:34.0389 4360 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:33:34.0392 4360 srvnet - ok
10:33:34.0416 4360 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:33:34.0421 4360 SSDPSRV - ok
10:33:34.0432 4360 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:33:34.0437 4360 SstpSvc - ok
10:33:34.0490 4360 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:33:34.0499 4360 stexstor - ok
10:33:34.0554 4360 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:33:34.0568 4360 stisvc - ok
10:33:34.0624 4360 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:33:34.0625 4360 swenum - ok
10:33:34.0855 4360 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:33:34.0873 4360 SwitchBoard - ok
10:33:34.0927 4360 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:33:34.0939 4360 swprv - ok
10:33:35.0073 4360 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:33:35.0111 4360 SysMain - ok
10:33:35.0166 4360 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:33:35.0173 4360 TabletInputService - ok
10:33:35.0207 4360 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:33:35.0212 4360 TapiSrv - ok
10:33:35.0231 4360 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:33:35.0238 4360 TBS - ok
10:33:35.0293 4360 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:33:35.0315 4360 Tcpip - ok
10:33:35.0367 4360 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:33:35.0383 4360 TCPIP6 - ok
10:33:35.0453 4360 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:33:35.0456 4360 tcpipreg - ok
10:33:35.0510 4360 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:33:35.0513 4360 TDPIPE - ok
10:33:35.0567 4360 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:33:35.0574 4360 TDTCP - ok
10:33:35.0628 4360 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:33:35.0630 4360 tdx - ok
10:33:35.0688 4360 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:33:35.0691 4360 TermDD - ok
10:33:35.0749 4360 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:33:35.0759 4360 TermService - ok
10:33:35.0823 4360 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:33:35.0830 4360 Themes - ok
10:33:35.0853 4360 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:33:35.0864 4360 THREADORDER - ok
10:33:35.0941 4360 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:33:35.0967 4360 TrkWks - ok
10:33:36.0140 4360 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:33:36.0145 4360 TrustedInstaller - ok
10:33:36.0204 4360 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:33:36.0208 4360 tssecsrv - ok
10:33:36.0253 4360 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:33:36.0256 4360 TsUsbFlt - ok
10:33:36.0321 4360 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:33:36.0327 4360 tunnel - ok
10:33:36.0387 4360 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:33:36.0401 4360 uagp35 - ok
10:33:36.0419 4360 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:33:36.0425 4360 udfs - ok
10:33:36.0493 4360 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:33:36.0499 4360 UI0Detect - ok
10:33:36.0530 4360 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:33:36.0535 4360 uliagpkx - ok
10:33:36.0590 4360 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:33:36.0593 4360 umbus - ok
10:33:36.0622 4360 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:33:36.0625 4360 UmPass - ok
10:33:36.0668 4360 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:33:36.0679 4360 upnphost - ok
10:33:36.0725 4360 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:33:36.0728 4360 USBAAPL64 - ok
10:33:36.0771 4360 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:33:36.0774 4360 usbccgp - ok
10:33:36.0825 4360 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:33:36.0828 4360 usbcir - ok
10:33:36.0862 4360 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:33:36.0864 4360 usbehci - ok
10:33:36.0901 4360 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:33:36.0911 4360 usbhub - ok
10:33:36.0939 4360 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:33:36.0942 4360 usbohci - ok
10:33:37.0283 4360 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:33:37.0284 4360 usbprint - ok
10:33:37.0327 4360 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:33:37.0329 4360 usbscan - ok
10:33:37.0367 4360 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:33:37.0370 4360 USBSTOR - ok
10:33:37.0386 4360 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:33:37.0390 4360 usbuhci - ok
10:33:37.0409 4360 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:33:37.0415 4360 UxSms - ok
10:33:37.0427 4360 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:33:37.0430 4360 VaultSvc - ok
10:33:37.0468 4360 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:33:37.0471 4360 vdrvroot - ok
10:33:37.0539 4360 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:33:37.0551 4360 vds - ok
10:33:37.0577 4360 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:33:37.0581 4360 vga - ok
10:33:37.0600 4360 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:33:37.0603 4360 VgaSave - ok
10:33:37.0636 4360 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:33:37.0645 4360 vhdmp - ok
10:33:37.0673 4360 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:33:37.0676 4360 viaide - ok
10:33:37.0688 4360 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:33:37.0691 4360 volmgr - ok
10:33:37.0748 4360 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:33:37.0755 4360 volmgrx - ok
10:33:37.0770 4360 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:33:37.0780 4360 volsnap - ok
10:33:37.0799 4360 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:33:37.0804 4360 vsmraid - ok
10:33:37.0885 4360 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:33:37.0924 4360 VSS - ok
10:33:37.0946 4360 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:33:37.0949 4360 vwifibus - ok
10:33:37.0963 4360 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:33:37.0966 4360 vwififlt - ok
10:33:38.0029 4360 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:33:38.0040 4360 W32Time - ok
10:33:38.0065 4360 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:33:38.0069 4360 WacomPen - ok
10:33:38.0097 4360 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:33:38.0100 4360 WANARP - ok
10:33:38.0108 4360 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:33:38.0110 4360 Wanarpv6 - ok
10:33:38.0177 4360 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:33:38.0211 4360 WatAdminSvc - ok
10:33:38.0317 4360 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:33:38.0402 4360 wbengine - ok
10:33:38.0457 4360 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:33:38.0463 4360 WbioSrvc - ok
10:33:38.0516 4360 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:33:38.0526 4360 wcncsvc - ok
10:33:38.0569 4360 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:33:38.0575 4360 WcsPlugInService - ok
10:33:38.0632 4360 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:33:38.0635 4360 Wd - ok
10:33:38.0674 4360 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:33:38.0684 4360 Wdf01000 - ok
10:33:38.0702 4360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:33:38.0708 4360 WdiServiceHost - ok
10:33:38.0717 4360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:33:38.0722 4360 WdiSystemHost - ok
10:33:38.0775 4360 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:33:38.0785 4360 WebClient - ok
10:33:38.0804 4360 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:33:38.0812 4360 Wecsvc - ok
10:33:38.0827 4360 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:33:38.0833 4360 wercplsupport - ok
10:33:38.0884 4360 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:33:38.0891 4360 WerSvc - ok
10:33:38.0926 4360 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:33:38.0929 4360 WfpLwf - ok
10:33:38.0952 4360 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:33:38.0955 4360 WIMMount - ok
10:33:38.0983 4360 WinDefend - ok
10:33:38.0996 4360 WinHttpAutoProxySvc - ok
10:33:39.0083 4360 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:33:39.0093 4360 Winmgmt - ok
10:33:39.0184 4360 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:33:39.0229 4360 WinRM - ok
10:33:39.0314 4360 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:33:39.0381 4360 Wlansvc - ok
10:33:39.0526 4360 [ C71EE856C4F5B52E2D094F494CEE4936 ] WlanWpsSvc C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
10:33:39.0528 4360 WlanWpsSvc - ok
10:33:39.0618 4360 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:33:39.0637 4360 wlidsvc - ok
10:33:39.0706 4360 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:33:39.0708 4360 WmiAcpi - ok
10:33:39.0762 4360 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:33:39.0766 4360 wmiApSrv - ok
10:33:39.0813 4360 WMPNetworkSvc - ok
10:33:39.0829 4360 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:33:39.0834 4360 WPCSvc - ok
10:33:39.0886 4360 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:33:39.0896 4360 WPDBusEnum - ok
10:33:39.0915 4360 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:33:39.0919 4360 ws2ifsl - ok
10:33:39.0939 4360 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:33:39.0949 4360 wscsvc - ok
10:33:39.0958 4360 WSearch - ok
10:33:40.0048 4360 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:33:40.0108 4360 wuauserv - ok
10:33:40.0137 4360 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:33:40.0141 4360 WudfPf - ok
10:33:40.0201 4360 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:33:40.0210 4360 WUDFRd - ok
10:33:40.0262 4360 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:33:40.0273 4360 wudfsvc - ok
10:33:40.0335 4360 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:33:40.0346 4360 WwanSvc - ok
10:33:40.0371 4360 ================ Scan global ===============================
10:33:40.0421 4360 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:33:40.0471 4360 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:33:40.0489 4360 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:33:40.0538 4360 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:33:40.0559 4360 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:33:40.0570 4360 [Global] - ok
10:33:40.0571 4360 ================ Scan MBR ==================================
10:33:40.0586 4360 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:33:40.0778 4360 \Device\Harddisk0\DR0 - ok
10:33:40.0779 4360 ================ Scan VBR ==================================
10:33:40.0786 4360 [ 510F1731D38DBDBF47498CCDA66D5984 ] \Device\Harddisk0\DR0\Partition1
10:33:40.0789 4360 \Device\Harddisk0\DR0\Partition1 - ok
10:33:40.0803 4360 [ 019074331671C9F7E0360017740DE615 ] \Device\Harddisk0\DR0\Partition2
10:33:40.0806 4360 \Device\Harddisk0\DR0\Partition2 - ok
10:33:40.0806 4360 ============================================================
10:33:40.0806 4360 Scan finished
10:33:40.0806 4360 ============================================================
10:33:40.0835 1824 Detected object count: 0
10:33:40.0835 1824 Actual detected object count: 0
10:35:22.0067 1784 Deinitialize success


and

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-05 10:36:22
-----------------------------
10:36:22.232 OS Version: Windows x64 6.1.7601 Service Pack 1
10:36:22.232 Number of processors: 2 586 0x170A
10:36:22.232 ComputerName: AMYANDDAVID-PC UserName: Amy and David
10:36:26.161 Initialize success
10:36:26.333 AVAST engine defs: 12110401
10:37:01.485 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:37:01.485 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 3
10:37:01.579 Disk 0 MBR read successfully
10:37:01.579 Disk 0 MBR scan
10:37:01.579 Disk 0 Windows 7 default MBR code
10:37:01.594 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
10:37:01.610 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476738 MB offset 411648
10:37:01.625 Disk 0 scanning C:\Windows\system32\drivers
10:37:12.818 Service scanning
10:37:39.413 Modules scanning
10:37:39.413 Disk 0 trace - called modules:
10:37:39.428 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
10:37:39.428 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800276d160]
10:37:39.444 3 CLASSPNP.SYS[fffff8800191043f] -> nt!IofCallDriver -> [0xfffffa8002257520]
10:37:39.444 5 ACPI.sys[fffff88000efc7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8002253680]
10:37:39.975 AVAST engine scan C:\Windows
10:37:42.694 AVAST engine scan C:\Windows\system32
10:40:47.758 AVAST engine scan C:\Windows\system32\drivers
10:41:01.495 AVAST engine scan C:\Users\Amy and David
11:00:36.750 AVAST engine scan C:\ProgramData
11:01:34.638 Scan finished successfully
11:11:42.502 Disk 0 MBR has been saved successfully to "C:\Users\Amy and David\Documents\David\MBR.dat"
11:11:42.518 The log file has been saved successfully to "C:\Users\Amy and David\Documents\David\aswMBR.txt"


thanks!!
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#14
truesalt

truesalt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hey Gringo, the latest

ComboFix 12-11-05.03 - Amy and David 06/11/2012 19:32:06.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2013.1120 [GMT 10:00]
Running from: c:\users\Amy and David\Desktop\ComboFix.exe
Command switches used :: c:\users\Amy and David\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 09:40 . 2012-11-06 09:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 09:40 . 2012-11-06 09:40 -------- d-----w- c:\users\David & Amy\AppData\Local\temp
2012-11-06 09:40 . 2012-11-06 09:40 -------- d-----w- c:\users\Amy n David\AppData\Local\temp
2012-11-03 22:07 . 2012-11-03 22:07 -------- d-----w- c:\programdata\Lexmark S300-S400 Series
2012-10-27 23:50 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-10-27 23:50 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-10-27 23:50 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-10-27 23:50 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-10-27 23:45 . 2012-10-27 23:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 23:44 . 2012-10-27 23:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-27 23:44 . 2012-10-27 23:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-27 23:44 . 2012-10-27 23:44 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-27 23:44 . 2012-10-27 23:44 -------- d-----w- c:\program files (x86)\Java
2012-10-27 20:55 . 2012-10-27 20:55 -------- d-----w- c:\program files (x86)\EMET
2012-10-26 11:45 . 2012-10-30 22:51 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-26 11:44 . 2012-10-30 22:51 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-26 11:44 . 2012-10-30 22:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-26 11:44 . 2012-09-21 09:26 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-25 22:02 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-25 22:02 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-25 22:02 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-25 22:02 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-25 22:02 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-25 22:01 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-25 22:01 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-10-25 22:01 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-25 21:02 . 2012-11-06 06:37 -------- d-----w- c:\users\Amy and David\AppData\Local\CrashDumps
2012-10-25 20:38 . 2012-10-25 20:38 -------- d-----w- c:\users\Amy and David\AppData\Roaming\SUPERAntiSpyware.com
2012-10-25 20:38 . 2012-11-05 19:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-25 20:38 . 2012-10-25 20:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-15 10:30 . 2012-10-15 10:30 -------- d-----w- c:\users\Amy and David\Tracing
2012-10-15 10:29 . 2012-10-15 10:29 -------- d-----w- c:\windows\en
2012-10-15 10:28 . 2012-10-15 10:28 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-10-15 10:26 . 2012-09-12 05:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-10-15 10:26 . 2012-10-15 10:26 -------- d-----w- c:\program files\Windows Live
2012-10-15 10:25 . 2012-10-15 10:28 -------- d-----w- c:\program files (x86)\Windows Live
2012-10-15 10:23 . 2010-06-01 18:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-10-15 10:23 . 2010-06-01 18:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-10-15 10:23 . 2010-06-01 18:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-10-15 10:23 . 2010-06-01 18:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-10-15 10:23 . 2010-05-26 01:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-10-15 10:23 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-10-15 10:23 . 2010-05-26 01:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-10-15 10:23 . 2010-05-26 01:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-10-15 10:22 . 2009-09-04 07:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-10-15 10:22 . 2009-09-04 07:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-10-15 10:21 . 2006-11-29 03:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-10-15 10:21 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-10-15 10:20 . 2012-10-15 10:20 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-10-15 10:20 . 2012-10-15 10:20 -------- d-----r- c:\users\Amy and David\SkyDrive
2012-10-15 10:20 . 2012-10-15 10:20 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-10-15 10:18 . 2012-10-15 10:29 -------- d-----w- c:\users\Amy and David\AppData\Local\Windows Live
2012-10-15 10:15 . 2012-10-15 10:15 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-10-13 22:51 . 2012-10-13 22:51 -------- d-----w- c:\users\Amy and David\AppData\Roaming\Malwarebytes
2012-10-13 22:51 . 2012-10-13 22:51 -------- d-----w- c:\programdata\Malwarebytes
2012-10-13 05:25 . 2012-10-14 01:45 -------- d-----w- c:\users\Amy and David\AppData\Local\ElevatedDiagnostics
2012-10-12 23:59 . 2012-10-25 22:06 -------- d-----w- c:\program files\Google
2012-10-12 23:54 . 2012-10-25 22:06 -------- d-----w- c:\program files (x86)\Google
2012-10-12 23:54 . 2012-10-14 03:46 -------- d-----w- c:\users\Amy and David\AppData\Local\Google
2012-10-12 23:53 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-12 23:52 . 2012-10-25 22:00 -------- d-----w- c:\programdata\AVAST Software
2012-10-12 23:52 . 2012-10-25 22:00 -------- d-----w- c:\program files\AVAST Software
2012-10-12 22:24 . 2012-10-12 22:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-12 22:24 . 2012-10-12 22:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-10-12 22:23 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-12 22:23 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-12 22:03 . 2012-10-25 20:20 -------- d-----w- c:\users\Amy and David\AppData\Local\NPE
2012-10-12 21:50 . 2012-10-26 08:18 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-12 21:25 . 2012-10-26 08:24 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-10-12 21:06 . 2012-10-12 21:06 -------- d-----w- c:\programdata\PCSettings
2012-10-10 00:01 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 23:59 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 23:59 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-09 23:59 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 23:59 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 23:59 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 23:59 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-09 23:59 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-09 23:59 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:13 . 2012-09-26 10:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 06:13 . 2012-09-26 10:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 14:18 . 2012-09-25 17:00 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-26 09:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-26 09:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-25 12:26 . 2012-09-25 12:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-25 12:26 . 2012-09-25 12:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-25 12:26 . 2012-09-25 12:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-25 12:26 . 2012-09-25 12:26 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-25 12:26 . 2012-09-25 12:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-25 12:26 . 2012-09-25 12:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-25 12:26 . 2012-09-25 12:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-25 12:26 . 2012-09-25 12:26 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-25 12:26 . 2012-09-25 12:26 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-25 12:26 . 2012-09-25 12:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-25 12:26 . 2012-09-25 12:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-25 12:26 . 2012-09-25 12:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-25 12:26 . 2012-09-25 12:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-25 12:26 . 2012-09-25 12:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-25 12:26 . 2012-09-25 12:26 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-25 12:26 . 2012-09-25 12:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-25 12:26 . 2012-09-25 12:26 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-25 12:26 . 2012-09-25 12:26 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-25 12:26 . 2012-09-25 12:26 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-25 12:26 . 2012-09-25 12:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-25 12:26 . 2012-09-25 12:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-25 12:26 . 2012-09-25 12:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-25 12:26 . 2012-09-25 12:26 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-25 12:26 . 2012-09-25 12:26 448512 ----a-w- c:\windows\system32\html.iec
2012-09-25 12:26 . 2012-09-25 12:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-25 12:26 . 2012-09-25 12:26 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-25 12:26 . 2012-09-25 12:26 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-25 12:26 . 2012-09-25 12:26 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-25 12:26 . 2012-09-25 12:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-25 12:26 . 2012-09-25 12:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-25 12:26 . 2012-09-25 12:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-25 12:26 . 2012-09-25 12:26 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-25 12:26 . 2012-09-25 12:26 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-25 12:26 . 2012-09-25 12:26 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-25 12:26 . 2012-09-25 12:26 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-25 12:26 . 2012-09-25 12:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-25 12:26 . 2012-09-25 12:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-25 12:26 . 2012-09-25 12:26 237056 ----a-w- c:\windows\system32\url.dll
2012-09-25 12:26 . 2012-09-25 12:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-25 12:26 . 2012-09-25 12:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-25 12:26 . 2012-09-25 12:26 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-25 12:26 . 2012-09-25 12:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-25 12:26 . 2012-09-25 12:26 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-25 12:26 . 2012-09-25 12:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-25 12:26 . 2012-09-25 12:26 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-25 12:26 . 2012-09-25 12:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-25 12:26 . 2012-09-25 12:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-25 12:26 . 2012-09-25 12:26 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-25 12:26 . 2012-09-25 12:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-25 12:26 . 2012-09-25 12:26 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-25 12:26 . 2012-09-25 12:26 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-25 12:26 . 2012-09-25 12:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-25 12:26 . 2012-09-25 12:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-25 12:26 . 2012-09-25 12:26 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-25 12:26 . 2012-09-25 12:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-25 12:26 . 2012-09-25 12:26 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-25 12:26 . 2012-09-25 12:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-25 12:26 . 2012-09-25 12:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-25 12:26 . 2012-09-25 12:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-25 12:26 . 2012-09-25 12:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-25 12:26 . 2012-09-25 12:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-25 12:26 . 2012-09-25 12:26 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-25 12:26 . 2012-09-25 12:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-25 12:26 . 2012-09-25 12:26 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-25 12:26 . 2012-09-25 12:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-25 12:26 . 2012-09-25 12:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-25 12:26 . 2012-09-25 12:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-25 12:26 . 2012-09-25 12:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-25 12:26 . 2012-09-25 12:26 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-25 12:26 . 2012-09-25 12:26 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-25 12:26 . 2012-09-25 12:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-18 14:58 . 2012-09-25 12:47 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FC32B50-CF4E-4884-B95B-89E06E21CFE5}\mpengine.dll
2012-09-12 06:07 . 2012-09-12 06:07 58368 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-09-12 05:57 . 2012-09-12 05:57 322048 ----a-w- c:\windows\WLXPGSS.SCR
2012-08-22 18:12 . 2012-09-26 21:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-26 21:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-26 21:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-26 21:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 21:16 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 03:01 . 2012-09-27 07:28 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 03:01 . 2012-08-21 03:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 03:01 . 2012-08-21 03:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 00:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-15 10:20 220632 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-15 10:20 220632 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-15 10:20 220632 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-05 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-131 revA\wirelesscm.exe [2012-9-25 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-19 98304]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-19 118784]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-25 1255736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-25 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2008-06-26 167936]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-28 695400]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 06:13]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 22:02]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 22:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-15 10:20 244696 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-15 10:20 244696 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-15 10:20 244696 ----a-w- c:\users\Amy and David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3446988377-483794562-929750911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3446988377-483794562-929750911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-06 19:43:27
ComboFix-quarantined-files.txt 2012-11-06 09:43
ComboFix2.txt 2012-11-04 04:53
ComboFix3.txt 2012-11-01 20:58
.
Pre-Run: 377,985,220,608 bytes free
Post-Run: 377,551,486,976 bytes free
.
- - End Of File - - BDACA00B3621D0FDBDEBF1D8A500C139
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
How are things doing at this time?


I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP