Jump to content

Tumbleweed88

Honorary Members
 View Profile  See their activity

  • Posts

    52

  • Joined

  • Last visited

 Content Type 

Everything posted by Tumbleweed88

  1. Tumbleweed88
    ComboFix 12-11-12.03 - Kenneth 11/12/2012 11:40:17.3.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.340 [GMT -6:00] Running from: c:\users\Kenneth\Desktop\ComboFix.exe Command switches used :: c:\users\Kenneth\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\ataport.sys --> c:\windows\System32\drivers\ataport.sys . ((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 ))))))))))))))))))))))))))))))) . . 2012-11-12 17:49 . 2012-11-12 17:49 -------- dc----w- c:\users\Kenneth\AppData\Local\temp 2012-11-12 17:49 . 2012-11-12 17:49 -------- dc----w- c:\users\Default\AppData\Local\temp 2012-11-09 22:42 . 2012-10-17 07:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86FE1D82-EB00-423E-BD2A-47D6774485D0}\mpengine.dll 2012-11-08 05:53 . 2012-11-08 05:53 -------- dc----w- c:\users\Kenneth\AppData\Roaming\Malwarebytes 2012-11-08 05:52 . 2012-11-08 05:52 -------- dc----w- c:\programdata\Malwarebytes 2012-11-08 05:52 . 2012-11-08 05:52 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-08 05:52 . 2012-09-30 01:54 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-11-08 00:14 . 2012-11-08 00:14 -------- dc----w- C:\FRST 2012-11-06 18:14 . 2012-11-06 18:14 388096 -c--a-r- c:\users\Kenneth\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-06 18:14 . 2012-11-06 18:14 -------- dc----w- c:\program files\Trend Micro 2012-11-04 01:49 . 2012-11-04 03:38 -------- dc----w- c:\programdata\Spybot - Search & Destroy 2012-11-04 01:49 . 2012-11-04 01:52 -------- dc----w- c:\program files\Spybot - Search & Destroy 2012-11-03 06:56 . 2012-11-04 00:31 -------- dc----w- c:\program files\Eusing Free Registry Defrag 2012-11-03 06:50 . 2012-11-03 06:55 -------- dc----w- c:\program files\Eusing Free Registry Cleaner 2012-11-03 00:56 . 2012-11-03 00:56 -------- dc----w- c:\users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com 2012-11-03 00:55 . 2012-11-03 00:56 -------- dc----w- c:\program files\SUPERAntiSpyware 2012-11-03 00:55 . 2012-11-03 00:55 -------- dc----w- c:\programdata\SUPERAntiSpyware.com 2012-10-31 19:22 . 2012-11-03 03:16 -------- dc----w- c:\programdata\D852ADD2F4338B3B0000D851D58690AD . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 21:35 . 2012-06-11 21:41 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 21:35 . 2011-09-09 17:56 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-13 13:28 . 2012-10-10 20:49 2048 -c--a-w- c:\windows\system32\tzres.dll 2012-08-29 11:27 . 2012-10-10 20:49 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 20:49 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 15:53 . 2012-10-10 20:49 172544 -c--a-w- c:\windows\system32\wintrust.dll 2012-08-24 06:59 . 2012-09-23 08:02 1800704 -c--a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-23 08:02 1129472 -c--a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-23 08:02 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 08:02 142848 -c--a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 08:02 420864 -c--a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-23 08:02 2382848 -c--a-w- c:\windows\system32\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Skytel"="Skytel.exe" [2007-06-15 1826816] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Kenneth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher] 2007-02-02 18:05 1261568 -c--a-w- c:\program files\Acer Assist\launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration] 2007-02-02 19:24 3383296 -c--a-w- c:\program files\Acer Registration\ACE1.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-05-22 22:49 151552 -c--a-w- c:\acer\AcerTour\Reminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-12 01:13 141848 -c--a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-07-16 05:51 768520 -c--a-w- c:\progra~1\LAUNCH~1\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2012-05-25 09:25 6595928 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-06-22 01:25 155648 -c--a-w- c:\program files\Acer\Acer Arcade\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 10:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 -c--a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 -c--a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 21:35] . 2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51] . 2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.google.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.us.acer.yahoo.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-36917629.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-12 11:49 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3020) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll . Completion time: 2012-11-12 11:53:23 ComboFix-quarantined-files.txt 2012-11-12 17:53 ComboFix2.txt 2012-11-06 22:16 . Pre-Run: 10,332,848,128 bytes free Post-Run: 10,046,468,096 bytes free . - - End Of File - - 00F9936B3A520E9B9B6B281FD3EC211C
  2. Tumbleweed88
    SystemLook 30.07.11 by jpshortstuff Log created at 10:39 on 12/11/2012 by Kenneth Administrator - Elevation successful ========== filefind ========== Searching for "ataport*" C:\Windows\System32\drivers\ataport.sys --a--c- 109032 bytes [23:39 18/02/2010] [06:32 11/04/2009] 64B0052340B8EC28FA8A56B708AE71CC C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\ataport.sys --a---- 109624 bytes [18:32 23/07/2009] [18:32 23/07/2009] A928BBCA9235AC328953B34CA0C1F5A0 C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\ataport.sys --a---- 109032 bytes [23:39 18/02/2010] [06:32 11/04/2009] 64B0052340B8EC28FA8A56B708AE71CC C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\ataport.sys --a---- 107112 bytes [10:25 02/11/2006] [09:50 02/11/2006] BF1DC83332EDFDCFACB1BE080E119655 C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\ataport.sys --a---- 110136 bytes [23:08 03/08/2009] [07:43 19/01/2008] D1C03AE69C29E239FC8000C5C0DEA709 C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\ataport.sys --a---- 109624 bytes [18:32 23/07/2009] [18:32 23/07/2009] A928BBCA9235AC328953B34CA0C1F5A0 C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\ataport.sys --a---- 110136 bytes [18:32 23/07/2009] [18:32 23/07/2009] 5BD29D71B0C25CA021FC55F0710884D7 C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\ataport.sys --a--c- 110136 bytes [23:08 03/08/2009] [07:43 19/01/2008] D1C03AE69C29E239FC8000C5C0DEA709 C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\ataport.sys --a--c- 109032 bytes [23:39 18/02/2010] [06:32 11/04/2009] 64B0052340B8EC28FA8A56B708AE71CC -= EOF =-
  3. Tumbleweed88
    No malware was found.
  4. Tumbleweed88
    ok, i sure want to get this wrapped up
  5. Tumbleweed88
    Here is the file you wanted MBRDUMP.txt
  6. Tumbleweed88
    Any more ideas or do I need to delete everything and put a fresh installation on the laptop?
  7. Tumbleweed88
    aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-09 09:28:13 ----------------------------- 09:28:13.778 OS Version: Windows 6.0.6002 Service Pack 2 09:28:13.793 Number of processors: 1 586 0x1601 09:28:13.793 ComputerName: HOME-PC UserName: Kenneth 09:28:38.613 Initialize success 09:28:40.126 AVAST engine defs: 12110801 09:29:07.301 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 09:29:07.301 Disk 0 Vendor: TOSHIBA_MK8046GSX LB313J Size: 76319MB BusType: 3 09:29:07.317 Disk 0 MBR read successfully 09:29:07.333 Disk 0 MBR scan 09:29:07.348 Disk 0 unknown MBR code 09:29:07.364 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63 09:29:07.442 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 33294 MB offset 20467712 09:29:07.473 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 33030 MB offset 88653824 09:29:07.504 Disk 0 scanning sectors +156299264 09:29:07.582 Disk 0 scanning C:\Windows\system32\drivers 09:29:23.260 Service scanning 09:29:55.677 Modules scanning 09:30:06.566 Disk 0 trace - called modules: 09:30:07.112 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys 09:30:07.127 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8435dac8] 09:30:07.127 3 CLASSPNP.SYS[861c38b3] -> nt!IofCallDriver -> [0x83bfeaa0] 09:30:07.143 5 acpi.sys[85a4d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x83bc3030] 09:30:07.502 AVAST engine scan C:\Windows 09:30:10.747 AVAST engine scan C:\Windows\system32 09:32:51.255 AVAST engine scan C:\Windows\system32\drivers 09:33:05.030 AVAST engine scan C:\Users\Kenneth 09:34:09.380 AVAST engine scan C:\ProgramData 09:34:30.315 Scan finished successfully 09:36:07.903 Disk 0 MBR has been saved successfully to "F:\MBR.dat" 09:36:07.919 The log file has been saved successfully to "F:\aswMBR.txt"
  8. Tumbleweed88
    if you want me to run it in safemode again, I will
  9. Tumbleweed88
    We already ran MBAM in safe mode sucessfully and I posted the log, back on page one.
  10. Tumbleweed88
    Here is the attach log........... . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-05.02) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume2 Install Date: 1/21/2008 2:49:45 PM System Uptime: 11/8/2012 2:24:14 PM (0 hours ago) . Motherboard: Acer | | Acadia Processor: Intel® Celeron® CPU 540 @ 1.86GHz | uPGA-478 | 1862/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 33 GiB total, 11.574 GiB free. D: is FIXED (NTFS) - 32 GiB total, 32.127 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP556: 11/6/2012 3:55:49 PM - ComboFix created restore point RP557: 11/6/2012 4:18:09 PM - Windows Update RP558: 11/7/2012 7:07:17 PM - Scheduled Checkpoint RP559: 11/7/2012 10:35:15 PM - OTL Restore Point - 11/7/2012 10:35:14 PM . ==== Installed Programs ====================== . Acer Arcade Acer Assist Acer eDataSecurity Management Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer Mobility Center Plug-In Acer Registration Acer ScreenSaver Acer Tour Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 11 ActiveX Adobe Reader 8.1.3 Agere Systems HDA Modem ALPS Touch Pad Driver AusLogics Disk Defrag avast! Free Antivirus Bejeweled 2 Deluxe Canon MP280 series MP Drivers CCleaner (remove only) Eusing Free Registry Cleaner Google Chrome Google Update Helper HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Java 6 Update 17 LightScribe 1.4.142.1 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Meeting 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PowerProducer 3.72 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Spybot - Search & Destroy SpywareBlaster 4.3 SUPERAntiSpyware TimeLineRemove 0.9 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Office 2007 (KB934528) Update for Office System 2007 Setup (KB929722) VLC media player 1.1.0 Yahoo! BrowserPlus 2.9.8 Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 11/8/2012 12:07:18 AM, Error: EventLog [6008] - The previous system shutdown at 11:56:47 PM on 11/7/2012 was unexpected. 11/7/2012 10:12:44 PM, Error: EventLog [6008] - The previous system shutdown at 10:08:28 PM on 11/7/2012 was unexpected. 11/6/2012 9:36:36 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6 ws2ifsl 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 11/6/2012 9:36:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/6/2012 9:36:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/6/2012 9:36:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/6/2012 9:35:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/6/2012 9:35:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/6/2012 9:35:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/6/2012 9:35:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/6/2012 8:15:28 PM, Error: EventLog [6008] - The previous system shutdown at 8:12:43 PM on 11/6/2012 was unexpected. 11/6/2012 7:26:30 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/6/2012 7:16:05 PM, Error: Service Control Manager [7034] - The MobilityService service terminated unexpectedly. It has done this 1 time(s). 11/6/2012 7:13:59 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s). 11/6/2012 3:15:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 11/6/2012 3:15:28 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 11/6/2012 3:15:28 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 11/6/2012 2:19:54 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 11/6/2012 12:49:49 PM, Error: EventLog [6008] - The previous system shutdown at 12:40:22 PM on 11/6/2012 was unexpected. 11/6/2012 11:53:49 AM, Error: EventLog [6008] - The previous system shutdown at 11:39:38 PM on 11/5/2012 was unexpected. 11/6/2012 11:15:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 11/6/2012 11:15:40 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). 11/6/2012 11:15:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 11/6/2012 11:15:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/6/2012 11:15:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/5/2012 11:27:44 PM, Error: EventLog [6008] - The previous system shutdown at 10:20:24 PM on 11/5/2012 was unexpected. 11/4/2012 9:26:31 PM, Error: EventLog [6008] - The previous system shutdown at 11:24:37 PM on 11/3/2012 was unexpected. 11/3/2012 8:35:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ALaunch Service service to connect. 11/3/2012 7:43:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 11/3/2012 7:43:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service. 11/3/2012 7:38:00 PM, Error: EventLog [6008] - The previous system shutdown at 7:36:37 PM on 11/3/2012 was unexpected. 11/3/2012 2:48:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6 11/3/2012 2:48:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/3/2012 2:48:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/3/2012 2:47:20 PM, Error: EventLog [6008] - The previous system shutdown at 2:44:37 PM on 11/3/2012 was unexpected. 11/3/2012 2:24:01 PM, Error: EventLog [6008] - The previous system shutdown at 2:22:14 PM on 11/3/2012 was unexpected. 11/3/2012 12:25:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi SASDIFSV SASKUTIL spldr Wanarpv6 11/2/2012 6:41:01 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.2 for the Network Card with network address 001F3A0A5D4E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 11/2/2012 6:37:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6 11/2/2012 4:23:00 PM, Error: EventLog [6008] - The previous system shutdown at 4:15:03 PM on 11/2/2012 was unexpected. 11/2/2012 4:12:48 PM, Error: EventLog [6008] - The previous system shutdown at 8:49:17 PM on 10/31/2012 was unexpected. 11/2/2012 11:05:41 PM, Error: EventLog [6008] - The previous system shutdown at 11:02:56 PM on 11/2/2012 was unexpected. . ==== End Of File ===========================
  11. Tumbleweed88
    Here is the DDS log................. DDS (Ver_2012-11-05.02) - NTFS_x86 Internet Explorer: 9.0.8112.16450 Run by Kenneth at 14:33:43 on 2012-11-08 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.300 [GMT -6:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\system32\agrsmsvc.exe C:\Acer\ALaunch\ALaunchSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Users\Kenneth\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.google.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.us.acer.yahoo.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [skytel] Skytel.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{8E28C7F8-15AB-45F2-8A8F-BB7E65AC0FEB} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{FBC7A79D-EB01-474E-8F43-C9A92D8CA7D1} : DHCPNameServer = 172.16.0.1 Notify: igfxcui - igfxdev.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-19 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-9-21 337880] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-7-31 50688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-21 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-21 57688] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-19 44768] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-8-3 21504] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-7 40776] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-11-08 05:53:08 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-11-08 05:53:08 -------- dc----w- c:\users\kenneth\appdata\roaming\Malwarebytes 2012-11-08 05:52:56 -------- dc----w- c:\programdata\Malwarebytes 2012-11-08 05:52:33 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-11-08 05:52:33 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-08 00:14:27 -------- dc----w- C:\FRST 2012-11-07 01:29:59 -------- dcsh--w- C:\$RECYCLE.BIN 2012-11-07 01:29:50 -------- dc----w- c:\users\kenneth\appdata\local\temp 2012-11-06 22:24:19 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{78620410-7ef8-49e9-8980-da79f291e3d1}\mpengine.dll 2012-11-06 22:18:46 6918632 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll 2012-11-06 21:55:34 98816 -c--a-w- c:\windows\sed.exe 2012-11-06 21:55:34 256000 -c--a-w- c:\windows\PEV.exe 2012-11-06 21:55:34 208896 -c--a-w- c:\windows\MBR.exe 2012-11-06 18:14:16 388096 -c--a-r- c:\users\kenneth\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-11-06 18:14:13 -------- dc----w- c:\program files\Trend Micro 2012-11-04 01:49:37 -------- dc----w- c:\programdata\Spybot - Search & Destroy 2012-11-04 01:49:37 -------- dc----w- c:\program files\Spybot - Search & Destroy 2012-11-03 06:56:07 -------- dc----w- c:\program files\Eusing Free Registry Defrag 2012-11-03 06:50:21 -------- dc----w- c:\program files\Eusing Free Registry Cleaner 2012-11-03 00:56:16 -------- dc----w- c:\users\kenneth\appdata\roaming\SUPERAntiSpyware.com 2012-11-03 00:55:50 -------- dc----w- c:\programdata\SUPERAntiSpyware.com 2012-11-03 00:55:50 -------- dc----w- c:\program files\SUPERAntiSpyware 2012-10-31 19:22:11 -------- dc----w- c:\programdata\D852ADD2F4338B3B0000D851D58690AD 2012-10-10 20:50:08 985088 -c--a-w- c:\windows\system32\crypt32.dll 2012-10-10 20:50:06 98304 -c--a-w- c:\windows\system32\cryptnet.dll 2012-10-10 20:50:06 133120 -c--a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 20:49:41 172544 -c--a-w- c:\windows\system32\wintrust.dll 2012-10-10 20:49:33 2048 -c--a-w- c:\windows\system32\tzres.dll 2012-10-10 20:49:16 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 20:49:15 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe . ==================== Find3M ==================== . 2012-10-09 21:35:34 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 21:35:34 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-24 06:59:17 1800704 -c--a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 -c--a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 -c--a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 -c--a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 -c--a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 14:34:48.89 ===============
  12. Tumbleweed88
    14:29:34.0030 3912 [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll 14:29:34.0030 3912 C:\Windows\System32\wsdchngr.dll - ok 14:29:34.0046 3912 [ 218B73EA8341EA9FDF018D43052E790A ] C:\Windows\System32\mssrch.dll 14:29:34.0046 3912 C:\Windows\System32\mssrch.dll - ok 14:29:34.0046 3912 [ AAB5FEAABF4CB6F76D794203831C8D94 ] C:\Windows\System32\msidle.dll 14:29:34.0046 3912 C:\Windows\System32\msidle.dll - ok 14:29:34.0061 3912 [ 4B72B5B342ADA4DE8DEEA39CCE465B58 ] C:\Windows\System32\WUDFx.dll 14:29:34.0061 3912 C:\Windows\System32\WUDFx.dll - ok 14:29:34.0077 3912 [ 2E579520E114A9CA309F13BF40AD8292 ] C:\Windows\System32\drivers\XAudio.sys 14:29:34.0077 3912 C:\Windows\System32\drivers\XAudio.sys - ok 14:29:34.0077 3912 [ 119A487B94FCB54D5154EBFBFA124755 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll 14:29:34.0077 3912 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok 14:29:34.0092 3912 [ B458B58F7BB97C48D01AC3CF5805AAAC ] C:\Windows\System32\Query.dll 14:29:34.0092 3912 C:\Windows\System32\Query.dll - ok 14:29:34.0108 3912 [ F82FC2C30A19442B95AE554215837C46 ] C:\Windows\System32\drivers\XAudio.exe 14:29:34.0108 3912 C:\Windows\System32\drivers\XAudio.exe - ok 14:29:34.0108 3912 [ B2B117BD8D1EA80536CDD91797EF4A0A ] C:\Windows\System32\PortableDeviceClassExtension.dll 14:29:34.0108 3912 C:\Windows\System32\PortableDeviceClassExtension.dll - ok 14:29:34.0124 3912 [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\Windows\System32\PortableDeviceTypes.dll 14:29:34.0124 3912 C:\Windows\System32\PortableDeviceTypes.dll - ok 14:29:34.0139 3912 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 14:29:34.0139 3912 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe - ok 14:29:34.0139 3912 [ B8A21907FE2F1A113F3487D9AB60BEF9 ] C:\Windows\System32\en-US\tquery.dll.mui 14:29:34.0139 3912 C:\Windows\System32\en-US\tquery.dll.mui - ok 14:29:34.0155 3912 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll 14:29:34.0155 3912 C:\Windows\System32\esent.dll - ok 14:29:34.0170 3912 [ F85134BF76CB335A39F8D7BC4173D4FB ] C:\Windows\System32\msscb.dll 14:29:34.0170 3912 C:\Windows\System32\msscb.dll - ok 14:29:34.0170 3912 [ 746724540BD4B618B89F8A614A02F50D ] C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe 14:29:34.0186 3912 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe - ok 14:29:34.0202 3912 [ 28B3D45B0CB49F24157E92D90BF343C1 ] C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll 14:29:34.0202 3912 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll - ok 14:29:34.0202 3912 [ 3D184410EF5EE017E186AC96181B3FF8 ] C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 14:29:34.0202 3912 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe - ok 14:29:34.0217 3912 [ 6B46E837EC3FF448A0665DC86C5208DC ] C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll 14:29:34.0217 3912 C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll - ok 14:29:34.0233 3912 [ 237C6256B2E4D3015E4F42F4A6539784 ] C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll 14:29:34.0233 3912 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll - ok 14:29:34.0233 3912 [ DADAD303DC0871591997A05CAAB891AE ] C:\Acer\Empowering Technology\eRecovery\IERYETF.dll 14:29:34.0233 3912 C:\Acer\Empowering Technology\eRecovery\IERYETF.dll - ok 14:29:34.0248 3912 [ DCA768724878D1177034691517EF9B91 ] C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 14:29:34.0248 3912 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe - ok 14:29:34.0264 3912 [ 5F3BD963F02108C36592B5728FA725C5 ] C:\Acer\Empowering Technology\eSettings\Service\log4net.dll 14:29:34.0264 3912 C:\Acer\Empowering Technology\eSettings\Service\log4net.dll - ok 14:29:34.0280 3912 [ B8876BBA284DFEC2311D7694483AB8AE ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll 14:29:34.0280 3912 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll - ok 14:29:34.0280 3912 [ 99495E46CBF87F1C1FF3E57C069D0A8D ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll 14:29:34.0280 3912 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll - ok 14:29:34.0295 3912 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll 14:29:34.0295 3912 C:\Windows\System32\netprofm.dll - ok 14:29:34.0311 3912 [ 2CEC6C4F56DA7EE2A3AA0FBEFEA8F6CC ] C:\Acer\Empowering Technology\eSettings\Service\esettings.model.computer.dll 14:29:34.0311 3912 C:\Acer\Empowering Technology\eSettings\Service\esettings.model.computer.dll - ok 14:29:34.0326 3912 [ EE80AC462A171DBF06EEB2058B5D3BC6 ] C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 14:29:34.0326 3912 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe - ok 14:29:34.0326 3912 [ C5333E9A6992EB4BD5D2592EFC0DCC03 ] C:\Acer\Empowering Technology\eSettings\Service\esettings.model.computerinterfaces.dll 14:29:34.0326 3912 C:\Acer\Empowering Technology\eSettings\Service\esettings.model.computerinterfaces.dll - ok 14:29:34.0342 3912 [ BF7E4D6F60A6D9E866432855C6F8C262 ] C:\Windows\System32\sqmapi.dll 14:29:34.0342 3912 C:\Windows\System32\sqmapi.dll - ok 14:29:34.0358 3912 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll 14:29:34.0358 3912 C:\Windows\System32\npmproxy.dll - ok 14:29:34.0358 3912 [ CAE6861B19A2A7E5D42FEFC4DFDF5CCF ] C:\Acer\Empowering Technology\ePower\msvcm80.dll 14:29:34.0358 3912 C:\Acer\Empowering Technology\ePower\msvcm80.dll - ok 14:29:34.0373 3912 [ 1D6B95871DC006190964B04E5657E35F ] C:\Windows\System32\rastapi.dll 14:29:34.0373 3912 C:\Windows\System32\rastapi.dll - ok 14:29:34.0389 3912 [ 5A6BFE723CF0E6E39021CDC01CA57EED ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll 14:29:34.0389 3912 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll - ok 14:29:34.0404 3912 [ 442E9FBBEEBD916519D8381BC2F71EA9 ] C:\Acer\Empowering Technology\ePower\WMIInterface.dll 14:29:34.0404 3912 C:\Acer\Empowering Technology\ePower\WMIInterface.dll - ok 14:29:34.0404 3912 [ 35A936C7C029A5B705D3FFD40518D660 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll 14:29:34.0404 3912 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok 14:29:34.0420 3912 [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll 14:29:34.0420 3912 C:\Windows\System32\hnetcfg.dll - ok 14:29:34.0436 3912 [ 9FCDF2C23E3B7B0C6C9DD2E1D080058F ] C:\Acer\Empowering Technology\ePower\CompileMOF.exe 14:29:34.0436 3912 C:\Acer\Empowering Technology\ePower\CompileMOF.exe - ok 14:29:34.0436 3912 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll 14:29:34.0436 3912 C:\Windows\System32\wbem\wbemprox.dll - ok 14:29:34.0451 3912 [ B96B60EC821F86D445C9739A0F3DED59 ] C:\Windows\System32\unimdm.tsp 14:29:34.0451 3912 C:\Windows\System32\unimdm.tsp - ok 14:29:34.0467 3912 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll 14:29:34.0467 3912 C:\Windows\System32\wbem\wbemcore.dll - ok 14:29:34.0482 3912 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll 14:29:34.0482 3912 C:\Windows\System32\wbem\wmiutils.dll - ok 14:29:34.0482 3912 [ DFBAADF1B624DC71E88D34D86B3595BE ] C:\Windows\System32\uniplat.dll 14:29:34.0482 3912 C:\Windows\System32\uniplat.dll - ok 14:29:34.0498 3912 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll 14:29:34.0498 3912 C:\Windows\System32\wbem\esscli.dll - ok 14:29:34.0514 3912 [ 0B71899E60D1265229BF3D080EAB573D ] C:\Windows\System32\unimdmat.dll 14:29:34.0514 3912 C:\Windows\System32\unimdmat.dll - ok 14:29:34.0514 3912 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll 14:29:34.0514 3912 C:\Windows\System32\wbem\fastprox.dll - ok 14:29:34.0529 3912 [ 2E837F3D406224DF131C34BC8F71621E ] C:\Windows\System32\modemui.dll 14:29:34.0529 3912 C:\Windows\System32\modemui.dll - ok 14:29:34.0545 3912 [ 6B01DAD4CB6B2BB507A268DD0DFEF04F ] C:\Windows\System32\igfxdev.dll 14:29:34.0545 3912 C:\Windows\System32\igfxdev.dll - ok 14:29:34.0560 3912 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll 14:29:34.0560 3912 C:\Windows\System32\wbem\wbemsvc.dll - ok 14:29:34.0560 3912 [ 953193A9DEA40348C1086D171F6440AE ] C:\Windows\System32\kmddsp.tsp 14:29:34.0560 3912 C:\Windows\System32\kmddsp.tsp - ok 14:29:34.0576 3912 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll 14:29:34.0576 3912 C:\Windows\System32\wbem\repdrvfs.dll - ok 14:29:34.0592 3912 [ 2F6776ACEFE41EE889C464EA407918F2 ] C:\Windows\System32\ndptsp.tsp 14:29:34.0592 3912 C:\Windows\System32\ndptsp.tsp - ok 14:29:34.0592 3912 [ B4B59AC042EE3733A862F26CBC0B17FC ] C:\Windows\System32\hidphone.tsp 14:29:34.0592 3912 C:\Windows\System32\hidphone.tsp - ok 14:29:34.0607 3912 [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\Windows\System32\rasppp.dll 14:29:34.0607 3912 C:\Windows\System32\rasppp.dll - ok 14:29:34.0623 3912 [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\Windows\System32\mprapi.dll 14:29:34.0623 3912 C:\Windows\System32\mprapi.dll - ok 14:29:34.0623 3912 [ 88225070DD2F7B0B2ED51E7935078641 ] C:\Windows\System32\rasqec.dll 14:29:34.0623 3912 C:\Windows\System32\rasqec.dll - ok 14:29:34.0638 3912 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll 14:29:34.0638 3912 C:\Windows\System32\wbem\WmiPrvSD.dll - ok 14:29:34.0654 3912 [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll 14:29:34.0654 3912 C:\Windows\System32\wbem\wbemess.dll - ok 14:29:34.0670 3912 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\System32\cryptui.dll 14:29:34.0670 3912 C:\Windows\System32\cryptui.dll - ok 14:29:34.0670 3912 [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll 14:29:34.0670 3912 C:\Windows\System32\netshell.dll - ok 14:29:34.0685 3912 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe 14:29:34.0685 3912 C:\Windows\System32\wbem\WmiPrvSE.exe - ok 14:29:34.0701 3912 [ F723422A11CD6FA13036746272200993 ] C:\Windows\System32\wbem\cimwin32.dll 14:29:34.0701 3912 C:\Windows\System32\wbem\cimwin32.dll - ok 14:29:34.0701 3912 [ 67BB7141F7F5F37411F796943B3418B6 ] C:\Windows\System32\framedynos.dll 14:29:34.0701 3912 C:\Windows\System32\framedynos.dll - ok 14:29:34.0716 3912 [ DF024533734BD9899C61CF76ED571E6B ] C:\Acer\Empowering Technology\eRecovery\MBRwrWin.exe 14:29:34.0716 3912 C:\Acer\Empowering Technology\eRecovery\MBRwrWin.exe - ok 14:29:34.0732 3912 [ 10DE220BDFE330073762F89974DB8403 ] C:\Windows\System32\wbem\wmiprov.dll 14:29:34.0732 3912 C:\Windows\System32\wbem\wmiprov.dll - ok 14:29:34.0748 3912 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll 14:29:34.0748 3912 C:\Windows\System32\wmi.dll - ok 14:29:34.0748 3912 [ 8274C87726D4561EE8750D883764ACC1 ] C:\Windows\System32\wbem\unsecapp.exe 14:29:34.0748 3912 C:\Windows\System32\wbem\unsecapp.exe - ok 14:29:34.0763 3912 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll 14:29:34.0763 3912 C:\Windows\System32\wbem\NCProv.dll - ok 14:29:34.0779 3912 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll 14:29:34.0779 3912 C:\Windows\System32\wbem\wbemcons.dll - ok 14:29:34.0779 3912 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll 14:29:34.0794 3912 C:\Windows\System32\diagperf.dll - ok 14:29:34.0794 3912 [ FEA6D21F78922D641A0C9346D885133B ] C:\Windows\System32\mssprxy.dll 14:29:34.0794 3912 C:\Windows\System32\mssprxy.dll - ok 14:29:34.0810 3912 [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll 14:29:34.0810 3912 C:\Windows\System32\pcadm.dll - ok 14:29:34.0826 3912 [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll 14:29:34.0826 3912 C:\Windows\System32\pnpts.dll - ok 14:29:34.0826 3912 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe 14:29:34.0826 3912 C:\Windows\System32\runonce.exe - ok 14:29:34.0841 3912 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe 14:29:34.0841 3912 C:\Windows\System32\cmd.exe - ok 14:29:34.0857 3912 [ 0BA3F31E2B4D8D99DF8DD19E81155374 ] C:\Windows\System32\ieframe.dll 14:29:34.0857 3912 C:\Windows\System32\ieframe.dll - ok 14:29:34.0857 3912 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Kenneth\AppData\Local\temp\F22F7FCF-647E-49EC-B05D-AC5D90E2B3EA.exe 14:29:34.0857 3912 C:\Users\Kenneth\AppData\Local\temp\F22F7FCF-647E-49EC-B05D-AC5D90E2B3EA.exe - ok 14:29:34.0872 3912 [ 98638A4CA187245C469DA0DEC4F04A45 ] C:\Windows\System32\pautoenr.dll 14:29:34.0872 3912 C:\Windows\System32\pautoenr.dll - ok 14:29:34.0888 3912 [ AC48FD62E22C4425879FCA5A63F50497 ] C:\Windows\System32\certcli.dll 14:29:34.0888 3912 C:\Windows\System32\certcli.dll - ok 14:29:34.0904 3912 [ 0053319C4438CDE659AA75C19BBD22F1 ] C:\Windows\System32\CertEnroll.dll 14:29:34.0904 3912 C:\Windows\System32\CertEnroll.dll - ok 14:29:34.0919 3912 [ 9441A231C0AA0712F7CF3B10D9CFCF76 ] C:\Windows\System32\wmploc.DLL 14:29:34.0919 3912 C:\Windows\System32\wmploc.DLL - ok 14:29:34.0919 3912 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe 14:29:34.0919 3912 C:\Windows\System32\ie4uinit.exe - ok 14:29:34.0935 3912 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll 14:29:34.0935 3912 C:\Windows\System32\iedkcs32.dll - ok 14:29:34.0950 3912 [ 4CF66D8014ECB3BF517E38C5B90AAC74 ] C:\Windows\System32\themeui.dll 14:29:34.0950 3912 C:\Windows\System32\themeui.dll - ok 14:29:34.0950 3912 [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl 14:29:34.0950 3912 C:\Windows\System32\timedate.cpl - ok 14:29:34.0966 3912 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll 14:29:34.0966 3912 C:\Windows\System32\actxprxy.dll - ok 14:29:34.0982 3912 [ 57CF7F07E92195E84AB41B2F96FF627F ] C:\Windows\System32\unregmp2.exe 14:29:34.0982 3912 C:\Windows\System32\unregmp2.exe - ok 14:29:34.0997 3912 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll 14:29:34.0997 3912 C:\Windows\System32\msshsq.dll - ok 14:29:34.0997 3912 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\05004278.sys 14:29:35.0013 3912 C:\Windows\System32\drivers\05004278.sys - ok 14:29:35.0013 3912 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll 14:29:35.0013 3912 C:\Windows\System32\NaturalLanguage6.dll - ok 14:29:35.0028 3912 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll 14:29:35.0028 3912 C:\Windows\System32\NlsData0009.dll - ok 14:29:35.0044 3912 [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll 14:29:35.0044 3912 C:\Windows\System32\NlsLexicons0009.dll - ok 14:29:35.0044 3912 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll 14:29:35.0044 3912 C:\Windows\System32\riched20.dll - ok 14:29:35.0060 3912 [ A5CBDC87E694154F90DBA134733E7E8B ] C:\Windows\System32\brcpl.dll 14:29:35.0060 3912 C:\Windows\System32\brcpl.dll - ok 14:29:35.0075 3912 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll 14:29:35.0075 3912 C:\Windows\System32\linkinfo.dll - ok 14:29:35.0075 3912 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\System32\msiltcfg.dll 14:29:35.0075 3912 C:\Windows\System32\msiltcfg.dll - ok 14:29:35.0091 3912 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll 14:29:35.0091 3912 C:\Windows\System32\networkexplorer.dll - ok 14:29:35.0106 3912 [ 4C96E5B53EAF63BCBEA6FA79C9A0AE59 ] C:\Windows\System32\VAN.dll 14:29:35.0106 3912 C:\Windows\System32\VAN.dll - ok 14:29:35.0106 3912 [ D8510C2D48496B6C336E816FD67AA0F7 ] C:\Program Files\Google\Chrome\Application\chrome.exe 14:29:35.0106 3912 C:\Program Files\Google\Chrome\Application\chrome.exe - ok 14:29:35.0122 3912 [ 5016B8FC59AD616F03813FBE63295081 ] C:\Windows\System32\thumbcache.dll 14:29:35.0122 3912 C:\Windows\System32\thumbcache.dll - ok 14:29:35.0138 3912 [ E090EE780714E376062198C6625D5B51 ] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe 14:29:35.0138 3912 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe - ok 14:29:35.0153 3912 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll 14:29:35.0153 3912 C:\Windows\System32\ntshrui.dll - ok 14:29:35.0153 3912 [ F9F9E7F0D4EBAC06334C9BF76C9E11B4 ] C:\Windows\System32\sud.dll 14:29:35.0153 3912 C:\Windows\System32\sud.dll - ok 14:29:35.0169 3912 [ 5F2E074D17B878461115B1005C817218 ] C:\Program Files\Google\Chrome\Application\23.0.1271.64\Installer\setup.exe 14:29:35.0169 3912 C:\Program Files\Google\Chrome\Application\23.0.1271.64\Installer\setup.exe - ok 14:29:35.0184 3912 [ 482CBA6D1C944A314AC9715F6754DF79 ] C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe 14:29:35.0184 3912 C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe - ok 14:29:35.0184 3912 [ B150D1BCB625600479EEBA51811E33CB ] C:\Program Files\Apoint2K\Apoint.exe 14:29:35.0184 3912 C:\Program Files\Apoint2K\Apoint.exe - ok 14:29:35.0200 3912 [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll 14:29:35.0200 3912 C:\Windows\System32\ExplorerFrame.dll - ok 14:29:35.0216 3912 [ 62DB790A860CDFC4278D2F03CC5675D8 ] C:\Program Files\Windows Defender\MsMpRes.dll 14:29:35.0216 3912 C:\Program Files\Windows Defender\MsMpRes.dll - ok 14:29:35.0231 3912 [ A659F31AC25418738351E5BDF4C85780 ] C:\Windows\RtHDVCpl.exe 14:29:35.0231 3912 C:\Windows\RtHDVCpl.exe - ok 14:29:35.0231 3912 [ 69FD110DB660FA0B9B48332B2CF8169A ] C:\Program Files\Windows Mail\MSOERES.dll 14:29:35.0231 3912 C:\Program Files\Windows Mail\MSOERES.dll - ok 14:29:35.0247 3912 [ 57D9FE1192DAD3F26C1947ACF16D7990 ] C:\Program Files\Windows Collaboration\WinCollabRes.dll 14:29:35.0247 3912 C:\Program Files\Windows Collaboration\WinCollabRes.dll - ok 14:29:35.0262 3912 [ D373E15EB5E2E463EF01CF7BD8D7A1DF ] C:\Windows\SkyTel.exe 14:29:35.0262 3912 C:\Windows\SkyTel.exe - ok 14:29:35.0278 3912 [ 7E6EA9CB72B5DE84A5D700BED877E5F9 ] C:\Program Files\Windows Mail\WinMail.exe 14:29:35.0278 3912 C:\Program Files\Windows Mail\WinMail.exe - ok 14:29:35.0278 3912 [ 5BE5DF4E88A0E0BCD835D7AB25900FFC ] C:\Program Files\Windows Photo Gallery\PhotoLibraryResources.dll 14:29:35.0278 3912 C:\Program Files\Windows Photo Gallery\PhotoLibraryResources.dll - ok 14:29:35.0294 3912 [ 285C594C4913FA9DC7BB6BA3AD6F101A ] C:\Windows\System32\wucltux.dll 14:29:35.0294 3912 C:\Windows\System32\wucltux.dll - ok 14:29:35.0309 3912 [ B9876A758B370FF98E21B95A855BFE9B ] C:\Windows\System32\ADMIN_CLASS_LIB.dll 14:29:35.0309 3912 C:\Windows\System32\ADMIN_CLASS_LIB.dll - ok 14:29:35.0325 3912 [ 7FB028FC63500DBF387E96E44273389A ] C:\Program Files\Movie Maker\MOVIEMK.dll 14:29:35.0325 3912 C:\Program Files\Movie Maker\MOVIEMK.dll - ok 14:29:35.0325 3912 [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll 14:29:35.0325 3912 C:\Windows\System32\stobject.dll - ok 14:29:35.0340 3912 [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll 14:29:35.0340 3912 C:\Windows\System32\batmeter.dll - ok 14:29:35.0356 3912 [ 84B8827562B005C118CADBA0F25DB2C6 ] C:\Windows\System32\dsound.dll 14:29:35.0356 3912 C:\Windows\System32\dsound.dll - ok 14:29:35.0356 3912 [ 782FEF655DBF8653C9F2722BEBF7A8A6 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe 14:29:35.0356 3912 C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok 14:29:35.0372 3912 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe 14:29:35.0372 3912 C:\Windows\System32\control.exe - ok 14:29:35.0387 3912 [ D1AE45D7186FC463F345CF101EBB81E3 ] C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE 14:29:35.0387 3912 C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE - ok 14:29:35.0387 3912 [ 69A6F66E921AE6A6814F021F7E9FA1D0 ] C:\Windows\System32\keyManager.dll 14:29:35.0387 3912 C:\Windows\System32\keyManager.dll - ok 14:29:35.0403 3912 [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll 14:29:35.0403 3912 C:\Windows\System32\SndVolSSO.dll - ok 14:29:35.0418 3912 [ 26DE50A7F668F541B8130A0E26EFF3D8 ] C:\Program Files\Microsoft Works\MSWorks.exe 14:29:35.0418 3912 C:\Program Files\Microsoft Works\MSWorks.exe - ok 14:29:35.0418 3912 [ C37571F7C79C3972D641804F1DF7C0F5 ] C:\Program Files\Microsoft Works\wksdb.exe 14:29:35.0418 3912 C:\Program Files\Microsoft Works\wksdb.exe - ok 14:29:35.0434 3912 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll 14:29:35.0434 3912 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok 14:29:35.0450 3912 [ 2E876305D23E69D75FC66A4090FDF68A ] C:\Program Files\Apoint2K\ApResUS.dll 14:29:35.0450 3912 C:\Program Files\Apoint2K\ApResUS.dll - ok 14:29:35.0465 3912 [ 75AD59B9B12EB194486BE8D97B062994 ] C:\Windows\System32\pnidui.dll 14:29:35.0465 3912 C:\Windows\System32\pnidui.dll - ok 14:29:35.0465 3912 [ 130575400B3A28E69F314DA0ADEA1732 ] C:\Windows\System32\Vxdif.dll 14:29:35.0465 3912 C:\Windows\System32\Vxdif.dll - ok 14:29:35.0481 3912 [ B5EF1DA337DB9859709A387638AC5E07 ] C:\Windows\System32\SearchProtocolHost.exe 14:29:35.0481 3912 C:\Windows\System32\SearchProtocolHost.exe - ok 14:29:35.0496 3912 [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\Windows\System32\rasdlg.dll 14:29:35.0496 3912 C:\Windows\System32\rasdlg.dll - ok 14:29:35.0496 3912 [ FF265743D5FA487D5721B4E94D17842A ] C:\Windows\System32\ShowErrMsg.dll 14:29:35.0496 3912 C:\Windows\System32\ShowErrMsg.dll - ok 14:29:35.0512 3912 [ 0DB949D42FC8B02CEE4FD2A32F9B0910 ] C:\Program Files\AVAST Software\Avast\aswUtil.dll 14:29:35.0512 3912 C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok 14:29:35.0528 3912 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe 14:29:35.0528 3912 C:\Program Files\Windows Mail\wab.exe - ok 14:29:35.0543 3912 [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe 14:29:35.0543 3912 C:\Program Files\Windows Collaboration\WinCollab.exe - ok 14:29:35.0543 3912 [ C4AB08459CD7B59B410ACFC04D90E87B ] C:\Program Files\Movie Maker\MOVIEMK.exe 14:29:35.0543 3912 C:\Program Files\Movie Maker\MOVIEMK.exe - ok 14:29:35.0559 3912 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll 14:29:35.0559 3912 C:\Windows\System32\wlanapi.dll - ok 14:29:35.0574 3912 [ C03AC1FBCD625F93D2C245D97E06F270 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe 14:29:35.0574 3912 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok 14:29:35.0590 3912 [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\Windows\System32\AltTab.dll 14:29:35.0590 3912 C:\Windows\System32\AltTab.dll - ok 14:29:35.0590 3912 [ 6B5C53E0932C510606D700B7A896EF73 ] C:\Windows\System32\WPDShServiceObj.dll 14:29:35.0590 3912 C:\Windows\System32\WPDShServiceObj.dll - ok 14:29:35.0606 3912 [ 069385484EA57B663D688894C88975C5 ] C:\Windows\System32\wuapp.exe 14:29:35.0606 3912 C:\Windows\System32\wuapp.exe - ok 14:29:35.0621 3912 [ 582BE479E7E286BB3B31C5A4C3DC3987 ] C:\Windows\System32\msshooks.dll 14:29:35.0621 3912 C:\Windows\System32\msshooks.dll - ok 14:29:35.0621 3912 [ 1FF99E01F5E536E814D390F37F2E0889 ] C:\Program Files\Apoint2K\Apoint.dll 14:29:35.0621 3912 C:\Program Files\Apoint2K\Apoint.dll - ok 14:29:35.0637 3912 [ 771AF583BC58373A84496CCD52C36E33 ] C:\Windows\System32\mssvp.dll 14:29:35.0637 3912 C:\Windows\System32\mssvp.dll - ok 14:29:35.0652 3912 [ 98C77FD99F3DB37B2C03F32B8F837B65 ] C:\Windows\System32\mapi32.dll 14:29:35.0652 3912 C:\Windows\System32\mapi32.dll - ok 14:29:35.0652 3912 [ 351319EF11C263C95FB721AC76F436D6 ] C:\Windows\System32\mssph.dll 14:29:35.0652 3912 C:\Windows\System32\mssph.dll - ok 14:29:35.0668 3912 [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\Windows\System32\srchadmin.dll 14:29:35.0668 3912 C:\Windows\System32\srchadmin.dll - ok 14:29:35.0684 3912 [ 7B952E19FE5FCB2F2A8737544564631D ] C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL 14:29:35.0684 3912 C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL - ok 14:29:35.0699 3912 [ 58A18482F445D1C8DD51A1BC29251F61 ] C:\Windows\System32\msfeeds.dll 14:29:35.0699 3912 C:\Windows\System32\msfeeds.dll - ok 14:29:35.0699 3912 [ C9EE7FF225EAC1CB9C78C413667CDB80 ] C:\Windows\System32\SearchFilterHost.exe 14:29:35.0699 3912 C:\Windows\System32\SearchFilterHost.exe - ok 14:29:35.0715 3912 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll 14:29:35.0715 3912 C:\Windows\System32\webcheck.dll - ok 14:29:35.0730 3912 [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\Windows\System32\mlang.dll 14:29:35.0730 3912 C:\Windows\System32\mlang.dll - ok 14:29:35.0730 3912 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\Windows\System32\SyncCenter.dll 14:29:35.0730 3912 C:\Windows\System32\SyncCenter.dll - ok 14:29:35.0746 3912 [ 9B0726A03B790E5B82BED44D24009BEF ] C:\Windows\System32\imapi2.dll 14:29:35.0746 3912 C:\Windows\System32\imapi2.dll - ok 14:29:35.0762 3912 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll 14:29:35.0762 3912 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok 14:29:35.0762 3912 [ 4895E1BDA720F634ABDA31BBEC90DEAE ] C:\Program Files\Apoint2K\EzAuto.dll 14:29:35.0762 3912 C:\Program Files\Apoint2K\EzAuto.dll - ok 14:29:35.0793 3912 [ C0ABD66F31C0B84CD944802E6D3D02C2 ] C:\Windows\System32\bthprops.cpl 14:29:35.0793 3912 C:\Windows\System32\bthprops.cpl - ok 14:29:35.0793 3912 [ 81ADB60C39DECB86676D1C6F9578E68B ] C:\Windows\System32\MSNChatHook.dll 14:29:35.0793 3912 C:\Windows\System32\MSNChatHook.dll - ok 14:29:35.0808 3912 [ 9F97089FA244B38321464F0AA40E186F ] C:\Windows\System32\BatchCrypto.dll 14:29:35.0808 3912 C:\Windows\System32\BatchCrypto.dll - ok 14:29:35.0824 3912 [ 9B89B3BB79EA1ACF041F40A7B6FC5827 ] C:\Windows\System32\mobsync.exe 14:29:35.0824 3912 C:\Windows\System32\mobsync.exe - ok 14:29:35.0824 3912 [ 63396CBB1365769D520E0FD89C2419F2 ] C:\Windows\System32\localspl.dll 14:29:35.0824 3912 C:\Windows\System32\localspl.dll - ok 14:29:35.0840 3912 [ 6A437E8991C407728B615F4D63AF36F7 ] C:\Windows\System32\CNMLMAA.DLL 14:29:35.0840 3912 C:\Windows\System32\CNMLMAA.DLL - ok 14:29:35.0855 3912 [ 16EE199006A653EE8937632459CB66BE ] C:\Windows\System32\HPZLLLHN.DLL 14:29:35.0855 3912 C:\Windows\System32\HPZLLLHN.DLL - ok 14:29:35.0871 3912 [ 7599E425947A595448DA778B610923BC ] C:\Program Files\Windows Media Player\wmpsyncmgr.dll 14:29:35.0871 3912 C:\Program Files\Windows Media Player\wmpsyncmgr.dll - ok 14:29:35.0871 3912 [ C1DA8C732CB89BF25FE10D2DD4D2A419 ] C:\Windows\System32\lmdimon8.dll 14:29:35.0871 3912 C:\Windows\System32\lmdimon8.dll - ok 14:29:35.0886 3912 [ B9B3F6D8B8F1E0029C58B304632A729B ] C:\Windows\System32\msonpmon.dll 14:29:35.0886 3912 C:\Windows\System32\msonpmon.dll - ok 14:29:35.0902 3912 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll 14:29:35.0902 3912 C:\Windows\System32\tcpmon.dll - ok 14:29:35.0918 3912 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll 14:29:35.0918 3912 C:\Windows\System32\snmpapi.dll - ok 14:29:35.0918 3912 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll 14:29:35.0918 3912 C:\Windows\System32\wsnmp32.dll - ok 14:29:35.0933 3912 [ 015E99A7634B93E8BB0380C70F3D2CC3 ] C:\Windows\System32\wmp.dll 14:29:35.0933 3912 C:\Windows\System32\wmp.dll - ok 14:29:35.0949 3912 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll 14:29:35.0949 3912 C:\Windows\System32\mgmtapi.dll - ok 14:29:35.0949 3912 [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll 14:29:35.0949 3912 C:\Windows\System32\tcpmib.dll - ok 14:29:35.0964 3912 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll 14:29:35.0964 3912 C:\Windows\System32\usbmon.dll - ok 14:29:35.0980 3912 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll 14:29:35.0980 3912 C:\Windows\System32\WSDMon.dll - ok 14:29:35.0980 3912 [ 672DCEE749BF8A259448991B0297187D ] C:\Windows\System32\spool\prtprocs\w32x86\CNMPDAA.DLL 14:29:35.0980 3912 C:\Windows\System32\spool\prtprocs\w32x86\CNMPDAA.DLL - ok 14:29:35.0996 3912 [ 801DECF3A583C270E5C398FCD082E3DD ] C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL 14:29:35.0996 3912 C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL - ok 14:29:36.0011 3912 [ 08F89ADEDBBF1568C9BC717B9DC37E3B ] C:\Windows\System32\spool\prtprocs\w32x86\lmdippr8.dll 14:29:36.0011 3912 C:\Windows\System32\spool\prtprocs\w32x86\lmdippr8.dll - ok 14:29:36.0027 3912 [ F348280907B38FDBDB3CEF55D456E149 ] C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll 14:29:36.0027 3912 C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll - ok 14:29:36.0027 3912 [ 2D821AFA5A1A9CA7F9F997A1AAD09E72 ] C:\Program Files\Windows Media Player\wmplayer.exe 14:29:36.0027 3912 C:\Program Files\Windows Media Player\wmplayer.exe - ok 14:29:36.0042 3912 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll 14:29:36.0042 3912 C:\Windows\System32\win32spl.dll - ok 14:29:36.0058 3912 [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll 14:29:36.0058 3912 C:\Windows\System32\netrap.dll - ok 14:29:36.0074 3912 [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll 14:29:36.0074 3912 C:\Windows\System32\printcom.dll - ok 14:29:36.0074 3912 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll 14:29:36.0074 3912 C:\Windows\System32\inetpp.dll - ok 14:29:36.0089 3912 [ E34C4AAF1533648BC4B671C0F4D86F03 ] C:\Windows\System32\jscript.dll 14:29:36.0089 3912 C:\Windows\System32\jscript.dll - ok 14:29:36.0105 3912 [ A1379ABB64209A093421B07F4C1804BE ] C:\Program Files\AVAST Software\Avast\aswJsFlt.dll 14:29:36.0105 3912 C:\Program Files\AVAST Software\Avast\aswJsFlt.dll - ok 14:29:36.0105 3912 [ 7C0FC379D4B066C2D2189792DED0E4AA ] C:\Windows\System32\xmlfilter.dll 14:29:36.0105 3912 C:\Windows\System32\xmlfilter.dll - ok 14:29:36.0120 3912 [ 0CADE166293FC566B4B9D477A3A9D650 ] C:\Program Files\Windows Media Player\mpvis.DLL 14:29:36.0120 3912 C:\Program Files\Windows Media Player\mpvis.DLL - ok 14:29:36.0136 3912 [ 617F9A5813E69F6E9ED94B811EC75396 ] C:\Windows\System32\wmpps.dll 14:29:36.0136 3912 C:\Windows\System32\wmpps.dll - ok 14:29:36.0152 3912 [ 915D3430FE926376DD942AE45A9A1665 ] C:\Windows\System32\mswmdm.dll 14:29:36.0152 3912 C:\Windows\System32\mswmdm.dll - ok 14:29:36.0152 3912 [ 83ADC95272B048DFD1563E0EA0F269FB ] C:\Windows\System32\cewmdm.dll 14:29:36.0152 3912 C:\Windows\System32\cewmdm.dll - ok 14:29:36.0167 3912 [ 49456BFE373D90B895795C5A1A13A7C8 ] C:\Windows\System32\WPDSp.dll 14:29:36.0167 3912 C:\Windows\System32\WPDSp.dll - ok 14:29:36.0183 3912 [ 5EB87BA0B93CA7E894FC8002E3CE4C2A ] C:\Program Files\Windows Portable Devices\sqmapi.dll 14:29:36.0183 3912 C:\Program Files\Windows Portable Devices\sqmapi.dll - ok 14:29:36.0183 3912 [ 9F1FAC04A274ADF9F65F9E1B851BDB1E ] C:\Windows\System32\wmdmps.dll 14:29:36.0183 3912 C:\Windows\System32\wmdmps.dll - ok 14:29:36.0198 3912 [ 501F9CDADC4BF4069BC90B3C2BB298AE ] C:\Windows\System32\msscp.dll 14:29:36.0198 3912 C:\Windows\System32\msscp.dll - ok 14:29:36.0214 3912 [ 1264F787E46DC572FA274CA09B446E01 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL 14:29:36.0214 3912 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok 14:29:36.0214 3912 [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\Windows\System32\upnp.dll 14:29:36.0214 3912 C:\Windows\System32\upnp.dll - ok 14:29:36.0230 3912 [ E46A4765F8E6D631C9C9CB0B083602F5 ] C:\Program Files\Windows Media Player\wmpnssci.dll 14:29:36.0230 3912 C:\Program Files\Windows Media Player\wmpnssci.dll - ok 14:29:36.0245 3912 [ 5EF87457AB8A58694EBE35E55D093D04 ] C:\Users\Kenneth\AppData\Local\temp\RtkBtMnt.exe 14:29:36.0245 3912 C:\Users\Kenneth\AppData\Local\temp\RtkBtMnt.exe - ok 14:29:36.0261 3912 [ 423069307FB726E51E2A66F1C3F738FE ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll 14:29:36.0261 3912 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll - ok 14:29:36.0261 3912 [ 898ABECCD5F0B9A8E8F1318DDB234685 ] C:\Windows\System32\dot3api.dll 14:29:36.0261 3912 C:\Windows\System32\dot3api.dll - ok 14:29:36.0276 3912 [ 8D544AC1B7AA7FB9DFF0C3E7DA6AD295 ] C:\Windows\System32\wlanhlp.dll 14:29:36.0276 3912 C:\Windows\System32\wlanhlp.dll - ok 14:29:36.0292 3912 [ 2A632A95433E9719F37AE06BA00543AC ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL 14:29:36.0292 3912 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL - ok 14:29:36.0292 3912 [ 90111518C52523789635E09D80C53584 ] C:\Program Files\AVAST Software\Avast\aswAra.dll 14:29:36.0292 3912 C:\Program Files\AVAST Software\Avast\aswAra.dll - ok 14:29:36.0308 3912 [ A43709D69B819285970DE820D3CE0DF4 ] C:\Program Files\AVAST Software\Avast\aswData.dll 14:29:36.0308 3912 C:\Program Files\AVAST Software\Avast\aswData.dll - ok 14:29:36.0323 3912 [ E4483E1AD553B637FFF75270DB6CEAB3 ] C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll 14:29:36.0323 3912 C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll - ok 14:29:36.0339 3912 [ 45BD0A6F667C24CFA4205D72E66E0DD8 ] C:\Program Files\AVAST Software\Avast\CommonRes.dll 14:29:36.0339 3912 C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok 14:29:36.0354 3912 [ 8B1E277F554228A84126402BBBDC32F4 ] C:\Windows\System32\Macromed\Flash\Flash32_11_4_402_287.ocx 14:29:36.0354 3912 C:\Windows\System32\Macromed\Flash\Flash32_11_4_402_287.ocx - ok 14:29:36.0354 3912 [ 2E70B299CF9732C1A66F2403BBF3539B ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90u.dll 14:29:36.0354 3912 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90u.dll - ok 14:29:36.0370 3912 [ D9683065CF89411E0AC17349E251A5B9 ] C:\Program Files\AVAST Software\Avast\defs\12110800\uiext.dll 14:29:36.0370 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\uiext.dll - ok 14:29:36.0386 3912 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:29:36.0386 3912 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok 14:29:36.0401 3912 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll 14:29:36.0401 3912 C:\Windows\System32\msvcr100_clr0400.dll - ok 14:29:36.0401 3912 [ E4024CCF225A936207294DE50925D4F6 ] C:\Program Files\Google\Update\1.3.21.123\goopdateres_en.dll 14:29:36.0401 3912 C:\Program Files\Google\Update\1.3.21.123\goopdateres_en.dll - ok 14:29:36.0417 3912 [ 8078F8F8F7A79E2E6B494523A828C585 ] C:\Windows\System32\msdtckrm.dll 14:29:36.0417 3912 C:\Windows\System32\msdtckrm.dll - ok 14:29:36.0432 3912 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll 14:29:36.0432 3912 C:\Windows\System32\p2pcollab.dll - ok 14:29:36.0432 3912 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll 14:29:36.0432 3912 C:\Windows\System32\wuapi.dll - ok 14:29:36.0448 3912 [ FE3702015BE4D214808A2FBC07B8E5FF ] C:\Windows\System32\wscproxystub.dll 14:29:36.0448 3912 C:\Windows\System32\wscproxystub.dll - ok 14:29:36.0464 3912 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll 14:29:36.0464 3912 C:\Windows\System32\wups.dll - ok 14:29:36.0464 3912 [ 5E41139EC6EFBCAFFD96D46925E544AB ] C:\Windows\System32\mspatcha.dll 14:29:36.0464 3912 C:\Windows\System32\mspatcha.dll - ok 14:29:36.0479 3912 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll 14:29:36.0479 3912 C:\Windows\System32\wups2.dll - ok 14:29:36.0495 3912 [ 3A2EEE8444A8E5C1A454C57B2198F5FC ] C:\Windows\System32\ntlanman.dll 14:29:36.0495 3912 C:\Windows\System32\ntlanman.dll - ok 14:29:36.0510 3912 [ 582EFE56FC0858E58A6CEBA2A64B02C7 ] C:\Windows\System32\drprov.dll 14:29:36.0510 3912 C:\Windows\System32\drprov.dll - ok 14:29:36.0510 3912 [ CFBD2E1FE18B50748A76703A2DC6D4E3 ] C:\Windows\System32\davclnt.dll 14:29:36.0510 3912 C:\Windows\System32\davclnt.dll - ok 14:29:36.0526 3912 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe 14:29:36.0526 3912 C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe - ok 14:29:36.0542 3912 [ C8DBFEF835FF54467425C8F3ABCF7046 ] C:\Windows\System32\dssenh.dll 14:29:36.0542 3912 C:\Windows\System32\dssenh.dll - ok 14:29:36.0542 3912 [ 2898035F522BA2989BBA8B9CFB020FD2 ] C:\Program Files\AVAST Software\Avast\defs\12110800\aspColl.dll 14:29:36.0542 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aspColl.dll - ok 14:29:36.0557 3912 [ 5FA382106B145A920E2A4F7087AF1B90 ] C:\Windows\System32\wbem\wmipcima.dll 14:29:36.0557 3912 C:\Windows\System32\wbem\wmipcima.dll - ok 14:29:36.0557 3912 ============================================================ 14:29:36.0557 3912 Scan finished 14:29:36.0557 3912 ============================================================ 14:29:36.0588 3168 Detected object count: 14 14:29:36.0588 3168 Actual detected object count: 14 14:32:40.0044 3168 ALaunchService ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 ALaunchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0060 3168 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0060 3168 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0076 3168 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0076 3168 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0076 3168 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0076 3168 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:40.0076 3168 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:40.0076 3168 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:48.0624 3568 Deinitialize successHere is the 3rd part of TDDSkiller log.................
  13. Tumbleweed88
    Here is the 2nd part but it will not let me post all of whats left so I will post the log into 3 parts......... 14:29:29.0802 3912 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll 14:29:29.0802 3912 C:\Windows\System32\msv1_0.dll - ok 14:29:29.0818 3912 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll 14:29:29.0818 3912 C:\Windows\System32\mswsock.dll - ok 14:29:29.0834 3912 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll 14:29:29.0834 3912 C:\Windows\System32\netlogon.dll - ok 14:29:29.0849 3912 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll 14:29:29.0849 3912 C:\Windows\System32\fdPHost.dll - ok 14:29:29.0849 3912 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll 14:29:29.0849 3912 C:\Windows\System32\FDResPub.dll - ok 14:29:29.0865 3912 [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll 14:29:29.0865 3912 C:\Windows\System32\FntCache.dll - ok 14:29:29.0880 3912 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll 14:29:29.0880 3912 C:\Windows\System32\winbrand.dll - ok 14:29:29.0880 3912 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll 14:29:29.0880 3912 C:\Windows\System32\schannel.dll - ok 14:29:29.0896 3912 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll 14:29:29.0896 3912 C:\Windows\System32\wdigest.dll - ok 14:29:29.0912 3912 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe 14:29:29.0912 3912 C:\Windows\System32\PresentationHost.exe - ok 14:29:29.0927 3912 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll 14:29:29.0927 3912 C:\Windows\System32\rsaenh.dll - ok 14:29:29.0927 3912 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll 14:29:29.0927 3912 C:\Windows\System32\TSpkg.dll - ok 14:29:29.0943 3912 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll 14:29:29.0943 3912 C:\Windows\System32\gpapi.dll - ok 14:29:29.0958 3912 [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll 14:29:29.0958 3912 C:\Windows\System32\hidserv.dll - ok 14:29:29.0958 3912 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL 14:29:29.0958 3912 C:\Windows\System32\KMSVC.DLL - ok 14:29:29.0974 3912 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll 14:29:29.0974 3912 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok 14:29:29.0990 3912 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL 14:29:29.0990 3912 C:\Windows\System32\IKEEXT.DLL - ok 14:29:29.0990 3912 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll 14:29:29.0990 3912 C:\Windows\System32\IPBusEnum.dll - ok 14:29:30.0005 3912 [ 1998BD97F950680BB55F55A7244679C2 ] C:\Windows\System32\iphlpsvc.dll 14:29:30.0005 3912 C:\Windows\System32\iphlpsvc.dll - ok 14:29:30.0021 3912 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll 14:29:30.0021 3912 C:\Windows\System32\keyiso.dll - ok 14:29:30.0036 3912 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll 14:29:30.0036 3912 C:\Windows\System32\rascfg.dll - ok 14:29:30.0036 3912 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll 14:29:30.0036 3912 C:\Windows\System32\srvsvc.dll - ok 14:29:30.0052 3912 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll 14:29:30.0052 3912 C:\Windows\System32\lltdres.dll - ok 14:29:30.0068 3912 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll 14:29:30.0068 3912 C:\Windows\System32\lmhsvc.dll - ok 14:29:30.0068 3912 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll 14:29:30.0068 3912 C:\Windows\System32\mmcss.dll - ok 14:29:30.0083 3912 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll 14:29:30.0083 3912 C:\Windows\System32\wkssvc.dll - ok 14:29:30.0099 3912 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll 14:29:30.0099 3912 C:\Windows\System32\FirewallAPI.dll - ok 14:29:30.0099 3912 [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll 14:29:30.0099 3912 C:\Windows\System32\iscsidsc.dll - ok 14:29:30.0114 3912 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll 14:29:30.0114 3912 C:\Windows\System32\msimsg.dll - ok 14:29:30.0130 3912 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL 14:29:30.0130 3912 C:\Windows\System32\QAGENTRT.DLL - ok 14:29:30.0146 3912 [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll 14:29:30.0146 3912 C:\Windows\System32\netman.dll - ok 14:29:30.0146 3912 [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll 14:29:30.0146 3912 C:\Windows\System32\netprof.dll - ok 14:29:30.0161 3912 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll 14:29:30.0161 3912 C:\Windows\System32\nsisvc.dll - ok 14:29:30.0177 3912 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll 14:29:30.0177 3912 C:\Windows\System32\p2psvc.dll - ok 14:29:30.0177 3912 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll 14:29:30.0177 3912 C:\Windows\System32\pcasvc.dll - ok 14:29:30.0192 3912 [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll 14:29:30.0192 3912 C:\Windows\System32\pla.dll - ok 14:29:30.0208 3912 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll 14:29:30.0208 3912 C:\Windows\System32\umpnpmgr.dll - ok 14:29:30.0208 3912 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll 14:29:30.0208 3912 C:\Windows\System32\polstore.dll - ok 14:29:30.0224 3912 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll 14:29:30.0224 3912 C:\Windows\System32\profsvc.dll - ok 14:29:30.0239 3912 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll 14:29:30.0239 3912 C:\Windows\System32\psbase.dll - ok 14:29:30.0239 3912 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll 14:29:30.0239 3912 C:\Windows\System32\qwave.dll - ok 14:29:30.0255 3912 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys 14:29:30.0255 3912 C:\Windows\System32\drivers\qwavedrv.sys - ok 14:29:30.0270 3912 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll 14:29:30.0270 3912 C:\Windows\System32\rasauto.dll - ok 14:29:30.0286 3912 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll 14:29:30.0286 3912 C:\Windows\System32\rasmans.dll - ok 14:29:30.0286 3912 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll 14:29:30.0286 3912 C:\Windows\System32\mprdim.dll - ok 14:29:30.0302 3912 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll 14:29:30.0302 3912 C:\Windows\System32\regsvc.dll - ok 14:29:30.0317 3912 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll 14:29:30.0317 3912 C:\Windows\System32\sstpsvc.dll - ok 14:29:30.0317 3912 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe 14:29:30.0317 3912 C:\Windows\System32\Locator.exe - ok 14:29:30.0333 3912 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll 14:29:30.0333 3912 C:\Windows\System32\SCardSvr.dll - ok 14:29:30.0348 3912 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll 14:29:30.0348 3912 C:\Windows\System32\schedsvc.dll - ok 14:29:30.0348 3912 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll 14:29:30.0348 3912 C:\Windows\System32\sdrsvc.dll - ok 14:29:30.0364 3912 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll 14:29:30.0364 3912 C:\Windows\System32\seclogon.dll - ok 14:29:30.0380 3912 [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll 14:29:30.0380 3912 C:\Windows\System32\Sens.dll - ok 14:29:30.0380 3912 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\Windows\System32\ipnathlp.dll 14:29:30.0380 3912 C:\Windows\System32\ipnathlp.dll - ok 14:29:30.0395 3912 [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll 14:29:30.0395 3912 C:\Windows\System32\SessEnv.dll - ok 14:29:30.0411 3912 [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll 14:29:30.0411 3912 C:\Windows\System32\shsvcs.dll - ok 14:29:30.0411 3912 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe 14:29:30.0411 3912 C:\Windows\System32\SLsvc.exe - ok 14:29:30.0426 3912 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll 14:29:30.0426 3912 C:\Windows\System32\SLUINotify.dll - ok 14:29:30.0442 3912 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll 14:29:30.0442 3912 C:\Windows\System32\tcpipcfg.dll - ok 14:29:30.0442 3912 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe 14:29:30.0442 3912 C:\Windows\System32\snmptrap.exe - ok 14:29:30.0458 3912 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe 14:29:30.0458 3912 C:\Windows\System32\spoolsv.exe - ok 14:29:30.0473 3912 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll 14:29:30.0473 3912 C:\Windows\System32\ssdpsrv.dll - ok 14:29:30.0489 3912 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll 14:29:30.0489 3912 C:\Windows\System32\wiaservc.dll - ok 14:29:30.0489 3912 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll 14:29:30.0489 3912 C:\Windows\System32\swprv.dll - ok 14:29:30.0504 3912 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll 14:29:30.0504 3912 C:\Windows\System32\sysmain.dll - ok 14:29:30.0520 3912 [ 2DCA225EAE15F42C0933E998EE0231C3 ] C:\Windows\System32\TabSvc.dll 14:29:30.0520 3912 C:\Windows\System32\TabSvc.dll - ok 14:29:30.0520 3912 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll 14:29:30.0520 3912 C:\Windows\System32\tapisrv.dll - ok 14:29:30.0536 3912 [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll 14:29:30.0536 3912 C:\Windows\System32\tbssvc.dll - ok 14:29:30.0551 3912 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll 14:29:30.0551 3912 C:\Windows\System32\termsrv.dll - ok 14:29:30.0551 3912 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] C:\Windows\System32\trkwks.dll 14:29:30.0551 3912 C:\Windows\System32\trkwks.dll - ok 14:29:30.0567 3912 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe 14:29:30.0567 3912 C:\Windows\servicing\TrustedInstaller.exe - ok 14:29:30.0582 3912 [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe 14:29:30.0582 3912 C:\Windows\System32\UI0Detect.exe - ok 14:29:30.0598 3912 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll 14:29:30.0598 3912 C:\Windows\System32\upnphost.dll - ok 14:29:30.0598 3912 [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe 14:29:30.0598 3912 C:\Windows\System32\dwm.exe - ok 14:29:30.0614 3912 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe 14:29:30.0614 3912 C:\Windows\System32\vds.exe - ok 14:29:30.0629 3912 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe 14:29:30.0629 3912 C:\Windows\System32\VSSVC.exe - ok 14:29:30.0629 3912 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll 14:29:30.0629 3912 C:\Windows\System32\w32time.dll - ok 14:29:30.0645 3912 [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll 14:29:30.0645 3912 C:\Windows\System32\wcncsvc.dll - ok 14:29:30.0660 3912 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll 14:29:30.0660 3912 C:\Windows\System32\WcsPlugInService.dll - ok 14:29:30.0660 3912 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll 14:29:30.0660 3912 C:\Windows\System32\wdi.dll - ok 14:29:30.0676 3912 [ 04C37D8107320312FBAE09926103D5E2 ] C:\Windows\System32\WebClnt.dll 14:29:30.0676 3912 C:\Windows\System32\WebClnt.dll - ok 14:29:30.0692 3912 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll 14:29:30.0692 3912 C:\Windows\System32\wecsvc.dll - ok 14:29:30.0707 3912 [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll 14:29:30.0707 3912 C:\Windows\System32\wercplsupport.dll - ok 14:29:30.0707 3912 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll 14:29:30.0707 3912 C:\Windows\System32\wersvc.dll - ok 14:29:30.0723 3912 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll 14:29:30.0723 3912 C:\Windows\System32\winhttp.dll - ok 14:29:30.0738 3912 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll 14:29:30.0738 3912 C:\Windows\System32\wbem\WMIsvc.dll - ok 14:29:30.0738 3912 [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll 14:29:30.0738 3912 C:\Windows\System32\WsmSvc.dll - ok 14:29:30.0754 3912 [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll 14:29:30.0754 3912 C:\Windows\System32\wlansvc.dll - ok 14:29:30.0770 3912 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe 14:29:30.0770 3912 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok 14:29:30.0770 3912 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe 14:29:30.0770 3912 C:\Windows\System32\wbem\WmiApSrv.exe - ok 14:29:30.0785 3912 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll 14:29:30.0785 3912 C:\Windows\System32\wpcsvc.dll - ok 14:29:30.0801 3912 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:29:30.0801 3912 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok 14:29:30.0816 3912 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll 14:29:30.0816 3912 C:\Windows\System32\wpdbusenum.dll - ok 14:29:30.0816 3912 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll 14:29:30.0816 3912 C:\Windows\System32\wscsvc.dll - ok 14:29:30.0832 3912 [ AED0DFF80C6B3914769407E78D7AB21A ] C:\Windows\System32\SearchIndexer.exe 14:29:30.0832 3912 C:\Windows\System32\SearchIndexer.exe - ok 14:29:30.0848 3912 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll 14:29:30.0848 3912 C:\Windows\System32\wuaueng.dll - ok 14:29:30.0848 3912 [ 575A4190D989F64732119E4114045A4F ] C:\Windows\System32\WUDFSvc.dll 14:29:30.0848 3912 C:\Windows\System32\WUDFSvc.dll - ok 14:29:30.0863 3912 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll 14:29:30.0863 3912 C:\Windows\System32\scecli.dll - ok 14:29:30.0879 3912 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll 14:29:30.0879 3912 C:\Windows\System32\ntmarta.dll - ok 14:29:30.0879 3912 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe 14:29:30.0879 3912 C:\Windows\System32\svchost.exe - ok 14:29:30.0894 3912 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll 14:29:30.0894 3912 C:\Windows\System32\powrprof.dll - ok 14:29:30.0910 3912 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys 14:29:30.0910 3912 C:\Windows\System32\drivers\luafv.sys - ok 14:29:30.0926 3912 [ 6693141560B1615D8DCCF0D8EB00087E ] C:\Windows\System32\drivers\aswMonFlt.sys 14:29:30.0926 3912 C:\Windows\System32\drivers\aswMonFlt.sys - ok 14:29:30.0926 3912 [ 0AE43C6C411254049279C2EE55630F95 ] C:\Windows\System32\drivers\aswFsBlk.sys 14:29:30.0926 3912 C:\Windows\System32\drivers\aswFsBlk.sys - ok 14:29:30.0941 3912 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll 14:29:30.0941 3912 C:\Windows\System32\rpcss.dll - ok 14:29:30.0957 3912 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll 14:29:30.0957 3912 C:\Windows\System32\version.dll - ok 14:29:30.0957 3912 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe 14:29:30.0957 3912 C:\Windows\System32\LogonUI.exe - ok 14:29:30.0972 3912 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll 14:29:30.0972 3912 C:\Windows\System32\authui.dll - ok 14:29:30.0988 3912 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll 14:29:30.0988 3912 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok 14:29:30.0988 3912 [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll 14:29:30.0988 3912 C:\Windows\System32\MMDevAPI.dll - ok 14:29:31.0004 3912 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll 14:29:31.0004 3912 C:\Windows\System32\wtsapi32.dll - ok 14:29:31.0019 3912 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll 14:29:31.0019 3912 C:\Windows\System32\msimg32.dll - ok 14:29:31.0035 3912 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll 14:29:31.0035 3912 C:\Windows\System32\uxtheme.dll - ok 14:29:31.0035 3912 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll 14:29:31.0035 3912 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok 14:29:31.0050 3912 [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\Windows\System32\wintrust.dll 14:29:31.0050 3912 C:\Windows\System32\wintrust.dll - ok 14:29:31.0066 3912 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll 14:29:31.0066 3912 C:\Windows\System32\avrt.dll - ok 14:29:31.0066 3912 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll 14:29:31.0066 3912 C:\Windows\System32\cabinet.dll - ok 14:29:31.0082 3912 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll 14:29:31.0082 3912 C:\Windows\System32\duser.dll - ok 14:29:31.0097 3912 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll 14:29:31.0097 3912 C:\Windows\System32\xmllite.dll - ok 14:29:31.0113 3912 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll 14:29:31.0113 3912 C:\Windows\System32\SmartcardCredentialProvider.dll - ok 14:29:31.0113 3912 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll 14:29:31.0113 3912 C:\Windows\System32\rasplap.dll - ok 14:29:31.0128 3912 [ 97FEF831AB90BEE128C9AF390E243F80 ] C:\Windows\System32\drivers\drmkaud.sys 14:29:31.0128 3912 C:\Windows\System32\drivers\drmkaud.sys - ok 14:29:31.0144 3912 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll 14:29:31.0144 3912 C:\Windows\System32\rasapi32.dll - ok 14:29:31.0144 3912 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll 14:29:31.0144 3912 C:\Windows\System32\rasman.dll - ok 14:29:31.0160 3912 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll 14:29:31.0160 3912 C:\Windows\System32\tapi32.dll - ok 14:29:31.0175 3912 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll 14:29:31.0175 3912 C:\Windows\System32\oleacc.dll - ok 14:29:31.0175 3912 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll 14:29:31.0175 3912 C:\Windows\System32\rtutils.dll - ok 14:29:31.0191 3912 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll 14:29:31.0191 3912 C:\Windows\System32\winmm.dll - ok 14:29:31.0206 3912 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll 14:29:31.0206 3912 C:\Windows\System32\WinSCard.dll - ok 14:29:31.0222 3912 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe 14:29:31.0222 3912 C:\Windows\System32\audiodg.exe - ok 14:29:31.0222 3912 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll 14:29:31.0222 3912 C:\Windows\System32\shgina.dll - ok 14:29:31.0238 3912 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll 14:29:31.0238 3912 C:\Windows\System32\shacct.dll - ok 14:29:31.0253 3912 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll 14:29:31.0253 3912 C:\Windows\System32\propsys.dll - ok 14:29:31.0253 3912 [ 399BB52AD0668472717498E97CF28341 ] C:\Windows\System32\WUDFPlatform.dll 14:29:31.0253 3912 C:\Windows\System32\WUDFPlatform.dll - ok 14:29:31.0269 3912 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll 14:29:31.0269 3912 C:\Windows\System32\adtschema.dll - ok 14:29:31.0284 3912 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll 14:29:31.0284 3912 C:\Windows\System32\gpsvc.dll - ok 14:29:31.0300 3912 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll 14:29:31.0300 3912 C:\Windows\System32\nlaapi.dll - ok 14:29:31.0300 3912 [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll 14:29:31.0300 3912 C:\Windows\System32\atl.dll - ok 14:29:31.0316 3912 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll 14:29:31.0316 3912 C:\Windows\System32\es.dll - ok 14:29:31.0331 3912 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys 14:29:31.0331 3912 C:\Windows\System32\drivers\fltMgr.sys - ok 14:29:31.0331 3912 [ 22F73612087430A94DBE912AB58E0C79 ] C:\Windows\System32\ci.dll 14:29:31.0331 3912 C:\Windows\System32\ci.dll - ok 14:29:31.0347 3912 [ 70C6489D56008D75DEDF73226FA63C11 ] C:\Windows\System32\dimsjob.dll 14:29:31.0347 3912 C:\Windows\System32\dimsjob.dll - ok 14:29:31.0362 3912 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll 14:29:31.0362 3912 C:\Windows\System32\uxsms.dll - ok 14:29:31.0362 3912 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll 14:29:31.0362 3912 C:\Windows\System32\WindowsCodecs.dll - ok 14:29:31.0378 3912 [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL 14:29:31.0378 3912 C:\Windows\System32\PSHED.DLL - ok 14:29:31.0394 3912 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll 14:29:31.0394 3912 C:\Windows\System32\hid.dll - ok 14:29:31.0394 3912 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys 14:29:31.0394 3912 C:\Windows\System32\drivers\spsys.sys - ok 14:29:31.0409 3912 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys 14:29:31.0409 3912 C:\Windows\System32\drivers\lltdio.sys - ok 14:29:31.0425 3912 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] C:\Windows\System32\drivers\nwifi.sys 14:29:31.0425 3912 C:\Windows\System32\drivers\nwifi.sys - ok 14:29:31.0440 3912 [ D6973AA34C4D5D76C0430B181C3CD389 ] C:\Windows\System32\drivers\ndisuio.sys 14:29:31.0440 3912 C:\Windows\System32\drivers\ndisuio.sys - ok 14:29:31.0440 3912 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys 14:29:31.0440 3912 C:\Windows\System32\drivers\rspndr.sys - ok 14:29:31.0456 3912 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\Windows\System32\dnsrslvr.dll 14:29:31.0456 3912 C:\Windows\System32\dnsrslvr.dll - ok 14:29:31.0472 3912 [ 3AB4023CBD406AC33AB8CDFF6C8079A0 ] C:\Windows\System32\eapphost.dll 14:29:31.0472 3912 C:\Windows\System32\eapphost.dll - ok 14:29:31.0472 3912 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll 14:29:31.0472 3912 C:\Windows\System32\rastls.dll - ok 14:29:31.0487 3912 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe 14:29:31.0487 3912 C:\Windows\System32\dllhost.exe - ok 14:29:31.0503 3912 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll 14:29:31.0503 3912 C:\Windows\System32\raschap.dll - ok 14:29:31.0503 3912 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll 14:29:31.0503 3912 C:\Windows\System32\shimeng.dll - ok 14:29:31.0518 3912 [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll 14:29:31.0518 3912 C:\Windows\System32\umb.dll - ok 14:29:31.0534 3912 [ 3727F8B85E24BBDD325BFF75F029DDE3 ] C:\Windows\System32\wlanmsm.dll 14:29:31.0534 3912 C:\Windows\System32\wlanmsm.dll - ok 14:29:31.0550 3912 [ 4662AF853DFAD5648CE3814E7D9EF3D6 ] C:\Windows\System32\wlansec.dll 14:29:31.0550 3912 C:\Windows\System32\wlansec.dll - ok 14:29:31.0550 3912 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll 14:29:31.0550 3912 C:\Windows\System32\onex.dll - ok 14:29:31.0565 3912 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll 14:29:31.0565 3912 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok 14:29:31.0581 3912 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll 14:29:31.0581 3912 C:\Windows\System32\eappprxy.dll - ok 14:29:31.0581 3912 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll 14:29:31.0581 3912 C:\Windows\System32\eappcfg.dll - ok 14:29:31.0596 3912 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv 14:29:31.0596 3912 C:\Windows\System32\wdmaud.drv - ok 14:29:31.0612 3912 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll 14:29:31.0612 3912 C:\Windows\System32\ksuser.dll - ok 14:29:31.0612 3912 [ 3CD1B69551236977918E60F9543C89A2 ] C:\Windows\System32\AtBroker.exe 14:29:31.0612 3912 C:\Windows\System32\AtBroker.exe - ok 14:29:31.0628 3912 [ 7258434974EA735725FD2D4A65C5E821 ] C:\Windows\System32\AudioSes.dll 14:29:31.0628 3912 C:\Windows\System32\AudioSes.dll - ok 14:29:31.0643 3912 [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\Windows\System32\AudioEng.dll 14:29:31.0643 3912 C:\Windows\System32\AudioEng.dll - ok 14:29:31.0643 3912 [ 91D995A67D9447592A1BF21CBC15C628 ] C:\Windows\System32\wlgpclnt.dll 14:29:31.0643 3912 C:\Windows\System32\wlgpclnt.dll - ok 14:29:31.0659 3912 [ 19FFAD68A02AF1BF0BC336EE26CD6767 ] C:\Windows\System32\l2gpstore.dll 14:29:31.0659 3912 C:\Windows\System32\l2gpstore.dll - ok 14:29:31.0674 3912 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll 14:29:31.0674 3912 C:\Windows\System32\wlanutil.dll - ok 14:29:31.0674 3912 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe 14:29:31.0690 3912 C:\Windows\System32\userinit.exe - ok 14:29:31.0690 3912 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll 14:29:31.0690 3912 C:\Windows\System32\msacm32.dll - ok 14:29:31.0706 3912 [ 166F004D73EA2CF4AC61800CA469458D ] C:\Windows\System32\msacm32.drv 14:29:31.0706 3912 C:\Windows\System32\msacm32.drv - ok 14:29:31.0721 3912 [ 83199EF88D691E730B80666E29F90D58 ] C:\Windows\System32\midimap.dll 14:29:31.0721 3912 C:\Windows\System32\midimap.dll - ok 14:29:31.0721 3912 [ 024528E25BBE8768536861EA09BE1672 ] C:\Windows\System32\msxml6.dll 14:29:31.0721 3912 C:\Windows\System32\msxml6.dll - ok 14:29:31.0737 3912 [ 296937202E4D930AAE98085B99D744D8 ] C:\Windows\System32\AUDIOKSE.dll 14:29:31.0737 3912 C:\Windows\System32\AUDIOKSE.dll - ok 14:29:31.0752 3912 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll 14:29:31.0752 3912 C:\Windows\System32\dwmapi.dll - ok 14:29:31.0752 3912 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll 14:29:31.0752 3912 C:\Windows\System32\netcfgx.dll - ok 14:29:31.0768 3912 [ CFD7A46928597BF4FA8C1A268D1F6A08 ] C:\Windows\System32\RtkAPO.dll 14:29:31.0768 3912 C:\Windows\System32\RtkAPO.dll - ok 14:29:31.0784 3912 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe 14:29:31.0784 3912 C:\Windows\explorer.exe - ok 14:29:31.0784 3912 [ 4041D31508A2A084DFB42C595854090F ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe 14:29:31.0784 3912 C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok 14:29:31.0799 3912 [ 153C55E9F84BF079A276C0D350806DC5 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll 14:29:31.0799 3912 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok 14:29:31.0815 3912 [ D07F23592281202D8F0BED99DFAF3DB2 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll 14:29:31.0815 3912 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok 14:29:31.0830 3912 [ C1101C9F70C136106C80C7DE073A7801 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll 14:29:31.0830 3912 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok 14:29:31.0830 3912 [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll 14:29:31.0830 3912 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll - ok 14:29:31.0846 3912 [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll 14:29:31.0846 3912 C:\Windows\System32\dwmredir.dll - ok 14:29:31.0862 3912 [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll 14:29:31.0862 3912 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll - ok 14:29:31.0877 3912 [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll 14:29:31.0877 3912 C:\Windows\System32\milcore.dll - ok 14:29:31.0877 3912 [ 0727200F10320A6BA7E59433094FBBA7 ] C:\Windows\System32\WMALFXGFXDSP.dll 14:29:31.0877 3912 C:\Windows\System32\WMALFXGFXDSP.dll - ok 14:29:31.0893 3912 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll 14:29:31.0893 3912 C:\Windows\System32\shdocvw.dll - ok 14:29:31.0908 3912 [ 23F655904EDBE354CACEC16148073D1C ] C:\Program Files\AVAST Software\Avast\ashBase.dll 14:29:31.0908 3912 C:\Program Files\AVAST Software\Avast\ashBase.dll - ok 14:29:31.0908 3912 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll 14:29:31.0908 3912 C:\Windows\System32\wsock32.dll - ok 14:29:31.0924 3912 [ C0C17AB13EFE021D09E278E127560944 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll 14:29:31.0924 3912 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok 14:29:31.0940 3912 [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\Windows\System32\mfplat.dll 14:29:31.0940 3912 C:\Windows\System32\mfplat.dll - ok 14:29:31.0955 3912 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll 14:29:31.0955 3912 C:\Windows\System32\d3d9.dll - ok 14:29:31.0955 3912 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll 14:29:31.0955 3912 C:\Windows\System32\d3d8thk.dll - ok 14:29:31.0971 3912 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll 14:29:31.0971 3912 C:\Windows\System32\browseui.dll - ok 14:29:31.0986 3912 [ 784485B6BF7F0156D3CF64E8A91D1CE6 ] C:\Windows\System32\igdumd32.dll 14:29:31.0986 3912 C:\Windows\System32\igdumd32.dll - ok 14:29:31.0986 3912 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\Windows\System32\uDWM.dll 14:29:31.0986 3912 C:\Windows\System32\uDWM.dll - ok 14:29:32.0002 3912 [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll 14:29:32.0002 3912 C:\Windows\System32\dbghelp.dll - ok 14:29:32.0018 3912 [ 53F02D0B63C0581CC75B59FEB8727868 ] C:\Program Files\AVAST Software\Avast\1033\Base.dll 14:29:32.0018 3912 C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok 14:29:32.0018 3912 [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll 14:29:32.0018 3912 C:\Windows\System32\cscapi.dll - ok 14:29:32.0033 3912 [ 1B34989DDFD77861D3BFC7BDB0AE45EA ] C:\Program Files\AVAST Software\Avast\ashServ.dll 14:29:32.0033 3912 C:\Program Files\AVAST Software\Avast\ashServ.dll - ok 14:29:32.0049 3912 [ 0B8C72A9BE02F1F1C6D2876B78F270AD ] C:\Program Files\AVAST Software\Avast\aswAux.dll 14:29:32.0049 3912 C:\Program Files\AVAST Software\Avast\aswAux.dll - ok 14:29:32.0064 3912 [ 309391D362FA6036F92919CDA11957F7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll 14:29:32.0064 3912 C:\Program Files\AVAST Software\Avast\ashTask.dll - ok 14:29:32.0064 3912 [ 9765A954BC96D5444A55AACBAC91A7C4 ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll 14:29:32.0064 3912 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok 14:29:32.0080 3912 [ 0BF206E2EAC174E9B607FB90930C2477 ] C:\Program Files\AVAST Software\Avast\aswLog.dll 14:29:32.0080 3912 C:\Program Files\AVAST Software\Avast\aswLog.dll - ok 14:29:32.0096 3912 [ A218DC737865366494DF73601A7B4626 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll 14:29:32.0096 3912 C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok 14:29:32.0096 3912 [ A21F1D4883777C8F2B918B9A33988F52 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll 14:29:32.0096 3912 C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok 14:29:32.0111 3912 [ C7CEC19606F6C6BCEF7DBD5056F93724 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll 14:29:32.0111 3912 C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok 14:29:32.0127 3912 [ B678403BB3864B7288676764D9F3BD05 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll 14:29:32.0127 3912 C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok 14:29:32.0142 3912 [ 172C234F9C72A9BB2C939851ACAD734B ] C:\Program Files\AVAST Software\Avast\aswIdle.dll 14:29:32.0142 3912 C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok 14:29:32.0142 3912 [ AA8B84990D8605565C31DACA9903067E ] C:\Program Files\AVAST Software\Avast\aswDld.dll 14:29:32.0142 3912 C:\Program Files\AVAST Software\Avast\aswDld.dll - ok 14:29:32.0158 3912 [ 7D634BB1B2BC4249E0E00EF39DDD5AAB ] C:\Program Files\AVAST Software\Avast\aswStrm.dll 14:29:32.0158 3912 C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok 14:29:32.0174 3912 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll 14:29:32.0174 3912 C:\Windows\System32\ktmw32.dll - ok 14:29:32.0174 3912 [ 751C5383F3995F6D6B3FA24EF89C9446 ] C:\Program Files\AVAST Software\Avast\ashShell.dll 14:29:32.0174 3912 C:\Program Files\AVAST Software\Avast\ashShell.dll - ok 14:29:32.0189 3912 [ D0A95E567224B4C347CBDD6541E5D928 ] C:\Windows\System32\wscisvif.dll 14:29:32.0189 3912 C:\Windows\System32\wscisvif.dll - ok 14:29:32.0205 3912 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\System32\wscapi.dll 14:29:32.0205 3912 C:\Windows\System32\wscapi.dll - ok 14:29:32.0205 3912 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll 14:29:32.0205 3912 C:\Windows\System32\msi.dll - ok 14:29:32.0220 3912 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll 14:29:32.0220 3912 C:\Windows\System32\taskcomp.dll - ok 14:29:32.0236 3912 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] C:\Windows\System32\drivers\http.sys 14:29:32.0236 3912 C:\Windows\System32\drivers\http.sys - ok 14:29:32.0252 3912 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll 14:29:32.0252 3912 C:\Windows\System32\wiarpc.dll - ok 14:29:32.0252 3912 [ 4AEEDE58A81D3FF2571F5CE5A95F3AAF ] C:\Program Files\AVAST Software\Avast\defs\12110800\aswEngin.dll 14:29:32.0252 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aswEngin.dll - ok 14:29:32.0267 3912 [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll 14:29:32.0267 3912 C:\Windows\System32\spoolss.dll - ok 14:29:32.0283 3912 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys 14:29:32.0283 3912 C:\Windows\System32\drivers\srvnet.sys - ok 14:29:32.0283 3912 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll 14:29:32.0283 3912 C:\Windows\System32\EhStorShell.dll - ok 14:29:32.0298 3912 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL 14:29:32.0298 3912 C:\Windows\System32\FWPUCLNT.DLL - ok 14:29:32.0314 3912 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll 14:29:32.0314 3912 C:\Windows\System32\imageres.dll - ok 14:29:32.0314 3912 [ A94AF354E4EA9C835DCF3E60EC75911C ] C:\Program Files\AVAST Software\Avast\defs\12110800\aswCmnOS.dll 14:29:32.0314 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aswCmnOS.dll - ok 14:29:32.0330 3912 [ F8AC522C1DAEED05BDA7C0E4E394BCD7 ] C:\Program Files\AVAST Software\Avast\defs\12110800\aswCmnIS.dll 14:29:32.0330 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aswCmnIS.dll - ok 14:29:32.0345 3912 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe 14:29:32.0345 3912 C:\Windows\System32\taskeng.exe - ok 14:29:32.0361 3912 [ C0BAA16A618EBCFB86ED0FDED886506D ] C:\Program Files\AVAST Software\Avast\defs\12110800\aswCmnBS.dll 14:29:32.0361 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aswCmnBS.dll - ok 14:29:32.0361 3912 [ 9041584401F262A43D6F55534BFC2E26 ] C:\Program Files\AVAST Software\Avast\defs\12110800\aswScan.dll 14:29:32.0361 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aswScan.dll - ok 14:29:32.0376 3912 [ B18B7E8D7898C6814EA5C6E765C4DECC ] C:\Program Files\AVAST Software\Avast\defs\12110800\aswRep.dll 14:29:32.0376 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aswRep.dll - ok 14:29:32.0392 3912 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll 14:29:32.0392 3912 C:\Windows\System32\IconCodecService.dll - ok 14:29:32.0392 3912 [ 630BD4B02AD2B51EA281BF3B35746FD8 ] C:\Program Files\AVAST Software\Avast\defs\12110800\aswFiDb.dll 14:29:32.0392 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aswFiDb.dll - ok 14:29:32.0408 3912 [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys 14:29:32.0408 3912 C:\Windows\System32\drivers\bowser.sys - ok 14:29:32.0423 3912 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys 14:29:32.0423 3912 C:\Windows\System32\drivers\mpsdrv.sys - ok 14:29:32.0439 3912 [ 82CEA0395524AACFEB58BA1448E8325C ] C:\Windows\System32\drivers\mrxdav.sys 14:29:32.0439 3912 C:\Windows\System32\drivers\mrxdav.sys - ok 14:29:32.0439 3912 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys 14:29:32.0439 3912 C:\Windows\System32\drivers\mrxsmb.sys - ok 14:29:32.0454 3912 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys 14:29:32.0454 3912 C:\Windows\System32\drivers\mrxsmb10.sys - ok 14:29:32.0470 3912 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys 14:29:32.0470 3912 C:\Windows\System32\drivers\mrxsmb20.sys - ok 14:29:32.0470 3912 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys 14:29:32.0470 3912 C:\Windows\System32\drivers\srv2.sys - ok 14:29:32.0486 3912 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll 14:29:32.0486 3912 C:\Windows\System32\MPSSVC.dll - ok 14:29:32.0501 3912 [ C3AE3711DE53226A1F530C880F93E459 ] C:\Program Files\AVAST Software\Avast\defs\12110800\algo.dll 14:29:32.0501 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\algo.dll - ok 14:29:32.0517 3912 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys 14:29:32.0517 3912 C:\Windows\System32\drivers\srv.sys - ok 14:29:32.0517 3912 [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll 14:29:32.0517 3912 C:\Windows\System32\netmsg.dll - ok 14:29:32.0532 3912 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll 14:29:32.0532 3912 C:\Windows\System32\clusapi.dll - ok 14:29:32.0548 3912 [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll 14:29:32.0548 3912 C:\Windows\System32\sscore.dll - ok 14:29:32.0548 3912 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll 14:29:32.0548 3912 C:\Windows\System32\activeds.dll - ok 14:29:32.0564 3912 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll 14:29:32.0564 3912 C:\Windows\System32\adsldpc.dll - ok 14:29:32.0579 3912 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll 14:29:32.0579 3912 C:\Windows\System32\credui.dll - ok 14:29:32.0595 3912 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll 14:29:32.0595 3912 C:\Windows\System32\resutils.dll - ok 14:29:32.0595 3912 [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll 14:29:32.0595 3912 C:\Windows\System32\wfapigp.dll - ok 14:29:32.0610 3912 [ 5F1DEC3824E566457F53F24F493FEF08 ] C:\Windows\System32\mscms.dll 14:29:32.0610 3912 C:\Windows\System32\mscms.dll - ok 14:29:32.0626 3912 [ 2DA45E274FCDFAC2F59EF5F555556335 ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll 14:29:32.0626 3912 C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok 14:29:32.0626 3912 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll 14:29:32.0626 3912 C:\Windows\System32\TSChannel.dll - ok 14:29:32.0642 3912 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe 14:29:32.0642 3912 C:\Program Files\Google\Update\GoogleUpdate.exe - ok 14:29:32.0657 3912 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll 14:29:32.0657 3912 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok 14:29:32.0673 3912 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll 14:29:32.0673 3912 C:\Windows\System32\HotStartUserAgent.dll - ok 14:29:32.0673 3912 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll 14:29:32.0673 3912 C:\Windows\System32\PlaySndSrv.dll - ok 14:29:32.0688 3912 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll 14:29:32.0688 3912 C:\Windows\System32\TMM.dll - ok 14:29:32.0704 3912 [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll 14:29:32.0704 3912 C:\Windows\System32\MsCtfMonitor.dll - ok 14:29:32.0704 3912 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll 14:29:32.0704 3912 C:\Windows\System32\msutb.dll - ok 14:29:32.0720 3912 [ 412C0E1B515AB44F45037CD495D6A1BE ] C:\Windows\System32\igfxTMM.dll 14:29:32.0720 3912 C:\Windows\System32\igfxTMM.dll - ok 14:29:32.0735 3912 [ A9542FF2E9A82CF100E5729EC79068F0 ] C:\Windows\System32\fltLib.dll 14:29:32.0735 3912 C:\Windows\System32\fltLib.dll - ok 14:29:32.0735 3912 [ 5FA711C78FCEB7BA5F34C31ADE5707AE ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll 14:29:32.0735 3912 C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok 14:29:32.0751 3912 [ 710D1E35C7904F5B39FE46348DCF1141 ] C:\Program Files\AVAST Software\Avast\AhResJs.dll 14:29:32.0751 3912 C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok 14:29:32.0766 3912 [ 9AD0825D4E06E4059D4B60656CDEB2B5 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll 14:29:32.0766 3912 C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok 14:29:32.0782 3912 [ 5C1D7208E37719966FDC447D135EEADD ] C:\Program Files\AVAST Software\Avast\AhResMes.dll 14:29:32.0782 3912 C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok 14:29:32.0782 3912 [ 51A5228A3A5888C916F3DF20075A0873 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll 14:29:32.0782 3912 C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok 14:29:32.0798 3912 [ 0FD1252CB6091D4B2C4DA60BCAED8E7A ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll 14:29:32.0798 3912 C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok 14:29:32.0813 3912 [ BB3972C96FC1FECEECA79E81433E6BE1 ] C:\Program Files\AVAST Software\Avast\AhResStd.dll 14:29:32.0813 3912 C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok 14:29:32.0813 3912 [ 0E6BC5D5EBE89CA95D29963DE785277A ] C:\Program Files\AVAST Software\Avast\AhResWS.dll 14:29:32.0813 3912 C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok 14:29:32.0829 3912 [ 72A7C1EC4D3BF38CB115395AD721AE3C ] C:\Program Files\AVAST Software\Avast\defs\12110800\ArPot.dll 14:29:32.0829 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\ArPot.dll - ok 14:29:32.0844 3912 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL 14:29:32.0844 3912 C:\Windows\System32\QAGENT.DLL - ok 14:29:32.0860 3912 [ CFB3EEDF620E7F32464A3091BA76D5E8 ] C:\Program Files\AVAST Software\Avast\defs\12110800\exts.dll 14:29:32.0860 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\exts.dll - ok 14:29:32.0876 3912 [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL 14:29:32.0876 3912 C:\Windows\System32\QUTIL.DLL - ok 14:29:32.0876 3912 [ D03A96E15F4CD81467D686B2C7C14A15 ] C:\Program Files\AVAST Software\Avast\ashMaiSv.dll 14:29:32.0876 3912 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll - ok 14:29:32.0891 3912 [ 949099E7F5D1B29751D3408B945CCBA6 ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll 14:29:32.0891 3912 C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok 14:29:32.0907 3912 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll 14:29:32.0907 3912 C:\Windows\System32\winrnr.dll - ok 14:29:32.0907 3912 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll 14:29:32.0907 3912 C:\Windows\System32\rasadhlp.dll - ok 14:29:32.0922 3912 [ 0A990AFB9F2726323D61C8ECB8B70B17 ] C:\Windows\System32\security.dll 14:29:32.0922 3912 C:\Windows\System32\security.dll - ok 14:29:32.0938 3912 [ 02DC44E875D05ADEFF52E06612A6A15F ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll 14:29:32.0938 3912 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok 14:29:32.0938 3912 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe 14:29:32.0938 3912 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok 14:29:32.0954 3912 [ 87F664BF0B8728382D03B2126127DC98 ] C:\Program Files\AVAST Software\Avast\defs\12110800\aswAR.dll 14:29:32.0954 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aswAR.dll - ok 14:29:32.0969 3912 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll 14:29:32.0969 3912 C:\Windows\System32\mstask.dll - ok 14:29:32.0985 3912 [ 0D0FA4434A9434641AB0A6332AC5560A ] C:\Program Files\AVAST Software\Avast\defs\12110800\aswRawFS.dll 14:29:32.0985 3912 C:\Program Files\AVAST Software\Avast\defs\12110800\aswRawFS.dll - ok 14:29:32.0985 3912 [ 03CF68DDE2311640AB2723B3AAFE16D9 ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup 14:29:32.0985 3912 C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok 14:29:33.0000 3912 [ 80BD4B26E2CBC0D65445D0463DFF6FC2 ] C:\Windows\System32\oledlg.dll 14:29:33.0000 3912 C:\Windows\System32\oledlg.dll - ok 14:29:33.0016 3912 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv 14:29:33.0016 3912 C:\Windows\System32\winspool.drv - ok 14:29:33.0016 3912 [ FD647CA82ACF232DBE5F20345647B948 ] C:\Windows\AppPatch\AcGenral.dll 14:29:33.0016 3912 C:\Windows\AppPatch\AcGenral.dll - ok 14:29:33.0032 3912 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll 14:29:33.0032 3912 C:\Windows\System32\sfc.dll - ok 14:29:33.0047 3912 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll 14:29:33.0047 3912 C:\Windows\System32\sfc_os.dll - ok 14:29:33.0047 3912 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll 14:29:33.0047 3912 C:\Windows\System32\SensApi.dll - ok 14:29:33.0063 3912 [ 254AC97C9AF4DDF3F5F57855198527B7 ] C:\Windows\System32\wermgr.exe 14:29:33.0063 3912 C:\Windows\System32\wermgr.exe - ok 14:29:33.0078 3912 [ 8BE000F9A0B0FF7194AAEFB02C9BDE99 ] C:\Windows\System32\wer.dll 14:29:33.0078 3912 C:\Windows\System32\wer.dll - ok 14:29:33.0094 3912 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] C:\Program Files\SUPERAntiSpyware\SASCore.exe 14:29:33.0094 3912 C:\Program Files\SUPERAntiSpyware\SASCore.exe - ok 14:29:33.0094 3912 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] C:\Windows\System32\agrsmsvc.exe 14:29:33.0094 3912 C:\Windows\System32\agrsmsvc.exe - ok 14:29:33.0110 3912 [ BF899F57858B8C6F162D9EEB2370641C ] C:\Windows\System32\wercon.exe 14:29:33.0110 3912 C:\Windows\System32\wercon.exe - ok 14:29:33.0125 3912 [ 3845B6555DE995F6C0C07AE2ABCC0532 ] C:\Acer\ALaunch\ALaunchSvc.exe 14:29:33.0125 3912 C:\Acer\ALaunch\ALaunchSvc.exe - ok 14:29:33.0141 3912 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll 14:29:33.0141 3912 C:\Windows\System32\mscoree.dll - ok 14:29:33.0141 3912 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll 14:29:33.0141 3912 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok 14:29:33.0156 3912 [ 1D109ED0D660654EA7FF1574558031C4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll 14:29:33.0156 3912 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll - ok 14:29:33.0172 3912 [ D6804F089CBB6749E95124E7C4D80900 ] C:\Windows\AppPatch\AcLayers.dll 14:29:33.0172 3912 C:\Windows\AppPatch\AcLayers.dll - ok 14:29:33.0188 3912 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll 14:29:33.0188 3912 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok 14:29:33.0188 3912 [ C42AE64F5DB6BC5E947B7E3E1B1E633E ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 14:29:33.0188 3912 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok 14:29:33.0203 3912 [ 015A9D857726C083144CA352A273378A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll 14:29:33.0203 3912 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll - ok 14:29:33.0219 3912 [ 3787A4BC97CE6C630F4B581425223D96 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll 14:29:33.0219 3912 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok 14:29:33.0219 3912 [ 1E03BABB4D6CA5C27BD2C822F7F95788 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll 14:29:33.0219 3912 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll - ok 14:29:33.0234 3912 [ 708A3BBDBFF717F678B64854B7BAF9D3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll 14:29:33.0234 3912 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll - ok 14:29:33.0250 3912 [ 2A85D608A484DFE7EAC7B9CAE089BF73 ] C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe 14:29:33.0250 3912 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe - ok 14:29:33.0266 3912 [ 5CAD3395A4720BF735836D125297229A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll 14:29:33.0266 3912 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll - ok 14:29:33.0266 3912 [ 48F25FC1B2796CDA2AEEFFE560666055 ] C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe 14:29:33.0266 3912 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe - ok 14:29:33.0281 3912 [ 4E39A623E762CB08AD0308F2A1858086 ] C:\Acer\ALaunch\alaunchinterface.dll 14:29:33.0281 3912 C:\Acer\ALaunch\alaunchinterface.dll - ok 14:29:33.0297 3912 [ 9F75DFCAFFACCD99F9854FAB0AA1BC7F ] C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll 14:29:33.0297 3912 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll - ok 14:29:33.0312 3912 [ 2310A32BB0164552A311BFA02102A3D6 ] C:\Windows\System32\msvcp60.dll 14:29:33.0312 3912 C:\Windows\System32\msvcp60.dll - ok 14:29:33.0312 3912 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll 14:29:33.0312 3912 C:\Windows\System32\vssapi.dll - ok 14:29:33.0328 3912 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll 14:29:33.0328 3912 C:\Windows\System32\vsstrace.dll - ok 14:29:33.0344 3912 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe 14:29:33.0344 3912 C:\Program Files\Windows Calendar\WinCal.exe - ok 14:29:33.0344 3912 [ EF24642D5FB52A1EEF56DE9E47CBB993 ] C:\Windows\System32\mfc42.dll 14:29:33.0344 3912 C:\Windows\System32\mfc42.dll - ok 14:29:33.0359 3912 [ 862363973DCBCC31DD161EF41A69153C ] C:\Windows\System32\odbc32.dll 14:29:33.0359 3912 C:\Windows\System32\odbc32.dll - ok 14:29:33.0375 3912 [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\Windows\System32\cryptnet.dll 14:29:33.0375 3912 C:\Windows\System32\cryptnet.dll - ok 14:29:33.0375 3912 [ 50ABE7CDA2DAE898216121D14092C182 ] C:\Windows\System32\WMVCORE.DLL 14:29:33.0375 3912 C:\Windows\System32\WMVCORE.DLL - ok 14:29:33.0390 3912 [ 0DAAF8032546D1B4543D7B101B53FD6C ] C:\Windows\System32\odbcint.dll 14:29:33.0390 3912 C:\Windows\System32\odbcint.dll - ok 14:29:33.0406 3912 [ 36CCD8A79539C4ACE3BABE09C2CFBA16 ] C:\Windows\System32\WMASF.DLL 14:29:33.0406 3912 C:\Windows\System32\WMASF.DLL - ok 14:29:33.0422 3912 [ D86F329C63BDE78751B2F7EF352EB222 ] C:\Program Files\Acer\Acer Arcade\Kernel\TV\PCMRRec4.dll 14:29:33.0422 3912 C:\Program Files\Acer\Acer Arcade\Kernel\TV\PCMRRec4.dll - ok 14:29:33.0437 3912 [ F54907AA07F60AFF81E1E09E97AF98B0 ] C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 14:29:33.0437 3912 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe - ok 14:29:33.0437 3912 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\System32\shfolder.dll 14:29:33.0437 3912 C:\Windows\System32\shfolder.dll - ok 14:29:33.0453 3912 [ 6950BBCEB21F9C3CB3B52E90960109C3 ] C:\Windows\System32\devenum.dll 14:29:33.0453 3912 C:\Windows\System32\devenum.dll - ok 14:29:33.0468 3912 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll 14:29:33.0468 3912 C:\Windows\System32\taskschd.dll - ok 14:29:33.0468 3912 [ 928C90E02E05244D2290C1551DF732C8 ] C:\Windows\System32\avicap32.dll 14:29:33.0468 3912 C:\Windows\System32\avicap32.dll - ok 14:29:33.0484 3912 [ B8AEFF80ABD57E6ABC6A46EAC7F4515F ] C:\Windows\System32\msdmo.dll 14:29:33.0484 3912 C:\Windows\System32\msdmo.dll - ok 14:29:33.0500 3912 [ 36B091CB0B6FDBE01DF37425014B2BB2 ] C:\Windows\System32\PSDUtil.dll 14:29:33.0500 3912 C:\Windows\System32\PSDUtil.dll - ok 14:29:33.0500 3912 [ EACACA0F2FF4CC54A909E3C5721FCDE8 ] C:\Windows\System32\msvfw32.dll 14:29:33.0500 3912 C:\Windows\System32\msvfw32.dll - ok 14:29:33.0515 3912 [ DF53B8BD2C2D86E8CFEB4BB488B5EA37 ] C:\Windows\System32\CryptoAPI.dll 14:29:33.0515 3912 C:\Windows\System32\CryptoAPI.dll - ok 14:29:33.0531 3912 [ 2FB1494C450FB7B0C350492ACC24607D ] C:\Windows\System32\sysenv.dll 14:29:33.0531 3912 C:\Windows\System32\sysenv.dll - ok 14:29:33.0531 3912 [ FB5383BFD4DEC6792AAEF76C9343ECFF ] C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 14:29:33.0531 3912 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe - ok 14:29:33.0546 3912 [ 741FF64FC61769C18B949E86FD96CD82 ] C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Main.dll 14:29:33.0546 3912 C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Main.dll - ok 14:29:33.0562 3912 [ 503A72D3B29427A80C610C92163830E7 ] C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Interface.dll 14:29:33.0562 3912 C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Interface.dll - ok 14:29:33.0578 3912 [ 9C37157E995C4F14112B437FBC445B88 ] C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Library.dll 14:29:33.0578 3912 C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Library.dll - ok 14:29:33.0593 3912 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll 14:29:33.0593 3912 C:\Windows\System32\wdscore.dll - ok 14:29:33.0609 3912 [ 9316C26F089CF2CEA2BD1496AC9F38A4 ] C:\Acer\Empowering Technology\eNet\eNet Service.exe 14:29:33.0609 3912 C:\Acer\Empowering Technology\eNet\eNet Service.exe - ok 14:29:33.0609 3912 [ 7ADD03E75BEB9E6DD102C3081D29840A ] C:\Windows\System32\drivers\cdfs.sys 14:29:33.0609 3912 C:\Windows\System32\drivers\cdfs.sys - ok 14:29:33.0624 3912 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll 14:29:33.0624 3912 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok 14:29:33.0640 3912 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll 14:29:33.0640 3912 C:\Windows\System32\msxml3.dll - ok 14:29:33.0640 3912 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] C:\Acer\Empowering Technology\eRecovery\int15.sys 14:29:33.0640 3912 C:\Acer\Empowering Technology\eRecovery\int15.sys - ok 14:29:33.0656 3912 [ 84E951281677788DB8FD9D0A669A8E0F ] C:\Acer\Empowering Technology\eNet\eNetServiceInterface.dll 14:29:33.0656 3912 C:\Acer\Empowering Technology\eNet\eNetServiceInterface.dll - ok 14:29:33.0671 3912 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll 14:29:33.0671 3912 C:\Windows\System32\WSDApi.dll - ok 14:29:33.0687 3912 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll 14:29:33.0687 3912 C:\Windows\System32\cfgmgr32.dll - ok 14:29:33.0687 3912 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll 14:29:33.0687 3912 C:\Windows\System32\fundisc.dll - ok 14:29:33.0702 3912 [ D9011D2091C6B037A5075C27A470188C ] C:\Windows\System32\httpapi.dll 14:29:33.0702 3912 C:\Windows\System32\httpapi.dll - ok 14:29:33.0718 3912 [ 21F3375B9EBC457AE0053755D21FA547 ] C:\Windows\System32\tzres.dll 14:29:33.0718 3912 C:\Windows\System32\tzres.dll - ok 14:29:33.0718 3912 [ 793FF718477345CD5D232C50BED1E452 ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe 14:29:33.0718 3912 C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok 14:29:33.0734 3912 [ D7EB32B51B7472FBEE86BFA47B3C4BC5 ] C:\Program Files\Common Files\LightScribe\LSSProxy.dll 14:29:33.0734 3912 C:\Program Files\Common Files\LightScribe\LSSProxy.dll - ok 14:29:33.0749 3912 [ 0EE266A90D43E82A07CF33755D6DE1CC ] C:\Program Files\Common Files\LightScribe\LSLog.dll 14:29:33.0749 3912 C:\Program Files\Common Files\LightScribe\LSLog.dll - ok 14:29:33.0765 3912 [ E6CB119EF2E148EAA1A247343550756E ] C:\Program Files\Common Files\Motive\McciCMService.exe 14:29:33.0765 3912 C:\Program Files\Common Files\Motive\McciCMService.exe - ok 14:29:33.0765 3912 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\Windows\System32\drivers\mdmxsdk.sys 14:29:33.0765 3912 C:\Windows\System32\drivers\mdmxsdk.sys - ok 14:29:33.0780 3912 [ 842684E0DF20A59E293DA1C6F0DFE261 ] C:\Acer\Mobility Center\MobilityService.exe 14:29:33.0780 3912 C:\Acer\Mobility Center\MobilityService.exe - ok 14:29:33.0796 3912 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll 14:29:33.0796 3912 C:\Windows\System32\ncsi.dll - ok 14:29:33.0796 3912 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys 14:29:33.0796 3912 C:\Windows\System32\drivers\PEAuth.sys - ok 14:29:33.0812 3912 [ 8B1168B99469417B1DAF34ED733BE4CA ] C:\Acer\Mobility Center\CompileMOF.exe 14:29:33.0812 3912 C:\Acer\Mobility Center\CompileMOF.exe - ok 14:29:33.0827 3912 [ 30A8C2FBE6A8585A4A7151EDF1F61F79 ] C:\Acer\Mobility Center\MobilityInterface.dll 14:29:33.0827 3912 C:\Acer\Mobility Center\MobilityInterface.dll - ok 14:29:33.0843 3912 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll 14:29:33.0843 3912 C:\Windows\System32\ssdpapi.dll - ok 14:29:33.0843 3912 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys 14:29:33.0843 3912 C:\Windows\System32\drivers\secdrv.sys - ok 14:29:33.0858 3912 [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL 14:29:33.0858 3912 C:\Windows\System32\IPSECSVC.DLL - ok 14:29:33.0874 3912 [ 608C345A255D82A6289C2D468EB41FD7 ] C:\Windows\System32\drivers\tcpipreg.sys 14:29:33.0874 3912 C:\Windows\System32\drivers\tcpipreg.sys - ok 14:29:33.0890 3912 [ DF6196C462DB303990460379850CD19D ] C:\Acer\Mobility Center\msvcr80d.dll 14:29:33.0890 3912 C:\Acer\Mobility Center\msvcr80d.dll - ok 14:29:33.0890 3912 [ E91A1B50D762A66A3C37449CFA5E4420 ] C:\Acer\Mobility Center\msvcm80d.dll 14:29:33.0890 3912 C:\Acer\Mobility Center\msvcm80d.dll - ok 14:29:33.0905 3912 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll 14:29:33.0905 3912 C:\Windows\System32\wbemcomn.dll - ok 14:29:33.0921 3912 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll 14:29:33.0921 3912 C:\Windows\System32\wbem\WinMgmtR.dll - ok 14:29:33.0936 3912 [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll 14:29:33.0936 3912 C:\Windows\System32\PortableDeviceApi.dll - ok 14:29:33.0936 3912 [ DEB9D08750423069647C3A066CEC7A1B ] C:\Windows\System32\tquery.dll 14:29:33.0936 3912 C:\Windows\System32\tquery.dll - ok 14:29:33.0952 3912 [ B53BD9E63867CD9FD853F666CA172713 ] C:\Windows\System32\PortableDeviceConnectApi.dll 14:29:33.0952 3912 C:\Windows\System32\PortableDeviceConnectApi.dll - ok 14:29:33.0968 3912 [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll 14:29:33.0968 3912 C:\Windows\System32\icaapi.dll - ok 14:29:33.0968 3912 [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll 14:29:33.0968 3912 C:\Windows\System32\wiatrace.dll - ok 14:29:33.0983 3912 [ 13B5F255E90624A5BA0441D39CFB6BE2 ] C:\Windows\System32\drivers\WUDFPf.sys 14:29:33.0983 3912 C:\Windows\System32\drivers\WUDFPf.sys - ok 14:29:33.0999 3912 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] C:\Windows\System32\drivers\WUDFRd.sys 14:29:33.0999 3912 C:\Windows\System32\drivers\WUDFRd.sys - ok 14:29:33.0999 3912 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll 14:29:33.0999 3912 C:\Windows\System32\FwRemoteSvr.dll - ok 14:29:34.0014 3912 [ 09C7859269563C240AB2AAAB574483DD ] C:\Windows\System32\WUDFHost.exe 14:29:34.0014 3912 C:\Windows\System32\WUDFHost.exe - ok
  14. Tumbleweed88
    I had to split this file in half because this site wouldn't let me post the whole thing........... 14:26:32.0262 3996 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 14:26:33.0104 3996 ============================================================ 14:26:33.0104 3996 Current date / time: 2012/11/08 14:26:33.0104 14:26:33.0104 3996 SystemInfo: 14:26:33.0104 3996 14:26:33.0104 3996 OS Version: 6.0.6002 ServicePack: 2.0 14:26:33.0104 3996 Product type: Workstation 14:26:33.0104 3996 ComputerName: HOME-PC 14:26:33.0104 3996 UserName: Kenneth 14:26:33.0104 3996 Windows directory: C:\Windows 14:26:33.0104 3996 System windows directory: C:\Windows 14:26:33.0104 3996 Processor architecture: Intel x86 14:26:33.0104 3996 Number of processors: 1 14:26:33.0104 3996 Page size: 0x1000 14:26:33.0104 3996 Boot type: Normal boot 14:26:33.0104 3996 ============================================================ 14:26:34.0539 3996 BG loaded 14:26:35.0272 3996 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:26:35.0304 3996 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:26:35.0304 3996 ============================================================ 14:26:35.0304 3996 \Device\Harddisk0\DR0: 14:26:35.0304 3996 MBR partitions: 14:26:35.0304 3996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x4107000 14:26:35.0304 3996 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x548C000, BlocksNum 0x4083000 14:26:35.0304 3996 \Device\Harddisk1\DR1: 14:26:35.0304 3996 MBR partitions: 14:26:35.0304 3996 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0 14:26:35.0304 3996 ============================================================ 14:26:35.0366 3996 C: <-> \Device\Harddisk0\DR0\Partition1 14:26:35.0522 3996 D: <-> \Device\Harddisk0\DR0\Partition2 14:26:35.0522 3996 ============================================================ 14:26:35.0522 3996 Initialize success 14:26:35.0522 3996 ============================================================ 14:28:44.0157 3912 ============================================================ 14:28:44.0157 3912 Scan started 14:28:44.0157 3912 Mode: Manual; SigCheck; TDLFS; 14:28:44.0157 3912 ============================================================ 14:28:45.0467 3912 ================ Scan system memory ======================== 14:28:45.0467 3912 System memory - ok 14:28:45.0467 3912 ================ Scan services ============================= 14:28:45.0576 3912 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 14:28:45.0732 3912 !SASCORE - ok 14:28:45.0982 3912 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:28:46.0029 3912 ACPI - ok 14:28:46.0138 3912 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:28:46.0154 3912 AdobeFlashPlayerUpdateSvc - ok 14:28:46.0200 3912 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:28:46.0294 3912 adp94xx - ok 14:28:46.0341 3912 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:28:46.0388 3912 adpahci - ok 14:28:46.0419 3912 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:28:46.0434 3912 adpu160m - ok 14:28:46.0466 3912 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:28:46.0512 3912 adpu320 - ok 14:28:46.0544 3912 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:28:46.0715 3912 AeLookupSvc - ok 14:28:46.0778 3912 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 14:28:46.0840 3912 AFD - ok 14:28:46.0871 3912 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe 14:28:46.0934 3912 AgereModemAudio - ok 14:28:46.0996 3912 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 14:28:47.0152 3912 AgereSoftModem - ok 14:28:47.0168 3912 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:28:47.0199 3912 agp440 - ok 14:28:47.0230 3912 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:28:47.0246 3912 aic78xx - ok 14:28:47.0324 3912 [ 3845B6555DE995F6C0C07AE2ABCC0532 ] ALaunchService C:\Acer\ALaunch\ALaunchSvc.exe 14:28:47.0355 3912 ALaunchService ( UnsignedFile.Multi.Generic ) - warning 14:28:47.0355 3912 ALaunchService - detected UnsignedFile.Multi.Generic (1) 14:28:47.0402 3912 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 14:28:47.0558 3912 ALG - ok 14:28:47.0573 3912 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 14:28:47.0589 3912 aliide - ok 14:28:47.0620 3912 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 14:28:47.0636 3912 amdagp - ok 14:28:47.0651 3912 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 14:28:47.0667 3912 amdide - ok 14:28:47.0682 3912 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 14:28:47.0745 3912 AmdK7 - ok 14:28:47.0776 3912 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:28:47.0838 3912 AmdK8 - ok 14:28:47.0885 3912 [ DB8EA68E5864ADF61B73516788659E71 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 14:28:47.0932 3912 ApfiltrService - ok 14:28:47.0979 3912 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 14:28:48.0026 3912 Appinfo - ok 14:28:48.0057 3912 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 14:28:48.0088 3912 arc - ok 14:28:48.0088 3912 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:28:48.0104 3912 arcsas - ok 14:28:48.0150 3912 [ 0AE43C6C411254049279C2EE55630F95 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 14:28:48.0166 3912 aswFsBlk - ok 14:28:48.0228 3912 [ 6693141560B1615D8DCCF0D8EB00087E ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 14:28:48.0244 3912 aswMonFlt - ok 14:28:48.0291 3912 [ DA12626FD9A67F4E917E2F2FBE1E1764 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys 14:28:48.0322 3912 aswRdr - ok 14:28:48.0369 3912 [ DCB199B967375753B5019EC15F008F53 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 14:28:48.0447 3912 aswSnx - ok 14:28:48.0494 3912 [ B32873E5A1443C0A1E322266E203BF10 ] aswSP C:\Windows\system32\drivers\aswSP.sys 14:28:48.0556 3912 aswSP - ok 14:28:48.0618 3912 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 14:28:48.0634 3912 aswTdi - ok 14:28:48.0665 3912 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:28:48.0696 3912 AsyncMac - ok 14:28:48.0743 3912 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 14:28:48.0759 3912 atapi - ok 14:28:48.0821 3912 [ B0C272DEF210B149C0BFA0D85600CE4B ] athr C:\Windows\system32\DRIVERS\athr.sys 14:28:48.0899 3912 athr - ok 14:28:48.0946 3912 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:28:49.0008 3912 AudioEndpointBuilder - ok 14:28:49.0024 3912 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 14:28:49.0055 3912 Audiosrv - ok 14:28:49.0102 3912 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 14:28:49.0118 3912 avast! Antivirus - ok 14:28:49.0149 3912 [ C7EA0E3E37FF1CD2BB65636448322572 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 14:28:49.0211 3912 b57nd60x - ok 14:28:49.0242 3912 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 14:28:49.0305 3912 Beep - ok 14:28:49.0398 3912 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 14:28:49.0476 3912 BFE - ok 14:28:49.0539 3912 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 14:28:49.0632 3912 BITS - ok 14:28:49.0648 3912 blbdrive - ok 14:28:49.0710 3912 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:28:49.0742 3912 bowser - ok 14:28:49.0788 3912 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:28:49.0820 3912 BrFiltLo - ok 14:28:49.0851 3912 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:28:49.0882 3912 BrFiltUp - ok 14:28:49.0929 3912 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 14:28:49.0976 3912 Browser - ok 14:28:50.0007 3912 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 14:28:50.0069 3912 Brserid - ok 14:28:50.0116 3912 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:28:50.0178 3912 BrSerWdm - ok 14:28:50.0210 3912 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:28:50.0272 3912 BrUsbMdm - ok 14:28:50.0319 3912 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:28:50.0381 3912 BrUsbSer - ok 14:28:50.0397 3912 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:28:50.0444 3912 BTHMODEM - ok 14:28:50.0553 3912 catchme - ok 14:28:50.0584 3912 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:28:50.0646 3912 cdfs - ok 14:28:50.0678 3912 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:28:50.0724 3912 cdrom - ok 14:28:50.0771 3912 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 14:28:50.0818 3912 CertPropSvc - ok 14:28:50.0865 3912 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 14:28:50.0927 3912 circlass - ok 14:28:51.0036 3912 [ 2A85D608A484DFE7EAC7B9CAE089BF73 ] CLCapSvc C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe 14:28:51.0068 3912 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning 14:28:51.0068 3912 CLCapSvc - detected UnsignedFile.Multi.Generic (1) 14:28:51.0114 3912 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 14:28:51.0146 3912 CLFS - ok 14:28:51.0224 3912 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:28:51.0239 3912 clr_optimization_v2.0.50727_32 - ok 14:28:51.0364 3912 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:28:51.0380 3912 clr_optimization_v4.0.30319_32 - ok 14:28:51.0426 3912 [ 746724540BD4B618B89F8A614A02F50D ] CLSched C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe 14:28:51.0442 3912 CLSched ( UnsignedFile.Multi.Generic ) - warning 14:28:51.0442 3912 CLSched - detected UnsignedFile.Multi.Generic (1) 14:28:51.0489 3912 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:28:51.0520 3912 CmBatt - ok 14:28:51.0551 3912 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:28:51.0567 3912 cmdide - ok 14:28:51.0614 3912 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:28:51.0629 3912 Compbatt - ok 14:28:51.0645 3912 COMSysApp - ok 14:28:51.0660 3912 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:28:51.0676 3912 crcdisk - ok 14:28:51.0707 3912 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 14:28:51.0785 3912 Crusoe - ok 14:28:51.0816 3912 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:28:51.0863 3912 CryptSvc - ok 14:28:51.0957 3912 [ 48F25FC1B2796CDA2AEEFFE560666055 ] CyberLink Media Library Service C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe 14:28:52.0144 3912 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning 14:28:52.0144 3912 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1) 14:28:52.0222 3912 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:28:52.0300 3912 DcomLaunch - ok 14:28:52.0362 3912 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:28:52.0394 3912 DfsC - ok 14:28:52.0487 3912 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 14:28:53.0018 3912 DFSR - ok 14:28:53.0080 3912 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:28:53.0158 3912 Dhcp - ok 14:28:53.0205 3912 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 14:28:53.0220 3912 disk - ok 14:28:53.0267 3912 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 14:28:53.0283 3912 DKbFltr - ok 14:28:53.0330 3912 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:28:53.0423 3912 Dnscache - ok 14:28:53.0517 3912 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:28:53.0564 3912 dot3svc - ok 14:28:53.0626 3912 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 14:28:53.0673 3912 Dot4 - ok 14:28:53.0720 3912 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 14:28:53.0766 3912 dot4usb - ok 14:28:53.0829 3912 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 14:28:53.0907 3912 DPS - ok 14:28:53.0954 3912 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys 14:28:53.0954 3912 DritekPortIO - ok 14:28:54.0000 3912 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:28:54.0032 3912 drmkaud - ok 14:28:54.0156 3912 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:28:54.0234 3912 DXGKrnl - ok 14:28:54.0281 3912 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 14:28:54.0375 3912 E1G60 - ok 14:28:54.0437 3912 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 14:28:54.0453 3912 EapHost - ok 14:28:54.0515 3912 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 14:28:54.0546 3912 Ecache - ok 14:28:54.0609 3912 [ F54907AA07F60AFF81E1E09E97AF98B0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 14:28:54.0656 3912 eDataSecurity Service - ok 14:28:54.0702 3912 [ FB5383BFD4DEC6792AAEF76C9343ECFF ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 14:28:54.0718 3912 eLockService ( UnsignedFile.Multi.Generic ) - warning 14:28:54.0718 3912 eLockService - detected UnsignedFile.Multi.Generic (1) 14:28:54.0749 3912 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:28:54.0780 3912 elxstor - ok 14:28:54.0858 3912 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:28:54.0936 3912 EMDMgmt - ok 14:28:54.0983 3912 [ 9316C26F089CF2CEA2BD1496AC9F38A4 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe 14:28:55.0014 3912 eNet Service ( UnsignedFile.Multi.Generic ) - warning 14:28:55.0014 3912 eNet Service - detected UnsignedFile.Multi.Generic (1) 14:28:55.0077 3912 [ 3D184410EF5EE017E186AC96181B3FF8 ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 14:28:55.0092 3912 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning 14:28:55.0092 3912 eRecoveryService - detected UnsignedFile.Multi.Generic (1) 14:28:55.0155 3912 [ DCA768724878D1177034691517EF9B91 ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 14:28:55.0170 3912 eSettingsService ( UnsignedFile.Multi.Generic ) - warning 14:28:55.0170 3912 eSettingsService - detected UnsignedFile.Multi.Generic (1) 14:28:55.0233 3912 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 14:28:55.0326 3912 EventSystem - ok 14:28:55.0373 3912 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 14:28:55.0451 3912 exfat - ok 14:28:55.0498 3912 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:28:55.0529 3912 fastfat - ok 14:28:55.0576 3912 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:28:55.0670 3912 fdc - ok 14:28:55.0701 3912 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 14:28:55.0748 3912 fdPHost - ok 14:28:55.0779 3912 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 14:28:55.0826 3912 FDResPub - ok 14:28:55.0872 3912 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:28:55.0888 3912 FileInfo - ok 14:28:55.0919 3912 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:28:55.0982 3912 Filetrace - ok 14:28:56.0013 3912 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:28:56.0075 3912 flpydisk - ok 14:28:56.0138 3912 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:28:56.0153 3912 FltMgr - ok 14:28:56.0231 3912 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 14:28:56.0340 3912 FontCache - ok 14:28:56.0434 3912 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:28:56.0450 3912 FontCache3.0.0.0 - ok 14:28:56.0496 3912 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:28:56.0528 3912 Fs_Rec - ok 14:28:56.0574 3912 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:28:56.0590 3912 gagp30kx - ok 14:28:56.0668 3912 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 14:28:56.0793 3912 gpsvc - ok 14:28:56.0886 3912 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 14:28:56.0902 3912 gupdate - ok 14:28:56.0918 3912 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 14:28:56.0933 3912 gupdatem - ok 14:28:56.0964 3912 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:28:57.0042 3912 HdAudAddService - ok 14:28:57.0105 3912 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:28:57.0167 3912 HDAudBus - ok 14:28:57.0198 3912 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:28:57.0261 3912 HidBth - ok 14:28:57.0292 3912 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 14:28:57.0370 3912 HidIr - ok 14:28:57.0432 3912 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 14:28:57.0495 3912 hidserv - ok 14:28:57.0510 3912 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:28:57.0542 3912 HidUsb - ok 14:28:57.0588 3912 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:28:57.0635 3912 hkmsvc - ok 14:28:57.0666 3912 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:28:57.0682 3912 HpCISSs - ok 14:28:57.0729 3912 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 14:28:57.0791 3912 HSFHWAZL - ok 14:28:57.0822 3912 [ 3F53B4AF98F8FD83B7F0B8B65D2D90A7 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 14:28:57.0963 3912 HSF_DPV - ok 14:28:57.0994 3912 [ 194BC52FC0F53E540FAF9DE8A9C05255 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 14:28:58.0041 3912 HSXHWAZL - ok 14:28:58.0088 3912 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:28:58.0197 3912 HTTP - ok 14:28:58.0228 3912 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:28:58.0244 3912 i2omp - ok 14:28:58.0290 3912 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:28:58.0337 3912 i8042prt - ok 14:28:58.0384 3912 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:28:58.0415 3912 iaStorV - ok 14:28:58.0493 3912 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:28:58.0556 3912 idsvc - ok 14:28:58.0649 3912 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 14:28:58.0836 3912 igfx - ok 14:28:58.0883 3912 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:28:58.0899 3912 iirsp - ok 14:28:58.0961 3912 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 14:28:59.0039 3912 IKEEXT - ok 14:28:59.0070 3912 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys 14:28:59.0086 3912 int15 - ok 14:28:59.0164 3912 [ 90A10B39896040B3154613C11C932AEB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 14:28:59.0367 3912 IntcAzAudAddService - ok 14:28:59.0414 3912 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys 14:28:59.0429 3912 intelide - ok 14:28:59.0492 3912 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:28:59.0554 3912 intelppm - ok 14:28:59.0601 3912 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:28:59.0632 3912 IPBusEnum - ok 14:28:59.0679 3912 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:28:59.0710 3912 IpFilterDriver - ok 14:28:59.0772 3912 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:28:59.0850 3912 iphlpsvc - ok 14:28:59.0866 3912 IpInIp - ok 14:28:59.0897 3912 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:28:59.0975 3912 IPMIDRV - ok 14:29:00.0022 3912 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:29:00.0053 3912 IPNAT - ok 14:29:00.0100 3912 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:29:00.0147 3912 IRENUM - ok 14:29:00.0178 3912 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:29:00.0194 3912 isapnp - ok 14:29:00.0240 3912 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:29:00.0256 3912 iScsiPrt - ok 14:29:00.0287 3912 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:29:00.0303 3912 iteatapi - ok 14:29:00.0318 3912 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:29:00.0334 3912 iteraid - ok 14:29:00.0381 3912 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:29:00.0396 3912 kbdclass - ok 14:29:00.0459 3912 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 14:29:00.0521 3912 kbdhid - ok 14:29:00.0568 3912 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 14:29:00.0615 3912 KeyIso - ok 14:29:00.0693 3912 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:29:00.0724 3912 KSecDD - ok 14:29:00.0786 3912 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 14:29:00.0864 3912 KtmRm - ok 14:29:00.0896 3912 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 14:29:00.0942 3912 LanmanServer - ok 14:29:00.0989 3912 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:29:01.0036 3912 LanmanWorkstation - ok 14:29:01.0114 3912 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 14:29:01.0130 3912 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 14:29:01.0130 3912 LightScribeService - detected UnsignedFile.Multi.Generic (1) 14:29:01.0176 3912 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:29:01.0223 3912 lltdio - ok 14:29:01.0270 3912 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:29:01.0317 3912 lltdsvc - ok 14:29:01.0364 3912 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:29:01.0442 3912 lmhosts - ok 14:29:01.0488 3912 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:29:01.0504 3912 LSI_FC - ok 14:29:01.0535 3912 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:29:01.0551 3912 LSI_SAS - ok 14:29:01.0582 3912 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:29:01.0598 3912 LSI_SCSI - ok 14:29:01.0629 3912 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 14:29:01.0691 3912 luafv - ok 14:29:01.0754 3912 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys 14:29:01.0769 3912 MBAMSwissArmy - ok 14:29:01.0832 3912 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe 14:29:01.0863 3912 McciCMService ( UnsignedFile.Multi.Generic ) - warning 14:29:01.0863 3912 McciCMService - detected UnsignedFile.Multi.Generic (1) 14:29:01.0910 3912 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 14:29:01.0941 3912 mdmxsdk - ok 14:29:01.0956 3912 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 14:29:01.0972 3912 megasas - ok 14:29:02.0019 3912 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 14:29:02.0066 3912 MMCSS - ok 14:29:02.0112 3912 MobilityService - ok 14:29:02.0159 3912 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 14:29:02.0190 3912 Modem - ok 14:29:02.0237 3912 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:29:02.0284 3912 monitor - ok 14:29:02.0315 3912 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:29:02.0331 3912 mouclass - ok 14:29:02.0362 3912 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:29:02.0409 3912 mouhid - ok 14:29:02.0440 3912 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:29:02.0456 3912 MountMgr - ok 14:29:02.0502 3912 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 14:29:02.0518 3912 mpio - ok 14:29:02.0565 3912 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:29:02.0596 3912 mpsdrv - ok 14:29:02.0674 3912 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 14:29:02.0752 3912 MpsSvc - ok 14:29:02.0783 3912 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:29:02.0799 3912 Mraid35x - ok 14:29:02.0846 3912 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 14:29:02.0861 3912 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 14:29:02.0861 3912 MREMP50 - detected UnsignedFile.Multi.Generic (1) 14:29:02.0877 3912 MREMPR5 - ok 14:29:02.0892 3912 MRENDIS5 - ok 14:29:02.0908 3912 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 14:29:02.0939 3912 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 14:29:02.0939 3912 MRESP50 - detected UnsignedFile.Multi.Generic (1) 14:29:02.0986 3912 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:29:03.0017 3912 MRxDAV - ok 14:29:03.0048 3912 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:29:03.0095 3912 mrxsmb - ok 14:29:03.0126 3912 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:29:03.0173 3912 mrxsmb10 - ok 14:29:03.0204 3912 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:29:03.0236 3912 mrxsmb20 - ok 14:29:03.0267 3912 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys 14:29:03.0298 3912 msahci - ok 14:29:03.0329 3912 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:29:03.0345 3912 msdsm - ok 14:29:03.0392 3912 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 14:29:03.0438 3912 MSDTC - ok 14:29:03.0485 3912 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:29:03.0516 3912 Msfs - ok 14:29:03.0548 3912 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:29:03.0563 3912 msisadrv - ok 14:29:03.0594 3912 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:29:03.0657 3912 MSiSCSI - ok 14:29:03.0657 3912 msiserver - ok 14:29:03.0704 3912 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:29:03.0735 3912 MSKSSRV - ok 14:29:03.0766 3912 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:29:03.0813 3912 MSPCLOCK - ok 14:29:03.0828 3912 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:29:03.0875 3912 MSPQM - ok 14:29:03.0922 3912 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:29:03.0953 3912 MsRPC - ok 14:29:04.0000 3912 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:29:04.0016 3912 mssmbios - ok 14:29:04.0047 3912 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:29:04.0094 3912 MSTEE - ok 14:29:04.0125 3912 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 14:29:04.0140 3912 Mup - ok 14:29:04.0203 3912 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 14:29:04.0265 3912 napagent - ok 14:29:04.0312 3912 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:29:04.0359 3912 NativeWifiP - ok 14:29:04.0421 3912 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:29:04.0484 3912 NDIS - ok 14:29:04.0515 3912 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:29:04.0562 3912 NdisTapi - ok 14:29:04.0593 3912 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:29:04.0640 3912 Ndisuio - ok 14:29:04.0686 3912 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:29:04.0733 3912 NdisWan - ok 14:29:04.0780 3912 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:29:04.0827 3912 NDProxy - ok 14:29:04.0858 3912 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:29:04.0905 3912 NetBIOS - ok 14:29:04.0952 3912 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:29:04.0983 3912 netbt - ok 14:29:05.0014 3912 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 14:29:05.0030 3912 Netlogon - ok 14:29:05.0092 3912 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 14:29:05.0139 3912 Netman - ok 14:29:05.0186 3912 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 14:29:05.0248 3912 netprofm - ok 14:29:05.0295 3912 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:29:05.0310 3912 NetTcpPortSharing - ok 14:29:05.0357 3912 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:29:05.0373 3912 nfrd960 - ok 14:29:05.0420 3912 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:29:05.0466 3912 NlaSvc - ok 14:29:05.0513 3912 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:29:05.0560 3912 Npfs - ok 14:29:05.0591 3912 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 14:29:05.0638 3912 nsi - ok 14:29:05.0685 3912 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:29:05.0732 3912 nsiproxy - ok 14:29:05.0825 3912 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:29:06.0075 3912 Ntfs - ok 14:29:06.0106 3912 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 14:29:06.0122 3912 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning 14:29:06.0122 3912 NTIDrvr - detected UnsignedFile.Multi.Generic (1) 14:29:06.0153 3912 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 14:29:06.0231 3912 ntrigdigi - ok 14:29:06.0262 3912 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 14:29:06.0309 3912 Null - ok 14:29:06.0340 3912 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:29:06.0356 3912 nvraid - ok 14:29:06.0387 3912 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:29:06.0402 3912 nvstor - ok 14:29:06.0449 3912 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:29:06.0465 3912 nv_agp - ok 14:29:06.0480 3912 NwlnkFlt - ok 14:29:06.0543 3912 NwlnkFwd - ok 14:29:06.0605 3912 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:29:06.0636 3912 odserv - ok 14:29:06.0668 3912 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:29:06.0730 3912 ohci1394 - ok 14:29:06.0777 3912 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:29:06.0792 3912 ose - ok 14:29:06.0855 3912 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:29:06.0948 3912 p2pimsvc - ok 14:29:06.0980 3912 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 14:29:07.0042 3912 p2psvc - ok 14:29:07.0089 3912 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 14:29:07.0167 3912 Parport - ok 14:29:07.0214 3912 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:29:07.0229 3912 partmgr - ok 14:29:07.0245 3912 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 14:29:07.0307 3912 Parvdm - ok 14:29:07.0354 3912 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 14:29:07.0401 3912 PcaSvc - ok 14:29:07.0448 3912 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 14:29:07.0463 3912 pci - ok 14:29:07.0510 3912 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\DRIVERS\pciide.sys 14:29:07.0526 3912 pciide - ok 14:29:07.0557 3912 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:29:07.0572 3912 pcmcia - ok 14:29:07.0619 3912 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:29:07.0744 3912 PEAUTH - ok 14:29:07.0838 3912 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 14:29:08.0009 3912 pla - ok 14:29:08.0072 3912 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:29:08.0118 3912 PlugPlay - ok 14:29:08.0165 3912 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:29:08.0228 3912 PNRPAutoReg - ok 14:29:08.0259 3912 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:29:08.0321 3912 PNRPsvc - ok 14:29:08.0368 3912 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:29:08.0477 3912 PolicyAgent - ok 14:29:08.0571 3912 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:29:08.0618 3912 PptpMiniport - ok 14:29:08.0649 3912 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 14:29:08.0711 3912 Processor - ok 14:29:08.0758 3912 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 14:29:08.0805 3912 ProfSvc - ok 14:29:08.0836 3912 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 14:29:08.0852 3912 ProtectedStorage - ok 14:29:08.0914 3912 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:29:08.0945 3912 PSched - ok 14:29:08.0976 3912 [ E801D5CC24E1CF18FA87D24D7074B876 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys 14:29:08.0992 3912 PSDFilter - ok 14:29:09.0023 3912 [ 24B5E3429F7F0E779FC2E6E36A0A5F73 ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys 14:29:09.0039 3912 PSDNServ - ok 14:29:09.0070 3912 [ 01CBFD08C0E8A6106BB26FCDA297154E ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys 14:29:09.0086 3912 psdvdisk - ok 14:29:09.0148 3912 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:29:09.0351 3912 ql2300 - ok 14:29:09.0382 3912 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:29:09.0398 3912 ql40xx - ok 14:29:09.0444 3912 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 14:29:09.0491 3912 QWAVE - ok 14:29:09.0522 3912 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:29:09.0569 3912 QWAVEdrv - ok 14:29:09.0600 3912 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:29:09.0647 3912 RasAcd - ok 14:29:09.0694 3912 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 14:29:09.0741 3912 RasAuto - ok 14:29:09.0772 3912 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:29:09.0803 3912 Rasl2tp - ok 14:29:09.0866 3912 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 14:29:09.0897 3912 RasMan - ok 14:29:09.0959 3912 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:29:10.0006 3912 RasPppoe - ok 14:29:10.0037 3912 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:29:10.0068 3912 RasSstp - ok 14:29:10.0131 3912 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:29:10.0178 3912 rdbss - ok 14:29:10.0209 3912 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:29:10.0256 3912 RDPCDD - ok 14:29:10.0302 3912 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:29:10.0365 3912 rdpdr - ok 14:29:10.0412 3912 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:29:10.0443 3912 RDPENCDD - ok 14:29:10.0505 3912 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:29:10.0536 3912 RDPWD - ok 14:29:10.0614 3912 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:29:10.0646 3912 RemoteAccess - ok 14:29:10.0724 3912 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:29:10.0770 3912 RemoteRegistry - ok 14:29:10.0802 3912 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 14:29:10.0848 3912 RpcLocator - ok 14:29:10.0911 3912 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 14:29:11.0004 3912 RpcSs - ok 14:29:11.0098 3912 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:29:11.0160 3912 rspndr - ok 14:29:11.0207 3912 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 14:29:11.0238 3912 SamSs - ok 14:29:11.0316 3912 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 14:29:11.0332 3912 SASDIFSV - ok 14:29:11.0363 3912 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 14:29:11.0379 3912 SASKUTIL - ok 14:29:11.0410 3912 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:29:11.0426 3912 sbp2port - ok 14:29:11.0488 3912 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:29:11.0535 3912 SCardSvr - ok 14:29:11.0613 3912 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 14:29:11.0722 3912 Schedule - ok 14:29:11.0800 3912 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:29:11.0816 3912 SCPolicySvc - ok 14:29:11.0862 3912 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:29:11.0925 3912 SDRSVC - ok 14:29:11.0972 3912 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:29:12.0050 3912 secdrv - ok 14:29:12.0096 3912 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 14:29:12.0143 3912 seclogon - ok 14:29:12.0190 3912 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 14:29:12.0237 3912 SENS - ok 14:29:12.0252 3912 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 14:29:12.0315 3912 Serenum - ok 14:29:12.0346 3912 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 14:29:12.0408 3912 Serial - ok 14:29:12.0440 3912 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:29:12.0471 3912 sermouse - ok 14:29:12.0533 3912 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 14:29:12.0596 3912 SessionEnv - ok 14:29:12.0627 3912 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:29:12.0689 3912 sffdisk - ok 14:29:12.0720 3912 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:29:12.0783 3912 sffp_mmc - ok 14:29:12.0798 3912 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:29:12.0861 3912 sffp_sd - ok 14:29:12.0892 3912 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:29:12.0954 3912 sfloppy - ok 14:29:13.0001 3912 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:29:13.0064 3912 SharedAccess - ok 14:29:13.0126 3912 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:29:13.0173 3912 ShellHWDetection - ok 14:29:13.0204 3912 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 14:29:13.0220 3912 sisagp - ok 14:29:13.0235 3912 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:29:13.0251 3912 SiSRaid2 - ok 14:29:13.0282 3912 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:29:13.0298 3912 SiSRaid4 - ok 14:29:13.0454 3912 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 14:29:14.0140 3912 slsvc - ok 14:29:14.0187 3912 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 14:29:14.0234 3912 SLUINotify - ok 14:29:14.0296 3912 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:29:14.0343 3912 Smb - ok 14:29:14.0390 3912 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:29:14.0405 3912 SNMPTRAP - ok 14:29:14.0452 3912 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 14:29:14.0468 3912 spldr - ok 14:29:14.0530 3912 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 14:29:14.0561 3912 Spooler - ok 14:29:14.0624 3912 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 14:29:14.0670 3912 srv - ok 14:29:14.0717 3912 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:29:14.0780 3912 srv2 - ok 14:29:14.0795 3912 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:29:14.0842 3912 srvnet - ok 14:29:14.0889 3912 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:29:14.0920 3912 SSDPSRV - ok 14:29:14.0967 3912 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:29:15.0029 3912 SstpSvc - ok 14:29:15.0092 3912 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 14:29:15.0216 3912 stisvc - ok 14:29:15.0248 3912 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:29:15.0263 3912 swenum - ok 14:29:15.0326 3912 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 14:29:15.0388 3912 swprv - ok 14:29:15.0419 3912 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:29:15.0435 3912 Symc8xx - ok 14:29:15.0450 3912 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:29:15.0466 3912 Sym_hi - ok 14:29:15.0497 3912 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:29:15.0513 3912 Sym_u3 - ok 14:29:15.0591 3912 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 14:29:15.0684 3912 SysMain - ok 14:29:15.0731 3912 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:29:15.0747 3912 TabletInputService - ok 14:29:15.0809 3912 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:29:15.0887 3912 TapiSrv - ok 14:29:15.0934 3912 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 14:29:15.0965 3912 TBS - ok 14:29:16.0028 3912 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:29:16.0137 3912 Tcpip - ok 14:29:16.0168 3912 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:29:16.0230 3912 Tcpip6 - ok 14:29:16.0277 3912 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:29:16.0340 3912 tcpipreg - ok 14:29:16.0371 3912 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:29:16.0402 3912 TDPIPE - ok 14:29:16.0433 3912 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:29:16.0464 3912 TDTCP - ok 14:29:16.0527 3912 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:29:16.0574 3912 tdx - ok 14:29:16.0620 3912 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:29:16.0636 3912 TermDD - ok 14:29:16.0714 3912 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 14:29:16.0776 3912 TermService - ok 14:29:16.0808 3912 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 14:29:16.0839 3912 Themes - ok 14:29:16.0870 3912 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 14:29:16.0901 3912 THREADORDER - ok 14:29:16.0948 3912 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 14:29:17.0010 3912 TrkWks - ok 14:29:17.0073 3912 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:29:17.0104 3912 TrustedInstaller - ok 14:29:17.0135 3912 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:29:17.0198 3912 tssecsrv - ok 14:29:17.0244 3912 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:29:17.0276 3912 tunmp - ok 14:29:17.0307 3912 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:29:17.0338 3912 tunnel - ok 14:29:17.0369 3912 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:29:17.0385 3912 uagp35 - ok 14:29:17.0447 3912 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:29:17.0478 3912 udfs - ok 14:29:17.0541 3912 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:29:17.0572 3912 UI0Detect - ok 14:29:17.0603 3912 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:29:17.0619 3912 uliagpkx - ok 14:29:17.0650 3912 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:29:17.0681 3912 uliahci - ok 14:29:17.0697 3912 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:29:17.0728 3912 UlSata - ok 14:29:17.0759 3912 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:29:17.0775 3912 ulsata2 - ok 14:29:17.0837 3912 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:29:17.0868 3912 umbus - ok 14:29:17.0900 3912 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 14:29:17.0946 3912 upnphost - ok 14:29:18.0009 3912 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:29:18.0056 3912 usbccgp - ok 14:29:18.0102 3912 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:29:18.0180 3912 usbcir - ok 14:29:18.0227 3912 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:29:18.0274 3912 usbehci - ok 14:29:18.0305 3912 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:29:18.0352 3912 usbhub - ok 14:29:18.0383 3912 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:29:18.0446 3912 usbohci - ok 14:29:18.0477 3912 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:29:18.0508 3912 usbprint - ok 14:29:18.0555 3912 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:29:18.0586 3912 usbscan - ok 14:29:18.0633 3912 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:29:18.0680 3912 USBSTOR - ok 14:29:18.0726 3912 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:29:18.0758 3912 usbuhci - ok 14:29:18.0820 3912 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 14:29:18.0851 3912 UxSms - ok 14:29:18.0898 3912 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 14:29:18.0945 3912 vds - ok 14:29:18.0992 3912 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:29:19.0054 3912 vga - ok 14:29:19.0085 3912 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 14:29:19.0116 3912 VgaSave - ok 14:29:19.0148 3912 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 14:29:19.0163 3912 viaagp - ok 14:29:19.0194 3912 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 14:29:19.0257 3912 ViaC7 - ok 14:29:19.0288 3912 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 14:29:19.0304 3912 viaide - ok 14:29:19.0319 3912 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:29:19.0335 3912 volmgr - ok 14:29:19.0397 3912 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:29:19.0428 3912 volmgrx - ok 14:29:19.0475 3912 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:29:19.0491 3912 volsnap - ok 14:29:19.0522 3912 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:29:19.0553 3912 vsmraid - ok 14:29:19.0616 3912 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 14:29:19.0740 3912 VSS - ok 14:29:19.0787 3912 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 14:29:19.0834 3912 W32Time - ok 14:29:19.0881 3912 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:29:19.0943 3912 WacomPen - ok 14:29:19.0990 3912 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:29:20.0037 3912 Wanarp - ok 14:29:20.0052 3912 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:29:20.0084 3912 Wanarpv6 - ok 14:29:20.0130 3912 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:29:20.0240 3912 wcncsvc - ok 14:29:20.0286 3912 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:29:20.0333 3912 WcsPlugInService - ok 14:29:20.0380 3912 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 14:29:20.0396 3912 Wd - ok 14:29:20.0505 3912 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:29:20.0552 3912 Wdf01000 - ok 14:29:20.0583 3912 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:29:20.0630 3912 WdiServiceHost - ok 14:29:20.0661 3912 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:29:20.0692 3912 WdiSystemHost - ok 14:29:20.0723 3912 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 14:29:20.0754 3912 WebClient - ok 14:29:20.0817 3912 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:29:20.0864 3912 Wecsvc - ok 14:29:20.0910 3912 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:29:20.0973 3912 wercplsupport - ok 14:29:21.0020 3912 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 14:29:21.0051 3912 WerSvc - ok 14:29:21.0113 3912 [ C9C63410D8CF98F621B9CC62243FB877 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 14:29:21.0191 3912 winachsf - ok 14:29:21.0269 3912 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 14:29:21.0300 3912 WinDefend - ok 14:29:21.0316 3912 WinHttpAutoProxySvc - ok 14:29:21.0394 3912 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:29:21.0425 3912 Winmgmt - ok 14:29:21.0503 3912 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 14:29:21.0628 3912 WinRM - ok 14:29:21.0706 3912 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:29:21.0768 3912 Wlansvc - ok 14:29:21.0800 3912 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 14:29:21.0831 3912 WmiAcpi - ok 14:29:21.0893 3912 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:29:21.0924 3912 wmiApSrv - ok 14:29:21.0956 3912 [ EE80AC462A171DBF06EEB2058B5D3BC6 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 14:29:21.0971 3912 WMIService ( UnsignedFile.Multi.Generic ) - warning 14:29:21.0971 3912 WMIService - detected UnsignedFile.Multi.Generic (1) 14:29:22.0049 3912 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 14:29:22.0174 3912 WMPNetworkSvc - ok 14:29:22.0221 3912 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:29:22.0283 3912 WPCSvc - ok 14:29:22.0330 3912 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:29:22.0377 3912 WPDBusEnum - ok 14:29:22.0486 3912 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:29:22.0533 3912 WPFFontCache_v0400 - ok 14:29:22.0580 3912 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:29:22.0626 3912 ws2ifsl - ok 14:29:22.0689 3912 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 14:29:22.0720 3912 wscsvc - ok 14:29:22.0736 3912 WSearch - ok 14:29:22.0829 3912 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 14:29:23.0016 3912 wuauserv - ok 14:29:23.0063 3912 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:29:23.0110 3912 WUDFRd - ok 14:29:23.0141 3912 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:29:23.0204 3912 wudfsvc - ok 14:29:23.0235 3912 [ 2E579520E114A9CA309F13BF40AD8292 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 14:29:23.0282 3912 XAudio - ok 14:29:23.0328 3912 [ F82FC2C30A19442B95AE554215837C46 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 14:29:23.0391 3912 XAudioService - ok 14:29:23.0500 3912 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 14:29:23.0578 3912 YahooAUService - ok 14:29:23.0594 3912 ================ Scan global =============================== 14:29:23.0656 3912 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 14:29:23.0718 3912 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 14:29:23.0765 3912 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 14:29:23.0812 3912 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 14:29:23.0828 3912 [Global] - ok 14:29:23.0828 3912 ================ Scan MBR ================================== 14:29:23.0843 3912 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0 14:29:27.0540 3912 \Device\Harddisk0\DR0 - ok 14:29:27.0556 3912 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 14:29:27.0696 3912 \Device\Harddisk1\DR1 - ok 14:29:27.0712 3912 ================ Scan VBR ================================== 14:29:27.0806 3912 [ 48519FFAEB34A08B74D8CB367224F239 ] \Device\Harddisk0\DR0\Partition1 14:29:27.0806 3912 \Device\Harddisk0\DR0\Partition1 - ok 14:29:27.0837 3912 [ D4875C0660E367AC864F2693F47B7A81 ] \Device\Harddisk0\DR0\Partition2 14:29:27.0837 3912 \Device\Harddisk0\DR0\Partition2 - ok 14:29:27.0852 3912 [ 3AB1B5126130F63A3423A4A653380327 ] \Device\Harddisk1\DR1\Partition1 14:29:27.0852 3912 \Device\Harddisk1\DR1\Partition1 - ok 14:29:27.0852 3912 ================ Scan active images ======================== 14:29:27.0868 3912 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys 14:29:27.0868 3912 C:\Windows\System32\drivers\crashdmp.sys - ok 14:29:27.0868 3912 [ C67EBF9C05531C406E1E079FF669A2E6 ] C:\Windows\System32\drivers\Dumpata.sys 14:29:27.0868 3912 C:\Windows\System32\drivers\Dumpata.sys - ok 14:29:27.0884 3912 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] C:\Windows\System32\drivers\msahci.sys 14:29:27.0884 3912 C:\Windows\System32\drivers\msahci.sys - ok 14:29:27.0899 3912 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS 14:29:27.0899 3912 C:\Windows\System32\drivers\TUNMP.SYS - ok 14:29:27.0915 3912 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys 14:29:27.0915 3912 C:\Windows\System32\drivers\tunnel.sys - ok 14:29:27.0915 3912 [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys 14:29:27.0915 3912 C:\Windows\System32\drivers\intelppm.sys - ok 14:29:27.0930 3912 [ 9378D57E2B96C0A185D844770AD49948 ] C:\Windows\System32\drivers\igdkmd32.sys 14:29:27.0930 3912 C:\Windows\System32\drivers\igdkmd32.sys - ok 14:29:27.0946 3912 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys 14:29:27.0946 3912 C:\Windows\System32\drivers\dxgkrnl.sys - ok 14:29:27.0962 3912 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys 14:29:27.0962 3912 C:\Windows\System32\drivers\watchdog.sys - ok 14:29:27.0962 3912 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys 14:29:27.0962 3912 C:\Windows\System32\drivers\usbport.sys - ok 14:29:27.0977 3912 [ 814D653EFC4D48BE3B04A307ECEFF56F ] C:\Windows\System32\drivers\usbuhci.sys 14:29:27.0977 3912 C:\Windows\System32\drivers\usbuhci.sys - ok 14:29:27.0993 3912 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys 14:29:27.0993 3912 C:\Windows\System32\drivers\usbehci.sys - ok 14:29:28.0008 3912 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys 14:29:28.0008 3912 C:\Windows\System32\drivers\hdaudbus.sys - ok 14:29:28.0008 3912 [ C7EA0E3E37FF1CD2BB65636448322572 ] C:\Windows\System32\drivers\b57nd60x.sys 14:29:28.0008 3912 C:\Windows\System32\drivers\b57nd60x.sys - ok 14:29:28.0024 3912 [ B0C272DEF210B149C0BFA0D85600CE4B ] C:\Windows\System32\drivers\athr.sys 14:29:28.0024 3912 C:\Windows\System32\drivers\athr.sys - ok 14:29:28.0040 3912 [ 73BAF270D24FE726B9CD7F80BB17A23D ] C:\Windows\System32\drivers\DKbFltr.sys 14:29:28.0040 3912 C:\Windows\System32\drivers\DKbFltr.sys - ok 14:29:28.0040 3912 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] C:\Windows\System32\drivers\i8042prt.sys 14:29:28.0040 3912 C:\Windows\System32\drivers\i8042prt.sys - ok 14:29:28.0055 3912 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys 14:29:28.0055 3912 C:\Windows\System32\drivers\kbdclass.sys - ok 14:29:28.0071 3912 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] C:\Windows\System32\drivers\CmBatt.sys 14:29:28.0071 3912 C:\Windows\System32\drivers\CmBatt.sys - ok 14:29:28.0086 3912 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys 14:29:28.0086 3912 C:\Windows\System32\drivers\mouclass.sys - ok 14:29:28.0086 3912 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys 14:29:28.0086 3912 C:\Windows\System32\drivers\cdrom.sys - ok 14:29:28.0102 3912 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] C:\Windows\System32\drivers\NTIDrvr.sys 14:29:28.0102 3912 C:\Windows\System32\drivers\NTIDrvr.sys - ok 14:29:28.0118 3912 [ 2E7255D172DF0B8283CDFB7B433B864E ] C:\Windows\System32\drivers\wmiacpi.sys 14:29:28.0118 3912 C:\Windows\System32\drivers\wmiacpi.sys - ok 14:29:28.0118 3912 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys 14:29:28.0118 3912 C:\Windows\System32\drivers\Storport.sys - ok 14:29:28.0133 3912 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys 14:29:28.0133 3912 C:\Windows\System32\drivers\msiscsi.sys - ok 14:29:28.0149 3912 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys 14:29:28.0149 3912 C:\Windows\System32\drivers\rasl2tp.sys - ok 14:29:28.0149 3912 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys 14:29:28.0149 3912 C:\Windows\System32\drivers\tdi.sys - ok 14:29:28.0164 3912 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys 14:29:28.0164 3912 C:\Windows\System32\drivers\ndistapi.sys - ok 14:29:28.0180 3912 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys 14:29:28.0180 3912 C:\Windows\System32\drivers\ndiswan.sys - ok 14:29:28.0196 3912 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys 14:29:28.0196 3912 C:\Windows\System32\drivers\raspppoe.sys - ok 14:29:28.0196 3912 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys 14:29:28.0196 3912 C:\Windows\System32\drivers\raspptp.sys - ok 14:29:28.0211 3912 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys 14:29:28.0211 3912 C:\Windows\System32\drivers\rassstp.sys - ok 14:29:28.0227 3912 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys 14:29:28.0227 3912 C:\Windows\System32\drivers\termdd.sys - ok 14:29:28.0227 3912 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys 14:29:28.0227 3912 C:\Windows\System32\drivers\ks.sys - ok 14:29:28.0242 3912 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys 14:29:28.0242 3912 C:\Windows\System32\drivers\mssmbios.sys - ok 14:29:28.0258 3912 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys 14:29:28.0258 3912 C:\Windows\System32\drivers\swenum.sys - ok 14:29:28.0258 3912 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys 14:29:28.0258 3912 C:\Windows\System32\drivers\umbus.sys - ok 14:29:28.0274 3912 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys 14:29:28.0274 3912 C:\Windows\System32\drivers\usbhub.sys - ok 14:29:28.0289 3912 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys 14:29:28.0289 3912 C:\Windows\System32\drivers\ndproxy.sys - ok 14:29:28.0305 3912 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys 14:29:28.0305 3912 C:\Windows\System32\drivers\drmk.sys - ok 14:29:28.0305 3912 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys 14:29:28.0305 3912 C:\Windows\System32\drivers\portcls.sys - ok 14:29:28.0320 3912 [ 90A10B39896040B3154613C11C932AEB ] C:\Windows\System32\drivers\RTKVHDA.sys 14:29:28.0320 3912 C:\Windows\System32\drivers\RTKVHDA.sys - ok 14:29:28.0336 3912 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] C:\Windows\System32\drivers\AGRSM.sys 14:29:28.0336 3912 C:\Windows\System32\drivers\AGRSM.sys - ok 14:29:28.0336 3912 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys 14:29:28.0336 3912 C:\Windows\System32\drivers\usbd.sys - ok 14:29:28.0352 3912 [ E13B5EA0F51BA5B1512EC671393D09BA ] C:\Windows\System32\drivers\modem.sys 14:29:28.0352 3912 C:\Windows\System32\drivers\modem.sys - ok 14:29:28.0367 3912 [ DCB199B967375753B5019EC15F008F53 ] C:\Windows\System32\drivers\aswSnx.sys 14:29:28.0367 3912 C:\Windows\System32\drivers\aswSnx.sys - ok 14:29:28.0367 3912 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys 14:29:28.0367 3912 C:\Windows\System32\drivers\fs_rec.sys - ok 14:29:28.0383 3912 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys 14:29:28.0383 3912 C:\Windows\System32\drivers\null.sys - ok 14:29:28.0398 3912 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys 14:29:28.0398 3912 C:\Windows\System32\drivers\beep.sys - ok 14:29:28.0414 3912 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys 14:29:28.0414 3912 C:\Windows\System32\drivers\vga.sys - ok 14:29:28.0414 3912 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys 14:29:28.0414 3912 C:\Windows\System32\drivers\videoprt.sys - ok 14:29:28.0430 3912 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys 14:29:28.0430 3912 C:\Windows\System32\drivers\RDPCDD.sys - ok 14:29:28.0445 3912 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys 14:29:28.0445 3912 C:\Windows\System32\drivers\msfs.sys - ok 14:29:28.0445 3912 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys 14:29:28.0445 3912 C:\Windows\System32\drivers\RDPENCDD.sys - ok 14:29:28.0461 3912 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys 14:29:28.0461 3912 C:\Windows\System32\drivers\npfs.sys - ok 14:29:28.0476 3912 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys 14:29:28.0476 3912 C:\Windows\System32\drivers\rasacd.sys - ok 14:29:28.0476 3912 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys 14:29:28.0476 3912 C:\Windows\System32\drivers\tdx.sys - ok 14:29:28.0492 3912 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] C:\Windows\System32\drivers\aswTdi.sys 14:29:28.0492 3912 C:\Windows\System32\drivers\aswTdi.sys - ok 14:29:28.0508 3912 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys 14:29:28.0508 3912 C:\Windows\System32\drivers\smb.sys - ok 14:29:28.0523 3912 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys 14:29:28.0523 3912 C:\Windows\System32\drivers\afd.sys - ok 14:29:28.0523 3912 [ DA12626FD9A67F4E917E2F2FBE1E1764 ] C:\Windows\System32\drivers\aswRdr.sys 14:29:28.0523 3912 C:\Windows\System32\drivers\aswRdr.sys - ok 14:29:28.0539 3912 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys 14:29:28.0539 3912 C:\Windows\System32\drivers\netbt.sys - ok 14:29:28.0554 3912 [ E3A3CB253C0EC2494D4A61F5E43A389C ] C:\Windows\System32\drivers\ws2ifsl.sys 14:29:28.0554 3912 C:\Windows\System32\drivers\ws2ifsl.sys - ok 14:29:28.0554 3912 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys 14:29:28.0554 3912 C:\Windows\System32\drivers\pacer.sys - ok 14:29:28.0570 3912 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys 14:29:28.0570 3912 C:\Windows\System32\drivers\netbios.sys - ok 14:29:28.0586 3912 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys 14:29:28.0586 3912 C:\Windows\System32\drivers\wanarp.sys - ok 14:29:28.0586 3912 [ 39763504067962108505BFF25F024345 ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys 14:29:28.0586 3912 C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok 14:29:28.0601 3912 [ 77B9FC20084B48408AD3E87570EB4A85 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 14:29:28.0601 3912 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok 14:29:28.0617 3912 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys 14:29:28.0617 3912 C:\Windows\System32\drivers\rdbss.sys - ok 14:29:28.0632 3912 [ 5C918D413F5837E67A85775C9873775E ] C:\PROGRA~1\LAUNCH~1\DPortIO.sys 14:29:28.0632 3912 C:\PROGRA~1\LAUNCH~1\DPortIO.sys - ok 14:29:28.0632 3912 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys 14:29:28.0632 3912 C:\Windows\System32\drivers\nsiproxy.sys - ok 14:29:28.0648 3912 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys 14:29:28.0648 3912 C:\Windows\System32\drivers\dfsc.sys - ok 14:29:28.0664 3912 [ B32873E5A1443C0A1E322266E203BF10 ] C:\Windows\System32\drivers\aswSP.sys 14:29:28.0664 3912 C:\Windows\System32\drivers\aswSP.sys - ok 14:29:28.0664 3912 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe 14:29:28.0664 3912 C:\Windows\System32\smss.exe - ok 14:29:28.0679 3912 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll 14:29:28.0679 3912 C:\Windows\System32\ntdll.dll - ok 14:29:28.0695 3912 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe 14:29:28.0695 3912 C:\Windows\System32\autochk.exe - ok 14:29:28.0710 3912 [ BE3DA31C191BC222D9AD503C5224F2AD ] C:\Windows\System32\drivers\USBSTOR.SYS 14:29:28.0710 3912 C:\Windows\System32\drivers\USBSTOR.SYS - ok 14:29:28.0710 3912 [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys 14:29:28.0710 3912 C:\Windows\System32\drivers\fastfat.sys - ok 14:29:28.0726 3912 [ 574B473FACAA0E91702B86578440B525 ] C:\Windows\System32\kernel32.dll 14:29:28.0726 3912 C:\Windows\System32\kernel32.dll - ok 14:29:28.0742 3912 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll 14:29:28.0742 3912 C:\Windows\System32\normaliz.dll - ok 14:29:28.0742 3912 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll 14:29:28.0742 3912 C:\Windows\System32\setupapi.dll - ok 14:29:28.0757 3912 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll 14:29:28.0757 3912 C:\Windows\System32\ole32.dll - ok 14:29:28.0773 3912 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll 14:29:28.0773 3912 C:\Windows\System32\clbcatq.dll - ok 14:29:28.0788 3912 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll 14:29:28.0788 3912 C:\Windows\System32\advapi32.dll - ok 14:29:28.0788 3912 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll 14:29:28.0788 3912 C:\Windows\System32\comdlg32.dll - ok 14:29:28.0804 3912 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll 14:29:28.0804 3912 C:\Windows\System32\rpcrt4.dll - ok 14:29:28.0820 3912 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll 14:29:28.0820 3912 C:\Windows\System32\lpk.dll - ok 14:29:28.0820 3912 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll 14:29:28.0820 3912 C:\Windows\System32\shlwapi.dll - ok 14:29:28.0835 3912 [ 9FAC0F6D5F3D922DB294E30CD3F62369 ] C:\Windows\System32\urlmon.dll 14:29:28.0835 3912 C:\Windows\System32\urlmon.dll - ok 14:29:28.0851 3912 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll 14:29:28.0851 3912 C:\Windows\System32\msvcrt.dll - ok 14:29:28.0851 3912 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll 14:29:28.0851 3912 C:\Windows\System32\msctf.dll - ok 14:29:28.0866 3912 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll 14:29:28.0866 3912 C:\Windows\System32\gdi32.dll - ok 14:29:28.0882 3912 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll 14:29:28.0882 3912 C:\Windows\System32\ws2_32.dll - ok 14:29:28.0898 3912 [ 5553611E2F9EA6F613079177F1233068 ] C:\Windows\System32\wininet.dll 14:29:28.0898 3912 C:\Windows\System32\wininet.dll - ok 14:29:28.0898 3912 [ EB8A00E8E9931A7EC04F920B09D880D8 ] C:\Windows\System32\iertutil.dll 14:29:28.0898 3912 C:\Windows\System32\iertutil.dll - ok 14:29:28.0913 3912 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll 14:29:28.0913 3912 C:\Windows\System32\imm32.dll - ok 14:29:28.0929 3912 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll 14:29:28.0929 3912 C:\Windows\System32\nsi.dll - ok 14:29:28.0929 3912 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll 14:29:28.0929 3912 C:\Windows\System32\oleaut32.dll - ok 14:29:28.0944 3912 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll 14:29:28.0944 3912 C:\Windows\System32\user32.dll - ok 14:29:28.0960 3912 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll 14:29:28.0960 3912 C:\Windows\System32\shell32.dll - ok 14:29:28.0960 3912 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll 14:29:28.0960 3912 C:\Windows\System32\imagehlp.dll - ok 14:29:28.0976 3912 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll 14:29:28.0976 3912 C:\Windows\System32\usp10.dll - ok 14:29:28.0991 3912 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll 14:29:28.0991 3912 C:\Windows\System32\Wldap32.dll - ok 14:29:28.0991 3912 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll 14:29:28.0991 3912 C:\Windows\System32\comctl32.dll - ok 14:29:29.0007 3912 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll 14:29:29.0007 3912 C:\Windows\System32\psapi.dll - ok 14:29:29.0022 3912 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys 14:29:29.0022 3912 C:\Windows\System32\drivers\dxapi.sys - ok 14:29:29.0038 3912 [ 92D85E8A4129FE44A3266266AC8D151D ] C:\Windows\System32\win32k.sys 14:29:29.0038 3912 C:\Windows\System32\win32k.sys - ok 14:29:29.0038 3912 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll 14:29:29.0038 3912 C:\Windows\System32\basesrv.dll - ok 14:29:29.0054 3912 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll 14:29:29.0054 3912 C:\Windows\System32\csrsrv.dll - ok 14:29:29.0069 3912 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe 14:29:29.0069 3912 C:\Windows\System32\csrss.exe - ok 14:29:29.0069 3912 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll 14:29:29.0069 3912 C:\Windows\System32\winsrv.dll - ok 14:29:29.0085 3912 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys 14:29:29.0085 3912 C:\Windows\System32\drivers\monitor.sys - ok 14:29:29.0100 3912 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll 14:29:29.0100 3912 C:\Windows\System32\tsddd.dll - ok 14:29:29.0100 3912 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe 14:29:29.0100 3912 C:\Windows\System32\wininit.exe - ok 14:29:29.0116 3912 [ 026C3BD6F2F2FDC676ECED82062C9F47 ] C:\Program Files\AVAST Software\Avast\snxhk.dll 14:29:29.0116 3912 C:\Program Files\AVAST Software\Avast\snxhk.dll - ok 14:29:29.0132 3912 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll 14:29:29.0132 3912 C:\Windows\System32\sxs.dll - ok 14:29:29.0132 3912 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll 14:29:29.0132 3912 C:\Windows\System32\userenv.dll - ok 14:29:29.0147 3912 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll 14:29:29.0147 3912 C:\Windows\System32\secur32.dll - ok 14:29:29.0163 3912 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll 14:29:29.0163 3912 C:\Windows\System32\cdd.dll - ok 14:29:29.0163 3912 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL 14:29:29.0163 3912 C:\Windows\System32\KBDUS.DLL - ok 14:29:29.0178 3912 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe 14:29:29.0178 3912 C:\Windows\System32\winlogon.exe - ok 14:29:29.0194 3912 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll 14:29:29.0194 3912 C:\Windows\System32\WlS0WndH.dll - ok 14:29:29.0210 3912 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll 14:29:29.0210 3912 C:\Windows\System32\apphelp.dll - ok 14:29:29.0210 3912 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe 14:29:29.0210 3912 C:\Windows\System32\services.exe - ok 14:29:29.0225 3912 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe 14:29:29.0225 3912 C:\Windows\System32\lsass.exe - ok 14:29:29.0241 3912 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe 14:29:29.0241 3912 C:\Windows\System32\lsm.exe - ok 14:29:29.0241 3912 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll 14:29:29.0241 3912 C:\Windows\System32\lsasrv.dll - ok 14:29:29.0256 3912 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll 14:29:29.0256 3912 C:\Windows\System32\winsta.dll - ok 14:29:29.0272 3912 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll 14:29:29.0272 3912 C:\Windows\System32\scesrv.dll - ok 14:29:29.0272 3912 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll 14:29:29.0272 3912 C:\Windows\System32\sysntfy.dll - ok 14:29:29.0288 3912 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll 14:29:29.0288 3912 C:\Windows\System32\wmsgapi.dll - ok 14:29:29.0303 3912 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll 14:29:29.0303 3912 C:\Windows\System32\authz.dll - ok 14:29:29.0303 3912 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll 14:29:29.0303 3912 C:\Windows\System32\netapi32.dll - ok 14:29:29.0319 3912 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll 14:29:29.0319 3912 C:\Windows\System32\ncobjapi.dll - ok 14:29:29.0334 3912 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll 14:29:29.0334 3912 C:\Windows\System32\samsrv.dll - ok 14:29:29.0350 3912 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll 14:29:29.0350 3912 C:\Windows\System32\cryptdll.dll - ok 14:29:29.0350 3912 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll 14:29:29.0350 3912 C:\Windows\System32\dnsapi.dll - ok 14:29:29.0366 3912 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll 14:29:29.0366 3912 C:\Windows\System32\samlib.dll - ok 14:29:29.0381 3912 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll 14:29:29.0381 3912 C:\Windows\System32\aelupsvc.dll - ok 14:29:29.0381 3912 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll 14:29:29.0381 3912 C:\Windows\System32\feclient.dll - ok 14:29:29.0397 3912 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll 14:29:29.0397 3912 C:\Windows\System32\mpr.dll - ok 14:29:29.0412 3912 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll 14:29:29.0412 3912 C:\Windows\System32\msasn1.dll - ok 14:29:29.0412 3912 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll 14:29:29.0412 3912 C:\Windows\System32\ntdsapi.dll - ok 14:29:29.0428 3912 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe 14:29:29.0428 3912 C:\Windows\System32\alg.exe - ok 14:29:29.0444 3912 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll 14:29:29.0444 3912 C:\Windows\System32\appinfo.dll - ok 14:29:29.0459 3912 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\System32\crypt32.dll 14:29:29.0459 3912 C:\Windows\System32\crypt32.dll - ok 14:29:29.0459 3912 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll 14:29:29.0459 3912 C:\Windows\System32\audiosrv.dll - ok 14:29:29.0475 3912 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL 14:29:29.0475 3912 C:\Windows\System32\BFE.DLL - ok 14:29:29.0490 3912 [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll 14:29:29.0490 3912 C:\Windows\System32\qmgr.dll - ok 14:29:29.0490 3912 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll 14:29:29.0490 3912 C:\Windows\System32\SLC.dll - ok 14:29:29.0506 3912 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll 14:29:29.0506 3912 C:\Windows\System32\wevtapi.dll - ok 14:29:29.0522 3912 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll 14:29:29.0522 3912 C:\Windows\System32\browser.dll - ok 14:29:29.0522 3912 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL 14:29:29.0522 3912 C:\Windows\System32\IPHLPAPI.DLL - ok 14:29:29.0537 3912 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll 14:29:29.0537 3912 C:\Windows\System32\certprop.dll - ok 14:29:29.0553 3912 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll 14:29:29.0553 3912 C:\Windows\System32\dhcpcsvc.dll - ok 14:29:29.0553 3912 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll 14:29:29.0553 3912 C:\Windows\System32\dhcpcsvc6.dll - ok 14:29:29.0568 3912 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll 14:29:29.0568 3912 C:\Windows\System32\winnsi.dll - ok 14:29:29.0584 3912 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll 14:29:29.0584 3912 C:\Windows\System32\cngaudit.dll - ok 14:29:29.0584 3912 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll 14:29:29.0600 3912 C:\Windows\System32\comres.dll - ok 14:29:29.0600 3912 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll 14:29:29.0600 3912 C:\Windows\System32\bcrypt.dll - ok 14:29:29.0615 3912 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32\ncrypt.dll 14:29:29.0615 3912 C:\Windows\System32\ncrypt.dll - ok 14:29:29.0631 3912 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll 14:29:29.0631 3912 C:\Windows\System32\credssp.dll - ok 14:29:29.0631 3912 [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\Windows\System32\cryptsvc.dll 14:29:29.0631 3912 C:\Windows\System32\cryptsvc.dll - ok 14:29:29.0646 3912 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll 14:29:29.0646 3912 C:\Windows\System32\oleres.dll - ok 14:29:29.0662 3912 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll 14:29:29.0662 3912 C:\Windows\System32\msprivs.dll - ok 14:29:29.0662 3912 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll 14:29:29.0662 3912 C:\Windows\System32\kerberos.dll - ok 14:29:29.0678 3912 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL 14:29:29.0678 3912 C:\Windows\System32\WSHTCPIP.DLL - ok 14:29:29.0693 3912 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll 14:29:29.0693 3912 C:\Windows\System32\dfsrres.dll - ok 14:29:29.0693 3912 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll 14:29:29.0693 3912 C:\Windows\System32\dot3svc.dll - ok 14:29:29.0709 3912 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll 14:29:29.0709 3912 C:\Windows\System32\wship6.dll - ok 14:29:29.0724 3912 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll 14:29:29.0724 3912 C:\Windows\System32\wshqos.dll - ok 14:29:29.0724 3912 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll 14:29:29.0724 3912 C:\Windows\System32\dps.dll - ok 14:29:29.0740 3912 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll 14:29:29.0740 3912 C:\Windows\System32\NapiNSP.dll - ok 14:29:29.0756 3912 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll 14:29:29.0756 3912 C:\Windows\System32\nlasvc.dll - ok 14:29:29.0756 3912 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll 14:29:29.0756 3912 C:\Windows\System32\eapsvc.dll - ok 14:29:29.0771 3912 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll 14:29:29.0771 3912 C:\Windows\System32\emdmgmt.dll - ok 14:29:29.0787 3912 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll 14:29:29.0787 3912 C:\Windows\System32\pnrpnsp.dll - ok 14:29:29.0802 3912 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll 14:29:29.0802 3912 C:\Windows\System32\wevtsvc.dll - ok 14:29:29.0802 3912 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
  15. Tumbleweed88
    RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Kenneth [Admin rights] Mode : Scan -- Date : 11/08/2012 08:40:07 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK8046GSX ATA Device +++++ --- User --- [MBR] 949816e28938e44b619b222dfce0489b [bSP] a98e33c95932ffb94cfb7eda1f6ee6ce : Acer tatooed MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 33294 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 88653824 | Size: 33030 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11082012_02d0840.txt >> RKreport[1]_S_11082012_02d0840.txt
  16. Tumbleweed88
    Removed the old MBAM, rebooted, installed the MBAM, it ran for 3 minutes and BSOD. I wonder if a bullet hole will help this thing?
  17. Tumbleweed88
    Here is OTL..... OTL logfile created on: 11/7/2012 10:32:33 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kenneth\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1013.33 Mb Total Physical Memory | 321.69 Mb Available Physical Memory | 31.75% Memory free 2.23 Gb Paging File | 1.38 Gb Available in Paging File | 61.68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 32.51 Gb Total Space | 11.92 Gb Free Space | 36.68% Space Free | Partition Type: NTFS Drive D: | 32.26 Gb Total Space | 32.13 Gb Free Space | 99.60% Space Free | Partition Type: NTFS Drive F: | 14.89 Gb Total Space | 14.89 Gb Free Space | 99.99% Space Free | Partition Type: FAT32 Computer Name: HOME-PC | User Name: Kenneth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kenneth\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Kenneth\AppData\Local\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe () PRC - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe () PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\BatchCrypto.dll () MOD - C:\Windows\System32\ShowErrMsg.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLSched) -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe () SRV - (CyberLink Media Library Service) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Kenneth\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/ IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes,DefaultScope = {915FBF5B-EBCE-4992-8ECC-E9FFDE6C81CF} IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{0A8808A2-AABC-4DFB-BF53-9BBC0B7C7C12}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{915FBF5B-EBCE-4992-8ECC-E9FFDE6C81CF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{B10D787B-03D0-4EF2-8C89-AE5EF6FA3C34}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms} IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/web?l=dis&o=APN10022&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A4D&apn_uid=5130376573954600&p2=^A4D^YYYYYY^YY^US&q={searchTerms} IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{FB712C83-C6C0-4B41-B8D2-0983AB386191}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYYYUS&apn_uid=40edba8b-8bb5-4517-8c2f-787cbc892291&apn_sauid=80EF17FA-194B-4E6E-AC0F-D37CBA4CEC81 IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Kenneth\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) ========== Chrome ========== CHR - homepage: http://www.ask.com/?l=dis&o=15119cr CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.ask.com/?l=dis&o=15119cr CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: registryAccess (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaonkdgfnbiijefodhhpdilffkbbmg\7.15.4.0_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Kenneth\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Ask Toolbar = C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaonkdgfnbiijefodhhpdilffkbbmg\7.15.4.0_0\ CHR - Extension: avast! WebRep = C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ O1 HOSTS File: ([2012/11/06 19:26:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E28C7F8-15AB-45F2-8A8F-BB7E65AC0FEB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBC7A79D-EB01-474E-8F43-C9A92D8CA7D1}: DhcpNameServer = 172.16.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/07 22:25:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kenneth\Desktop\OTL.exe [2012/11/07 21:46:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/11/07 18:15:57 | 000,906,778 | ---- | C] (Farbar) -- C:\Users\Kenneth\Desktop\FRST.exe [2012/11/07 18:14:27 | 000,000,000 | ---D | C] -- C:\FRST [2012/11/06 19:29:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/06 19:29:50 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Local\temp [2012/11/06 15:55:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/06 15:55:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/06 15:55:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/06 15:52:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/06 15:52:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/06 15:51:02 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Kenneth\Desktop\ComboFix.exe [2012/11/06 12:56:22 | 000,688,779 | R--- | C] (Swearware) -- C:\Users\Kenneth\Desktop\dds.scr [2012/11/06 12:37:54 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\Malwarebytes [2012/11/06 12:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/06 12:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/06 12:37:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/11/06 12:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/11/06 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/11/06 12:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/11/05 23:31:32 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe [2012/11/05 23:31:23 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kenneth\Desktop\1mbam-setup.exe [2012/11/04 21:31:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kenneth\Desktop\tdsskiller.exe [2012/11/03 19:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/11/03 19:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012/11/03 13:24:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/11/03 00:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Defrag [2012/11/03 00:50:22 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner [2012/11/03 00:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner [2012/11/02 18:56:16 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com [2012/11/02 18:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/11/02 18:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/11/02 18:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/10/31 13:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\D852ADD2F4338B3B0000D851D58690AD ========== Files - Modified Within 30 Days ========== [2012/11/07 22:30:47 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/07 22:30:47 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/07 22:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/07 22:24:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kenneth\Desktop\OTL.exe [2012/11/07 22:17:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/07 22:12:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/07 22:12:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/07 22:12:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/07 22:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/07 21:47:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/11/07 00:15:40 | 000,906,778 | ---- | M] (Farbar) -- C:\Users\Kenneth\Desktop\FRST.exe [2012/11/06 22:20:58 | 000,001,356 | ---- | M] () -- C:\Users\Kenneth\AppData\Local\d3d9caps.dat [2012/11/06 19:26:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/11/06 15:49:28 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Kenneth\Desktop\ComboFix.exe [2012/11/06 12:37:48 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/06 12:14:15 | 000,001,952 | ---- | M] () -- C:\Users\Kenneth\Desktop\HiJackThis.lnk [2012/11/06 11:53:56 | 000,688,779 | R--- | M] (Swearware) -- C:\Users\Kenneth\Desktop\dds.scr [2012/11/05 23:27:06 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kenneth\Desktop\1mbam-setup.exe [2012/11/05 23:25:26 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe [2012/11/05 21:05:06 | 000,302,592 | ---- | M] () -- C:\Users\Kenneth\Desktop\Gmerrp1vecox.exe [2012/11/04 21:26:10 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kenneth\Desktop\tdsskiller.exe [2012/11/03 22:15:36 | 000,255,770 | ---- | M] () -- C:\Users\Kenneth\AppData\Local\census.cache [2012/11/03 22:15:14 | 000,187,324 | ---- | M] () -- C:\Users\Kenneth\AppData\Local\ars.cache [2012/11/03 22:03:07 | 000,000,036 | ---- | M] () -- C:\Users\Kenneth\AppData\Local\housecall.guid.cache [2012/11/03 19:49:44 | 000,001,059 | ---- | M] () -- C:\Users\Kenneth\Desktop\Spybot - Search & Destroy.lnk [2012/11/03 18:37:41 | 134,975,565 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/03 00:50:22 | 000,000,866 | ---- | M] () -- C:\Users\Kenneth\Desktop\Eusing Free Registry Cleaner.lnk [2012/11/03 00:03:57 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012/11/02 18:55:57 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/10/11 02:11:09 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012/11/06 15:55:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/06 15:55:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/06 15:55:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/06 15:55:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/06 15:55:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/06 12:37:48 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/06 12:14:15 | 000,001,952 | ---- | C] () -- C:\Users\Kenneth\Desktop\HiJackThis.lnk [2012/11/05 21:06:53 | 000,302,592 | ---- | C] () -- C:\Users\Kenneth\Desktop\Gmerrp1vecox.exe [2012/11/03 22:15:36 | 000,255,770 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\census.cache [2012/11/03 22:15:14 | 000,187,324 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\ars.cache [2012/11/03 22:03:07 | 000,000,036 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\housecall.guid.cache [2012/11/03 19:49:44 | 000,001,059 | ---- | C] () -- C:\Users\Kenneth\Desktop\Spybot - Search & Destroy.lnk [2012/11/03 13:23:30 | 134,975,565 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/11/03 00:50:22 | 000,000,866 | ---- | C] () -- C:\Users\Kenneth\Desktop\Eusing Free Registry Cleaner.lnk [2012/11/03 00:03:57 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012/11/02 18:55:57 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/02/17 17:04:38 | 000,001,356 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\d3d9caps.dat [2010/02/07 10:48:22 | 000,007,168 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009/07/16 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Acer [2009/09/19 11:46:49 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Auslogics [2009/09/21 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\GlarySoft [2011/12/16 16:14:31 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\iYogi [2009/07/16 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Leadertech [2011/11/19 16:21:25 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Sammsoft ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2009/07/23 12:31:52 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009/07/23 12:31:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009/07/23 12:31:50 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/07/23 12:51:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2009/07/23 12:51:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009/07/23 12:31:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: SVCHOST.EXE > [2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe [2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe [2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe [2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe < MD5 for: USERINIT.EXE > [2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe [2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < > [2006/11/02 06:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006/11/02 06:58:10 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/06/08 15:52:15 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012/06/08 15:52:17 | 000,000,888 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012/06/11 15:41:50 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >
  18. Tumbleweed88
    Here is EXTRAS....... OTL Extras logfile created on: 11/7/2012 10:32:33 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kenneth\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1013.33 Mb Total Physical Memory | 321.69 Mb Available Physical Memory | 31.75% Memory free 2.23 Gb Paging File | 1.38 Gb Available in Paging File | 61.68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 32.51 Gb Total Space | 11.92 Gb Free Space | 36.68% Space Free | Partition Type: NTFS Drive D: | 32.26 Gb Total Space | 32.13 Gb Free Space | 99.60% Space Free | Partition Type: NTFS Drive F: | 14.89 Gb Total Space | 14.89 Gb Free Space | 99.99% Space Free | Partition Type: FAT32 Computer Name: HOME-PC | User Name: Kenneth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17 "{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72 "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Acer Assist" = Acer Assist "Acer Registration" = Acer Registration "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Agere Systems Soft Modem" = Agere Systems HDA Modem "avast" = avast! Free Antivirus "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "CCleaner" = CCleaner (remove only) "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SpywareBlaster_is1" = SpywareBlaster 4.3 "TimeLineRemove_is1" = TimeLineRemove 0.9 "VLC media player" = VLC media player 1.1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/3/2012 3:01:37 AM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3028 Description = Error - 11/3/2012 3:01:37 AM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3058 Description = Error - 11/3/2012 3:47:38 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4609 Description = Error - 11/3/2012 4:57:36 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3038 Description = Error - 11/3/2012 5:00:24 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3028 Description = Error - 11/3/2012 5:00:24 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3058 Description = Error - 11/3/2012 8:05:03 PM | Computer Name = Home-PC | Source = VSS | ID = 8194 Description = Error - 11/3/2012 8:38:33 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3038 Description = Error - 11/3/2012 8:40:33 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3028 Description = Error - 11/3/2012 8:40:33 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3058 Description = [ System Events ] Error - 11/6/2012 11:36:30 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001 Description = Error - 11/6/2012 11:36:30 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001 Description = Error - 11/6/2012 11:36:30 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001 Description = Error - 11/6/2012 11:36:36 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001 Description = Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7024 Description = Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7031 Description = Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = DCOM | ID = 10005 Description = Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11/8/2012 12:12:44 AM | Computer Name = Home-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 10:08:28 PM on 11/7/2012 was unexpected. < End of report >
  19. Tumbleweed88
    Started MABAM, updated it and it ran for a whole 22 minutes, and that's the best it's done. I thought we had it, fellow Tennesseean. Whats next?
  20. Tumbleweed88
    WOW is that a cool program ! Here is the log...... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-11-2012 Ran by SYSTEM at 07-11-2012 18:27:26 Running from F:\ Windows Vista Home Basic (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST) HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.) HKLM\...\Run: [skytel] Skytel.exe [x] HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software) HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [27432 2007-04-26] () HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [27432 2007-04-26] () Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) =================== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-07-11] (SUPERAntiSpyware.com) 2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software) 2 CLCapSvc; "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe" [257736 2007-06-21] () 2 CLSched; "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe" [118464 2007-06-21] () 2 CyberLink Media Library Service; "C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe" [1076832 2007-06-21] (Cyberlink) 2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [457512 2007-04-25] (HiTRSUT) 2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-03-14] (Acer Inc.) 2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-05-22] (Acer Inc.) 2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-02-13] (Acer Inc.) 2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-05] () 2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [107008 2006-11-24] () 2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [163840 2007-05-16] (acer) ==================== Drivers (Whitelisted) ==================== 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-06] (AVAST Software) 2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-06] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35672 2012-03-06] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-06] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-06] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-06] (AVAST Software) 1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) 2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () 0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) 0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) 0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 catchme; \??\C:\Users\Kenneth\AppData\Local\Temp\catchme.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] 3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-11-07 16:17 - 2012-11-07 16:17 - 00000000 ___AC C:\Windows\setuperr.log 2012-11-07 16:15 - 2012-11-06 22:15 - 00906778 ___AC (Farbar) C:\Users\Kenneth\Desktop\FRST.exe 2012-11-07 16:14 - 2012-11-07 16:14 - 00000000 ___DC C:\FRST 2012-11-06 17:29 - 2012-11-06 17:29 - 00011789 ___AC C:\ComboFix2.txt 2012-11-06 14:11 - 2012-11-07 16:18 - 00057333 ___AC C:\Windows\WindowsUpdate.log 2012-11-06 13:55 - 2011-06-25 22:45 - 00256000 ___AC C:\Windows\PEV.exe 2012-11-06 13:55 - 2010-11-07 09:20 - 00208896 ___AC C:\Windows\MBR.exe 2012-11-06 13:55 - 2009-04-19 20:56 - 00060416 ___AC (NirSoft) C:\Windows\NIRCMD.exe 2012-11-06 13:55 - 2000-08-30 16:00 - 00518144 ___AC (SteelWerX) C:\Windows\SWREG.exe 2012-11-06 13:55 - 2000-08-30 16:00 - 00406528 ___AC (SteelWerX) C:\Windows\SWSC.exe 2012-11-06 13:55 - 2000-08-30 16:00 - 00098816 ___AC C:\Windows\sed.exe 2012-11-06 13:55 - 2000-08-30 16:00 - 00080412 ___AC C:\Windows\grep.exe 2012-11-06 13:55 - 2000-08-30 16:00 - 00068096 ___AC C:\Windows\zip.exe 2012-11-06 13:52 - 2012-11-06 17:29 - 00000000 ___DC C:\Qoobox 2012-11-06 13:52 - 2012-11-06 14:11 - 00000000 ___DC C:\Windows\erdnt 2012-11-06 13:51 - 2012-11-06 13:49 - 04997881 ___RC (Swearware) C:\Users\Kenneth\Desktop\ComboFix.exe 2012-11-06 13:10 - 2012-11-06 13:10 - 00014034 ___AC C:\Users\Kenneth\Desktop\attach.txt 2012-11-06 13:10 - 2012-11-06 13:10 - 00009927 ___AC C:\Users\Kenneth\Desktop\dds.txt 2012-11-06 10:56 - 2012-11-06 09:53 - 00688779 ___RC (Swearware) C:\Users\Kenneth\Desktop\dds.scr 2012-11-06 10:37 - 2012-11-06 10:37 - 00000910 ___AC C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-06 10:37 - 2012-11-06 10:37 - 00000000 ___DC C:\Users\Kenneth\AppData\Roaming\Malwarebytes 2012-11-06 10:37 - 2012-11-06 10:37 - 00000000 ___DC C:\Users\All Users\Malwarebytes 2012-11-06 10:37 - 2012-11-06 10:37 - 00000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware 2012-11-06 10:37 - 2012-09-29 17:54 - 00022856 ___AC (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-11-06 10:14 - 2012-11-06 10:14 - 00001952 ___AC C:\Users\Kenneth\Desktop\HiJackThis.lnk 2012-11-06 10:14 - 2012-11-06 10:14 - 00000000 ___DC C:\Program Files\Trend Micro 2012-11-05 21:33 - 2012-11-06 17:57 - 00067000 ___AC C:\Windows\PFRO.log 2012-11-05 21:31 - 2012-11-05 21:27 - 10669896 ___AC (Malwarebytes Corporation ) C:\Users\Kenneth\Desktop\1mbam-setup.exe 2012-11-05 21:31 - 2012-11-05 21:25 - 00080456 ___AC (Malwarebytes Corporation) C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe 2012-11-05 19:06 - 2012-11-05 19:05 - 00302592 ___AC C:\Users\Kenneth\Desktop\Gmerrp1vecox.exe 2012-11-04 19:31 - 2012-11-04 19:26 - 02213976 ___AC (Kaspersky Lab ZAO) C:\Users\Kenneth\Desktop\tdsskiller.exe 2012-11-03 20:15 - 2012-11-03 20:15 - 00255770 ___AC C:\Users\Kenneth\AppData\Local\census.cache 2012-11-03 20:15 - 2012-11-03 20:15 - 00187324 ___AC C:\Users\Kenneth\AppData\Local\ars.cache 2012-11-03 20:03 - 2012-11-03 20:03 - 00000036 ___AC C:\Users\Kenneth\AppData\Local\housecall.guid.cache 2012-11-03 20:02 - 2012-11-03 20:02 - 02002944 ___AC (Trend Micro Inc.) C:\Users\Kenneth\Downloads\HousecallLauncher.exe 2012-11-03 17:49 - 2012-11-03 19:38 - 00000000 ___DC C:\Users\All Users\Spybot - Search & Destroy 2012-11-03 17:49 - 2012-11-03 17:52 - 00000000 ___DC C:\Program Files\Spybot - Search & Destroy 2012-11-03 17:49 - 2012-11-03 17:49 - 00001059 ___AC C:\Users\Kenneth\Desktop\Spybot - Search & Destroy.lnk 2012-11-03 16:37 - 2012-11-03 16:38 - 00144848 ___AC C:\Windows\Minidump\Mini110312-03.dmp 2012-11-03 11:47 - 2012-11-03 11:47 - 00144848 ___AC C:\Windows\Minidump\Mini110312-02.dmp 2012-11-03 11:24 - 2012-11-06 18:15 - 00000000 ___DC C:\Windows\Minidump 2012-11-03 11:24 - 2012-11-03 11:24 - 00144848 ___AC C:\Windows\Minidump\Mini110312-01.dmp 2012-11-03 11:23 - 2012-11-03 16:37 - 134975565 ____A C:\Windows\MEMORY.DMP 2012-11-02 22:56 - 2012-11-03 16:31 - 00000000 ___DC C:\Program Files\Eusing Free Registry Defrag 2012-11-02 22:50 - 2012-11-02 22:55 - 00000000 ___DC C:\Program Files\Eusing Free Registry Cleaner 2012-11-02 22:50 - 2012-11-02 22:50 - 00000866 ___AC C:\Users\Kenneth\Desktop\Eusing Free Registry Cleaner.lnk 2012-11-02 22:03 - 2012-11-02 22:03 - 00001441 ___AC C:\scu.dat 2012-11-02 16:56 - 2012-11-02 16:56 - 00000000 ___DC C:\Users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com 2012-11-02 16:55 - 2012-11-02 16:56 - 00000000 ___DC C:\Program Files\SUPERAntiSpyware 2012-11-02 16:55 - 2012-11-02 16:55 - 00001804 ___AC C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-11-02 16:55 - 2012-11-02 16:55 - 00000000 ___DC C:\Users\All Users\SUPERAntiSpyware.com 2012-10-31 11:22 - 2012-11-02 19:16 - 00000000 ___DC C:\Users\All Users\D852ADD2F4338B3B0000D851D58690AD 2012-10-26 02:50 - 2012-10-26 02:51 - 17246984 ___AC (Microsoft Corporation) C:\Users\Kenneth\Downloads\lmsetup (1).exe 2012-10-25 18:02 - 2012-10-25 18:03 - 10165409 ___AC C:\Users\Kenneth\Downloads\October_31st_Webinar_Conference_call_2_30_pm_Central_3_30pm_Eastern.zip 2012-10-10 12:50 - 2012-06-01 16:02 - 00985088 ___AC (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-10-10 12:50 - 2012-06-01 16:02 - 00133120 ___AC (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-10-10 12:50 - 2012-06-01 16:02 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-10-10 12:49 - 2012-09-13 05:28 - 00002048 ___AC (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-10-10 12:49 - 2012-08-29 03:27 - 03602816 ___AC (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-10-10 12:49 - 2012-08-29 03:27 - 03550080 ___AC (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-10-10 12:49 - 2012-08-24 07:53 - 00172544 ___AC (Microsoft Corporation) C:\Windows\System32\wintrust.dll ==================== 3 Months Modified Files ================== 2012-11-07 16:19 - 2006-11-02 04:58 - 00032602 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-11-07 16:19 - 2006-11-02 04:58 - 00000006 __AHC C:\Windows\Tasks\SA.DAT 2012-11-07 16:19 - 2006-11-02 04:45 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-07 16:19 - 2006-11-02 04:45 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-07 16:18 - 2012-11-06 14:11 - 00057333 ___AC C:\Windows\WindowsUpdate.log 2012-11-07 16:17 - 2012-11-07 16:17 - 00000714 ___AC C:\Windows\setupact.log 2012-11-07 16:17 - 2012-11-07 16:17 - 00000000 ___AC C:\Windows\setuperr.log 2012-11-07 16:17 - 2012-06-08 13:52 - 00000888 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-11-07 16:15 - 2006-11-02 02:33 - 00703214 ___AC C:\Windows\System32\PerfStringBackup.INI 2012-11-07 16:08 - 2012-06-08 13:52 - 00000884 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-11-06 22:28 - 2012-06-11 13:41 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-06 22:15 - 2012-11-07 16:15 - 00906778 ___AC (Farbar) C:\Users\Kenneth\Desktop\FRST.exe 2012-11-06 20:20 - 2012-02-17 15:04 - 00001356 ___AC C:\Users\Kenneth\AppData\Local\d3d9caps.dat 2012-11-06 18:15 - 2008-01-21 12:44 - 00147309 ____A C:\Windows\Minidump\Mini110612-03.dmp 2012-11-06 17:57 - 2012-11-05 21:33 - 00067000 ___AC C:\Windows\PFRO.log 2012-11-06 17:29 - 2012-11-06 17:29 - 00011789 ___AC C:\ComboFix2.txt 2012-11-06 17:26 - 2006-11-02 02:23 - 00000215 ___AC C:\Windows\system.ini 2012-11-06 13:49 - 2012-11-06 13:51 - 04997881 ___RC (Swearware) C:\Users\Kenneth\Desktop\ComboFix.exe 2012-11-06 13:10 - 2012-11-06 13:10 - 00014034 ___AC C:\Users\Kenneth\Desktop\attach.txt 2012-11-06 13:10 - 2012-11-06 13:10 - 00009927 ___AC C:\Users\Kenneth\Desktop\dds.txt 2012-11-06 10:49 - 2008-01-21 12:44 - 00147341 ____A C:\Windows\Minidump\Mini110612-02.dmp 2012-11-06 10:37 - 2012-11-06 10:37 - 00000910 ___AC C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-06 10:14 - 2012-11-06 10:14 - 00001952 ___AC C:\Users\Kenneth\Desktop\HiJackThis.lnk 2012-11-06 09:53 - 2012-11-06 10:56 - 00688779 ___RC (Swearware) C:\Users\Kenneth\Desktop\dds.scr 2012-11-06 09:53 - 2008-01-21 12:44 - 00147341 ____A C:\Windows\Minidump\Mini110612-01.dmp 2012-11-05 21:27 - 2012-11-05 21:31 - 10669896 ___AC (Malwarebytes Corporation ) C:\Users\Kenneth\Desktop\1mbam-setup.exe 2012-11-05 21:25 - 2012-11-05 21:31 - 00080456 ___AC (Malwarebytes Corporation) C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe 2012-11-05 19:05 - 2012-11-05 19:06 - 00302592 ___AC C:\Users\Kenneth\Desktop\Gmerrp1vecox.exe 2012-11-04 19:26 - 2012-11-04 19:31 - 02213976 ___AC (Kaspersky Lab ZAO) C:\Users\Kenneth\Desktop\tdsskiller.exe 2012-11-04 19:26 - 2008-01-21 12:44 - 00147373 ____A C:\Windows\Minidump\Mini110412-01.dmp 2012-11-03 20:15 - 2012-11-03 20:15 - 00255770 ___AC C:\Users\Kenneth\AppData\Local\census.cache 2012-11-03 20:15 - 2012-11-03 20:15 - 00187324 ___AC C:\Users\Kenneth\AppData\Local\ars.cache 2012-11-03 20:03 - 2012-11-03 20:03 - 00000036 ___AC C:\Users\Kenneth\AppData\Local\housecall.guid.cache 2012-11-03 20:02 - 2012-11-03 20:02 - 02002944 ___AC (Trend Micro Inc.) C:\Users\Kenneth\Downloads\HousecallLauncher.exe 2012-11-03 17:49 - 2012-11-03 17:49 - 00001059 ___AC C:\Users\Kenneth\Desktop\Spybot - Search & Destroy.lnk 2012-11-03 16:38 - 2012-11-03 16:37 - 00144848 ___AC C:\Windows\Minidump\Mini110312-03.dmp 2012-11-03 16:37 - 2012-11-03 11:23 - 134975565 ____A C:\Windows\MEMORY.DMP 2012-11-03 11:47 - 2012-11-03 11:47 - 00144848 ___AC C:\Windows\Minidump\Mini110312-02.dmp 2012-11-03 11:24 - 2012-11-03 11:24 - 00144848 ___AC C:\Windows\Minidump\Mini110312-01.dmp 2012-11-02 22:59 - 2006-11-02 02:22 - 38797312 ____A C:\Windows\System32\config\COMPONENTS.bak 2012-11-02 22:59 - 2006-11-02 02:22 - 36438016 ____A C:\Windows\System32\config\SOFTWARE.bak 2012-11-02 22:59 - 2006-11-02 02:22 - 25427968 ____A C:\Windows\System32\config\SYSTEM.bak 2012-11-02 22:59 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak 2012-11-02 22:59 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SAM.bak 2012-11-02 22:59 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak 2012-11-02 22:50 - 2012-11-02 22:50 - 00000866 ___AC C:\Users\Kenneth\Desktop\Eusing Free Registry Cleaner.lnk 2012-11-02 22:03 - 2012-11-02 22:03 - 00001441 ___AC C:\scu.dat 2012-11-02 16:55 - 2012-11-02 16:55 - 00001804 ___AC C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-10-26 02:51 - 2012-10-26 02:50 - 17246984 ___AC (Microsoft Corporation) C:\Users\Kenneth\Downloads\lmsetup (1).exe 2012-10-25 18:03 - 2012-10-25 18:02 - 10165409 ___AC C:\Users\Kenneth\Downloads\October_31st_Webinar_Conference_call_2_30_pm_Central_3_30pm_Eastern.zip 2012-10-11 00:11 - 2012-06-08 13:57 - 00001975 ___AC C:\Users\Public\Desktop\Google Chrome.lnk 2012-10-11 00:08 - 2006-11-02 02:24 - 62968832 ___AC (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-10-09 13:35 - 2012-06-11 13:41 - 00696760 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-10-09 13:35 - 2011-09-09 09:56 - 00073656 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-09-29 17:54 - 2012-11-06 10:37 - 00022856 ___AC (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-27 04:19 - 2011-09-21 03:44 - 00000000 ___AC C:\Users\Kenneth\Downloads\my little helper.jpg.txlrqxa.partial 2012-09-13 05:28 - 2012-10-10 12:49 - 00002048 ___AC (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-08-29 03:27 - 2012-10-10 12:49 - 03602816 ___AC (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-08-29 03:27 - 2012-10-10 12:49 - 03550080 ___AC (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-08-24 07:53 - 2012-10-10 12:49 - 00172544 ___AC (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-08-23 23:27 - 2012-09-23 00:01 - 12319744 ___AC (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-23 23:03 - 2012-09-23 00:02 - 09738240 ___AC (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-23 22:59 - 2012-09-23 00:02 - 01800704 ___AC (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-23 22:51 - 2012-09-23 00:02 - 01427968 ___AC (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-23 22:51 - 2012-09-23 00:02 - 01129472 ___AC (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-23 22:51 - 2012-09-23 00:02 - 01103872 ___AC (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-23 22:49 - 2012-09-23 00:02 - 00231936 ___AC (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-23 22:48 - 2012-09-23 00:02 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-23 22:47 - 2012-09-23 00:02 - 00717824 ___AC (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-23 22:47 - 2012-09-23 00:02 - 00420864 ___AC (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-23 22:47 - 2012-09-23 00:02 - 00142848 ___AC (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-23 22:45 - 2012-09-23 00:02 - 00607744 ___AC (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-23 22:44 - 2012-09-23 00:02 - 01793024 ___AC (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-23 22:44 - 2012-09-23 00:02 - 00073216 ___AC (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-23 22:43 - 2012-09-23 00:02 - 02382848 ___AC (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-23 22:40 - 2012-09-23 00:02 - 00176640 ___AC (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-16 00:27 - 2006-11-02 04:44 - 00298312 ___AC C:\Windows\System32\FNTCACHE.DAT ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-11-06 13:56:05 Restore point made on: 2012-11-06 14:18:29 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 1013.45 MB Available physical RAM: 813.41 MB Total Pagefile: 978.31 MB Available Pagefile: 861.2 MB Total Virtual: 2047.88 MB Available Virtual: 1983.6 MB ==================== Partitions ============================= 1 Drive c: (ACER) (Fixed) (Total:32.51 GB) (Free:12.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (DATA) (Fixed) (Total:32.26 GB) (Free:32.13 GB) NTFS 4 Drive f: () (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32 5 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.31 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 75 GB 539 KB Disk 1 Online 15 GB 0 B Partitions of Disk 0: =============== Check the system event log for more information on the failure. ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 15 GB 16 KB ========================================================= Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 F FAT32 Removable 15 GB Healthy ========================================================= Last Boot: 2012-11-07 16:14 ==================== End Of Log ============================
  21. Tumbleweed88
    MBAM log...... Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.06.08 Windows Vista Service Pack 2 x86 NTFS (Safe Mode) Internet Explorer 9.0.8112.16421 Kenneth :: HOME-PC [administrator] 11/6/2012 9:36:34 PM mbam-log-2012-11-06 (21-36-34).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 291019 Time elapsed: 51 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  22. Tumbleweed88
    It ran fine in SafeMode. It ran for 51 minutes. Whats next?
  23. Tumbleweed88
    I tried to run MBAM and it ran for 1 minute and 53 sec. and I got the same blue screen error message.
  24. Tumbleweed88
    Here is the 2nd log......Do you want me to try to run MBAM ? ComboFix 12-11-06.03 - Kenneth 11/06/2012 19:17:07.2.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.287 [GMT -6:00] Running from: c:\users\Kenneth\Desktop\ComboFix.exe Command switches used :: c:\users\Kenneth\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files\Ask.com\Updater\Updater.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Ask.com\Updater\Updater.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 ))))))))))))))))))))))))))))))) . . 2012-11-07 01:26 . 2012-11-07 01:26 -------- dc----w- c:\users\Kenneth\AppData\Local\temp 2012-11-07 01:26 . 2012-11-07 01:26 -------- dc----w- c:\users\Default\AppData\Local\temp 2012-11-06 22:24 . 2012-10-17 07:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78620410-7EF8-49E9-8980-DA79F291E3D1}\mpengine.dll 2012-11-06 18:37 . 2012-11-06 18:38 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\users\Kenneth\AppData\Roaming\Malwarebytes 2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\programdata\Malwarebytes 2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-06 18:37 . 2012-09-30 01:54 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-11-06 18:14 . 2012-11-06 18:14 388096 -c--a-r- c:\users\Kenneth\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-06 18:14 . 2012-11-06 18:14 -------- dc----w- c:\program files\Trend Micro 2012-11-04 01:49 . 2012-11-04 03:38 -------- dc----w- c:\programdata\Spybot - Search & Destroy 2012-11-04 01:49 . 2012-11-04 01:52 -------- dc----w- c:\program files\Spybot - Search & Destroy 2012-11-03 06:56 . 2012-11-04 00:31 -------- dc----w- c:\program files\Eusing Free Registry Defrag 2012-11-03 06:50 . 2012-11-03 06:55 -------- dc----w- c:\program files\Eusing Free Registry Cleaner 2012-11-03 00:56 . 2012-11-03 00:56 -------- dc----w- c:\users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com 2012-11-03 00:55 . 2012-11-03 00:56 -------- dc----w- c:\program files\SUPERAntiSpyware 2012-11-03 00:55 . 2012-11-03 00:55 -------- dc----w- c:\programdata\SUPERAntiSpyware.com 2012-10-31 19:22 . 2012-11-03 03:16 -------- dc----w- c:\programdata\D852ADD2F4338B3B0000D851D58690AD 2012-10-10 20:50 . 2012-06-02 00:02 985088 -c--a-w- c:\windows\system32\crypt32.dll 2012-10-10 20:50 . 2012-06-02 00:02 98304 -c--a-w- c:\windows\system32\cryptnet.dll 2012-10-10 20:50 . 2012-06-02 00:02 133120 -c--a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 20:49 . 2012-08-24 15:53 172544 -c--a-w- c:\windows\system32\wintrust.dll 2012-10-10 20:49 . 2012-09-13 13:28 2048 -c--a-w- c:\windows\system32\tzres.dll 2012-10-10 20:49 . 2012-08-29 11:27 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 20:49 . 2012-08-29 11:27 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 21:35 . 2012-06-11 21:41 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 21:35 . 2011-09-09 17:56 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-24 06:59 . 2012-09-23 08:02 1800704 -c--a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-23 08:02 1129472 -c--a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-23 08:02 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 08:02 142848 -c--a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 08:02 420864 -c--a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-23 08:02 2382848 -c--a-w- c:\windows\system32\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Skytel"="Skytel.exe" [2007-06-15 1826816] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Kenneth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher] 2007-02-02 18:05 1261568 -c--a-w- c:\program files\Acer Assist\launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration] 2007-02-02 19:24 3383296 -c--a-w- c:\program files\Acer Registration\ACE1.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-05-22 22:49 151552 -c--a-w- c:\acer\AcerTour\Reminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-12 01:13 141848 -c--a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-07-16 05:51 768520 -c--a-w- c:\progra~1\LAUNCH~1\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2012-05-25 09:25 6595928 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-06-22 01:25 155648 -c--a-w- c:\program files\Acer\Acer Arcade\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 10:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 -c--a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 -c--a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 21:35] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.google.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.us.acer.yahoo.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-06 19:26 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2012-11-06 19:29:47 ComboFix-quarantined-files.txt 2012-11-07 01:29 ComboFix2.txt 2012-11-06 22:16 . Pre-Run: 13,568,704,512 bytes free Post-Run: 13,578,989,568 bytes free . - - End Of File - - E5A81B23C36A72791FF72FC52C12C77D
  25. Tumbleweed88
    Here is the log you wanted...... ComboFix 12-11-06.03 - Kenneth 11/06/2012 15:58:02.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.338 [GMT -6:00] Running from: c:\users\Kenneth\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\GAC\Desktop.ini . . ((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 ))))))))))))))))))))))))))))))) . . 2012-11-06 22:05 . 2012-11-06 22:08 -------- dc----w- c:\users\Kenneth\AppData\Local\temp 2012-11-06 18:37 . 2012-11-06 18:38 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\users\Kenneth\AppData\Roaming\Malwarebytes 2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\programdata\Malwarebytes 2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-06 18:37 . 2012-09-30 01:54 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-11-06 18:14 . 2012-11-06 18:14 388096 -c--a-r- c:\users\Kenneth\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-06 18:14 . 2012-11-06 18:14 -------- dc----w- c:\program files\Trend Micro 2012-11-04 01:49 . 2012-11-04 03:38 -------- dc----w- c:\programdata\Spybot - Search & Destroy 2012-11-04 01:49 . 2012-11-04 01:52 -------- dc----w- c:\program files\Spybot - Search & Destroy 2012-11-03 06:56 . 2012-11-04 00:31 -------- dc----w- c:\program files\Eusing Free Registry Defrag 2012-11-03 06:50 . 2012-11-03 06:55 -------- dc----w- c:\program files\Eusing Free Registry Cleaner 2012-11-03 00:56 . 2012-11-03 00:56 -------- dc----w- c:\users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com 2012-11-03 00:55 . 2012-11-03 00:56 -------- dc----w- c:\program files\SUPERAntiSpyware 2012-11-03 00:55 . 2012-11-03 00:55 -------- dc----w- c:\programdata\SUPERAntiSpyware.com 2012-10-31 19:22 . 2012-11-03 03:16 -------- dc----w- c:\programdata\D852ADD2F4338B3B0000D851D58690AD 2012-10-10 20:50 . 2012-06-02 00:02 985088 -c--a-w- c:\windows\system32\crypt32.dll 2012-10-10 20:50 . 2012-06-02 00:02 98304 -c--a-w- c:\windows\system32\cryptnet.dll 2012-10-10 20:50 . 2012-06-02 00:02 133120 -c--a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 20:49 . 2012-08-24 15:53 172544 -c--a-w- c:\windows\system32\wintrust.dll 2012-10-10 20:49 . 2012-09-13 13:28 2048 -c--a-w- c:\windows\system32\tzres.dll 2012-10-10 20:49 . 2012-08-29 11:27 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 20:49 . 2012-08-29 11:27 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 21:35 . 2012-06-11 21:41 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 21:35 . 2011-09-09 17:56 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-24 06:59 . 2012-09-23 08:02 1800704 -c--a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-23 08:02 1129472 -c--a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-23 08:02 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 08:02 142848 -c--a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 08:02 420864 -c--a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-23 08:02 2382848 -c--a-w- c:\windows\system32\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Skytel"="Skytel.exe" [2007-06-15 1826816] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Kenneth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher] 2007-02-02 18:05 1261568 -c--a-w- c:\program files\Acer Assist\launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration] 2007-02-02 19:24 3383296 -c--a-w- c:\program files\Acer Registration\ACE1.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-05-22 22:49 151552 -c--a-w- c:\acer\AcerTour\Reminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2012-06-07 02:33 1564872 -c--a-w- c:\program files\Ask.com\Updater\Updater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-12 01:13 141848 -c--a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-07-16 05:51 768520 -c--a-w- c:\progra~1\LAUNCH~1\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2012-05-25 09:25 6595928 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-06-22 01:25 155648 -c--a-w- c:\program files\Acer\Acer Arcade\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 10:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 -c--a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 -c--a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 21:35] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.google.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.us.acer.yahoo.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-06 16:07 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3340) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\agrsmsvc.exe c:\acer\ALaunch\ALaunchSvc.exe c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\acer\Mobility Center\MobilityService.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\RtHDVCpl.exe c:\windows\system32\wbem\unsecapp.exe c:\users\Kenneth\AppData\Local\Temp\RtkBtMnt.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-11-06 16:16:12 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-06 22:13 . Pre-Run: 14,266,789,888 bytes free Post-Run: 14,209,695,744 bytes free . - - End Of File - - C978F674BC1DFF55EA9879A68DD25DAD
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.