Jump to content

MBAM causing BSOD


Recommended Posts

I have an Acer Aspire 5315-2940, Windows Vista, 32 bit.

I had a virus/trogan and I believe I got rid of it using Super Anti Spyware, Spybot, and even Malwarebytes. I went to run Malwarebytes one last time to make sure the computer was clean and the computer BLUE SCREENED. I ran other virus removing programs and everything was fine. I can go online and surf normaly. I can do anything I want to on the laptop except run Malwarebytes.

I uninstalled Malwarebytes and downloaded a clean install from Filehippo.com. I installed it and tried to run it but I got the BSOD again.

On the blue screen it says:

Kernal_data_inpage_error

stop: 0x0000007a ( 0xC0216DD4

ATAPORT.SYS-ADDRESS 85B75A9A BASE AT

85B66000, DATESTAMP 49E01EEE

Can anyone shed some light as to why all of a sudden I can't get Malwarebyes to run?

Any and all help will be greatly appreciated !

I also have ran MBAN remover, and downloaded a fresh copy of MBAM from BleepinComputers, and ran it but got the same results. MBAM runs less than 3 minutes and then I get the BSOD.

I may have a rootkit, I don't know for sure.

dds.txt

attach.txt

Link to post
Share on other sites

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)

----------

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

Here is the log you wanted......

ComboFix 12-11-06.03 - Kenneth 11/06/2012 15:58:02.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.338 [GMT -6:00]

Running from: c:\users\Kenneth\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC\Desktop.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))

.

.

2012-11-06 22:05 . 2012-11-06 22:08 -------- dc----w- c:\users\Kenneth\AppData\Local\temp

2012-11-06 18:37 . 2012-11-06 18:38 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\users\Kenneth\AppData\Roaming\Malwarebytes

2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\programdata\Malwarebytes

2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-06 18:37 . 2012-09-30 01:54 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-11-06 18:14 . 2012-11-06 18:14 388096 -c--a-r- c:\users\Kenneth\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-06 18:14 . 2012-11-06 18:14 -------- dc----w- c:\program files\Trend Micro

2012-11-04 01:49 . 2012-11-04 03:38 -------- dc----w- c:\programdata\Spybot - Search & Destroy

2012-11-04 01:49 . 2012-11-04 01:52 -------- dc----w- c:\program files\Spybot - Search & Destroy

2012-11-03 06:56 . 2012-11-04 00:31 -------- dc----w- c:\program files\Eusing Free Registry Defrag

2012-11-03 06:50 . 2012-11-03 06:55 -------- dc----w- c:\program files\Eusing Free Registry Cleaner

2012-11-03 00:56 . 2012-11-03 00:56 -------- dc----w- c:\users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com

2012-11-03 00:55 . 2012-11-03 00:56 -------- dc----w- c:\program files\SUPERAntiSpyware

2012-11-03 00:55 . 2012-11-03 00:55 -------- dc----w- c:\programdata\SUPERAntiSpyware.com

2012-10-31 19:22 . 2012-11-03 03:16 -------- dc----w- c:\programdata\D852ADD2F4338B3B0000D851D58690AD

2012-10-10 20:50 . 2012-06-02 00:02 985088 -c--a-w- c:\windows\system32\crypt32.dll

2012-10-10 20:50 . 2012-06-02 00:02 98304 -c--a-w- c:\windows\system32\cryptnet.dll

2012-10-10 20:50 . 2012-06-02 00:02 133120 -c--a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 20:49 . 2012-08-24 15:53 172544 -c--a-w- c:\windows\system32\wintrust.dll

2012-10-10 20:49 . 2012-09-13 13:28 2048 -c--a-w- c:\windows\system32\tzres.dll

2012-10-10 20:49 . 2012-08-29 11:27 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-10 20:49 . 2012-08-29 11:27 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 21:35 . 2012-06-11 21:41 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 21:35 . 2011-09-09 17:56 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-24 06:59 . 2012-09-23 08:02 1800704 -c--a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-23 08:02 1129472 -c--a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-23 08:02 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 08:02 142848 -c--a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 08:02 420864 -c--a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-23 08:02 2382848 -c--a-w- c:\windows\system32\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]

backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Kenneth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]

2007-02-02 18:05 1261568 -c--a-w- c:\program files\Acer Assist\launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]

2007-02-02 19:24 3383296 -c--a-w- c:\program files\Acer Registration\ACE1.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]

2007-05-22 22:49 151552 -c--a-w- c:\acer\AcerTour\Reminder.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

2012-06-07 02:33 1564872 -c--a-w- c:\program files\Ask.com\Updater\Updater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-02-12 01:13 141848 -c--a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2007-07-16 05:51 768520 -c--a-w- c:\progra~1\LAUNCH~1\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2012-05-25 09:25 6595928 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-06-22 01:25 155648 -c--a-w- c:\program files\Acer\Acer Arcade\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 10:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 -c--a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 -c--a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 21:35]

.

2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51]

.

2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mail.google.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://en.us.acer.yahoo.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-06 16:07

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3340)

c:\windows\system32\MsnChatHook.dll

c:\windows\system32\ShowErrMsg.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\BatchCrypto.dll

c:\windows\system32\CryptoAPI.dll

c:\windows\system32\keyManager.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\agrsmsvc.exe

c:\acer\ALaunch\ALaunchSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\acer\Empowering Technology\eDataSecurity\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\acer\Mobility Center\MobilityService.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\RtHDVCpl.exe

c:\windows\system32\wbem\unsecapp.exe

c:\users\Kenneth\AppData\Local\Temp\RtkBtMnt.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-11-06 16:16:12 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-06 22:13

.

Pre-Run: 14,266,789,888 bytes free

Post-Run: 14,209,695,744 bytes free

.

- - End Of File - - C978F674BC1DFF55EA9879A68DD25DAD

Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    File::
    c:\program files\Ask.com\Updater\Updater.exe
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Please post the new ComboFix log and let me know how your system is running now. :)

Link to post
Share on other sites

Here is the 2nd log......Do you want me to try to run MBAM ?

ComboFix 12-11-06.03 - Kenneth 11/06/2012 19:17:07.2.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.287 [GMT -6:00]

Running from: c:\users\Kenneth\Desktop\ComboFix.exe

Command switches used :: c:\users\Kenneth\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files\Ask.com\Updater\Updater.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Ask.com\Updater\Updater.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))

.

.

2012-11-07 01:26 . 2012-11-07 01:26 -------- dc----w- c:\users\Kenneth\AppData\Local\temp

2012-11-07 01:26 . 2012-11-07 01:26 -------- dc----w- c:\users\Default\AppData\Local\temp

2012-11-06 22:24 . 2012-10-17 07:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78620410-7EF8-49E9-8980-DA79F291E3D1}\mpengine.dll

2012-11-06 18:37 . 2012-11-06 18:38 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\users\Kenneth\AppData\Roaming\Malwarebytes

2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\programdata\Malwarebytes

2012-11-06 18:37 . 2012-11-06 18:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-06 18:37 . 2012-09-30 01:54 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-11-06 18:14 . 2012-11-06 18:14 388096 -c--a-r- c:\users\Kenneth\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-06 18:14 . 2012-11-06 18:14 -------- dc----w- c:\program files\Trend Micro

2012-11-04 01:49 . 2012-11-04 03:38 -------- dc----w- c:\programdata\Spybot - Search & Destroy

2012-11-04 01:49 . 2012-11-04 01:52 -------- dc----w- c:\program files\Spybot - Search & Destroy

2012-11-03 06:56 . 2012-11-04 00:31 -------- dc----w- c:\program files\Eusing Free Registry Defrag

2012-11-03 06:50 . 2012-11-03 06:55 -------- dc----w- c:\program files\Eusing Free Registry Cleaner

2012-11-03 00:56 . 2012-11-03 00:56 -------- dc----w- c:\users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com

2012-11-03 00:55 . 2012-11-03 00:56 -------- dc----w- c:\program files\SUPERAntiSpyware

2012-11-03 00:55 . 2012-11-03 00:55 -------- dc----w- c:\programdata\SUPERAntiSpyware.com

2012-10-31 19:22 . 2012-11-03 03:16 -------- dc----w- c:\programdata\D852ADD2F4338B3B0000D851D58690AD

2012-10-10 20:50 . 2012-06-02 00:02 985088 -c--a-w- c:\windows\system32\crypt32.dll

2012-10-10 20:50 . 2012-06-02 00:02 98304 -c--a-w- c:\windows\system32\cryptnet.dll

2012-10-10 20:50 . 2012-06-02 00:02 133120 -c--a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 20:49 . 2012-08-24 15:53 172544 -c--a-w- c:\windows\system32\wintrust.dll

2012-10-10 20:49 . 2012-09-13 13:28 2048 -c--a-w- c:\windows\system32\tzres.dll

2012-10-10 20:49 . 2012-08-29 11:27 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-10 20:49 . 2012-08-29 11:27 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 21:35 . 2012-06-11 21:41 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 21:35 . 2011-09-09 17:56 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-24 06:59 . 2012-09-23 08:02 1800704 -c--a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-23 08:02 1129472 -c--a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-23 08:02 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 08:02 142848 -c--a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 08:02 420864 -c--a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-23 08:02 2382848 -c--a-w- c:\windows\system32\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]

backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Kenneth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]

2007-02-02 18:05 1261568 -c--a-w- c:\program files\Acer Assist\launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]

2007-02-02 19:24 3383296 -c--a-w- c:\program files\Acer Registration\ACE1.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]

2007-05-22 22:49 151552 -c--a-w- c:\acer\AcerTour\Reminder.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-02-12 01:13 141848 -c--a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2007-07-16 05:51 768520 -c--a-w- c:\progra~1\LAUNCH~1\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2012-05-25 09:25 6595928 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-06-22 01:25 155648 -c--a-w- c:\program files\Acer\Acer Arcade\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 10:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 -c--a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 -c--a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 21:35]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 21:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mail.google.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://en.us.acer.yahoo.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-06 19:26

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2012-11-06 19:29:47

ComboFix-quarantined-files.txt 2012-11-07 01:29

ComboFix2.txt 2012-11-06 22:16

.

Pre-Run: 13,568,704,512 bytes free

Post-Run: 13,578,989,568 bytes free

.

- - End Of File - - E5A81B23C36A72791FF72FC52C12C77D

Link to post
Share on other sites

MBAM log......

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.06.08

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

Kenneth :: HOME-PC [administrator]

11/6/2012 9:36:34 PM

mbam-log-2012-11-06 (21-36-34).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 291019

Time elapsed: 51 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

FRST

Download the 32 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------

Link to post
Share on other sites

WOW is that a cool program ! Here is the log......

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-11-2012

Ran by SYSTEM at 07-11-2012 18:27:26

Running from F:\

Windows Vista Home Basic (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)

HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.)

HKLM\...\Run: [skytel] Skytel.exe [x]

HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)

HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [27432 2007-04-26] ()

HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [27432 2007-04-26] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-07-11] (SUPERAntiSpyware.com)

2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] ()

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)

2 CLCapSvc; "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe" [257736 2007-06-21] ()

2 CLSched; "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe" [118464 2007-06-21] ()

2 CyberLink Media Library Service; "C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe" [1076832 2007-06-21] (Cyberlink)

2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [457512 2007-04-25] (HiTRSUT)

2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-03-14] (Acer Inc.)

2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-05-22] (Acer Inc.)

2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-02-13] (Acer Inc.)

2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-05] ()

2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [107008 2006-11-24] ()

2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [163840 2007-05-16] (acer)

==================== Drivers (Whitelisted) ====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-06] (AVAST Software)

2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-06] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35672 2012-03-06] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-06] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-06] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-06] (AVAST Software)

1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)

2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()

0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)

0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)

0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]

3 catchme; \??\C:\Users\Kenneth\AppData\Local\Temp\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]

3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-11-07 16:17 - 2012-11-07 16:17 - 00000000 ___AC C:\Windows\setuperr.log

2012-11-07 16:15 - 2012-11-06 22:15 - 00906778 ___AC (Farbar) C:\Users\Kenneth\Desktop\FRST.exe

2012-11-07 16:14 - 2012-11-07 16:14 - 00000000 ___DC C:\FRST

2012-11-06 17:29 - 2012-11-06 17:29 - 00011789 ___AC C:\ComboFix2.txt

2012-11-06 14:11 - 2012-11-07 16:18 - 00057333 ___AC C:\Windows\WindowsUpdate.log

2012-11-06 13:55 - 2011-06-25 22:45 - 00256000 ___AC C:\Windows\PEV.exe

2012-11-06 13:55 - 2010-11-07 09:20 - 00208896 ___AC C:\Windows\MBR.exe

2012-11-06 13:55 - 2009-04-19 20:56 - 00060416 ___AC (NirSoft) C:\Windows\NIRCMD.exe

2012-11-06 13:55 - 2000-08-30 16:00 - 00518144 ___AC (SteelWerX) C:\Windows\SWREG.exe

2012-11-06 13:55 - 2000-08-30 16:00 - 00406528 ___AC (SteelWerX) C:\Windows\SWSC.exe

2012-11-06 13:55 - 2000-08-30 16:00 - 00098816 ___AC C:\Windows\sed.exe

2012-11-06 13:55 - 2000-08-30 16:00 - 00080412 ___AC C:\Windows\grep.exe

2012-11-06 13:55 - 2000-08-30 16:00 - 00068096 ___AC C:\Windows\zip.exe

2012-11-06 13:52 - 2012-11-06 17:29 - 00000000 ___DC C:\Qoobox

2012-11-06 13:52 - 2012-11-06 14:11 - 00000000 ___DC C:\Windows\erdnt

2012-11-06 13:51 - 2012-11-06 13:49 - 04997881 ___RC (Swearware) C:\Users\Kenneth\Desktop\ComboFix.exe

2012-11-06 13:10 - 2012-11-06 13:10 - 00014034 ___AC C:\Users\Kenneth\Desktop\attach.txt

2012-11-06 13:10 - 2012-11-06 13:10 - 00009927 ___AC C:\Users\Kenneth\Desktop\dds.txt

2012-11-06 10:56 - 2012-11-06 09:53 - 00688779 ___RC (Swearware) C:\Users\Kenneth\Desktop\dds.scr

2012-11-06 10:37 - 2012-11-06 10:37 - 00000910 ___AC C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-06 10:37 - 2012-11-06 10:37 - 00000000 ___DC C:\Users\Kenneth\AppData\Roaming\Malwarebytes

2012-11-06 10:37 - 2012-11-06 10:37 - 00000000 ___DC C:\Users\All Users\Malwarebytes

2012-11-06 10:37 - 2012-11-06 10:37 - 00000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware

2012-11-06 10:37 - 2012-09-29 17:54 - 00022856 ___AC (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-11-06 10:14 - 2012-11-06 10:14 - 00001952 ___AC C:\Users\Kenneth\Desktop\HiJackThis.lnk

2012-11-06 10:14 - 2012-11-06 10:14 - 00000000 ___DC C:\Program Files\Trend Micro

2012-11-05 21:33 - 2012-11-06 17:57 - 00067000 ___AC C:\Windows\PFRO.log

2012-11-05 21:31 - 2012-11-05 21:27 - 10669896 ___AC (Malwarebytes Corporation ) C:\Users\Kenneth\Desktop\1mbam-setup.exe

2012-11-05 21:31 - 2012-11-05 21:25 - 00080456 ___AC (Malwarebytes Corporation) C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe

2012-11-05 19:06 - 2012-11-05 19:05 - 00302592 ___AC C:\Users\Kenneth\Desktop\Gmerrp1vecox.exe

2012-11-04 19:31 - 2012-11-04 19:26 - 02213976 ___AC (Kaspersky Lab ZAO) C:\Users\Kenneth\Desktop\tdsskiller.exe

2012-11-03 20:15 - 2012-11-03 20:15 - 00255770 ___AC C:\Users\Kenneth\AppData\Local\census.cache

2012-11-03 20:15 - 2012-11-03 20:15 - 00187324 ___AC C:\Users\Kenneth\AppData\Local\ars.cache

2012-11-03 20:03 - 2012-11-03 20:03 - 00000036 ___AC C:\Users\Kenneth\AppData\Local\housecall.guid.cache

2012-11-03 20:02 - 2012-11-03 20:02 - 02002944 ___AC (Trend Micro Inc.) C:\Users\Kenneth\Downloads\HousecallLauncher.exe

2012-11-03 17:49 - 2012-11-03 19:38 - 00000000 ___DC C:\Users\All Users\Spybot - Search & Destroy

2012-11-03 17:49 - 2012-11-03 17:52 - 00000000 ___DC C:\Program Files\Spybot - Search & Destroy

2012-11-03 17:49 - 2012-11-03 17:49 - 00001059 ___AC C:\Users\Kenneth\Desktop\Spybot - Search & Destroy.lnk

2012-11-03 16:37 - 2012-11-03 16:38 - 00144848 ___AC C:\Windows\Minidump\Mini110312-03.dmp

2012-11-03 11:47 - 2012-11-03 11:47 - 00144848 ___AC C:\Windows\Minidump\Mini110312-02.dmp

2012-11-03 11:24 - 2012-11-06 18:15 - 00000000 ___DC C:\Windows\Minidump

2012-11-03 11:24 - 2012-11-03 11:24 - 00144848 ___AC C:\Windows\Minidump\Mini110312-01.dmp

2012-11-03 11:23 - 2012-11-03 16:37 - 134975565 ____A C:\Windows\MEMORY.DMP

2012-11-02 22:56 - 2012-11-03 16:31 - 00000000 ___DC C:\Program Files\Eusing Free Registry Defrag

2012-11-02 22:50 - 2012-11-02 22:55 - 00000000 ___DC C:\Program Files\Eusing Free Registry Cleaner

2012-11-02 22:50 - 2012-11-02 22:50 - 00000866 ___AC C:\Users\Kenneth\Desktop\Eusing Free Registry Cleaner.lnk

2012-11-02 22:03 - 2012-11-02 22:03 - 00001441 ___AC C:\scu.dat

2012-11-02 16:56 - 2012-11-02 16:56 - 00000000 ___DC C:\Users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com

2012-11-02 16:55 - 2012-11-02 16:56 - 00000000 ___DC C:\Program Files\SUPERAntiSpyware

2012-11-02 16:55 - 2012-11-02 16:55 - 00001804 ___AC C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-11-02 16:55 - 2012-11-02 16:55 - 00000000 ___DC C:\Users\All Users\SUPERAntiSpyware.com

2012-10-31 11:22 - 2012-11-02 19:16 - 00000000 ___DC C:\Users\All Users\D852ADD2F4338B3B0000D851D58690AD

2012-10-26 02:50 - 2012-10-26 02:51 - 17246984 ___AC (Microsoft Corporation) C:\Users\Kenneth\Downloads\lmsetup (1).exe

2012-10-25 18:02 - 2012-10-25 18:03 - 10165409 ___AC C:\Users\Kenneth\Downloads\October_31st_Webinar_Conference_call_2_30_pm_Central_3_30pm_Eastern.zip

2012-10-10 12:50 - 2012-06-01 16:02 - 00985088 ___AC (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-10-10 12:50 - 2012-06-01 16:02 - 00133120 ___AC (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-10-10 12:50 - 2012-06-01 16:02 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-10-10 12:49 - 2012-09-13 05:28 - 00002048 ___AC (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-10-10 12:49 - 2012-08-29 03:27 - 03602816 ___AC (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2012-10-10 12:49 - 2012-08-29 03:27 - 03550080 ___AC (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-10-10 12:49 - 2012-08-24 07:53 - 00172544 ___AC (Microsoft Corporation) C:\Windows\System32\wintrust.dll

==================== 3 Months Modified Files ==================

2012-11-07 16:19 - 2006-11-02 04:58 - 00032602 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-11-07 16:19 - 2006-11-02 04:58 - 00000006 __AHC C:\Windows\Tasks\SA.DAT

2012-11-07 16:19 - 2006-11-02 04:45 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-11-07 16:19 - 2006-11-02 04:45 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-11-07 16:18 - 2012-11-06 14:11 - 00057333 ___AC C:\Windows\WindowsUpdate.log

2012-11-07 16:17 - 2012-11-07 16:17 - 00000714 ___AC C:\Windows\setupact.log

2012-11-07 16:17 - 2012-11-07 16:17 - 00000000 ___AC C:\Windows\setuperr.log

2012-11-07 16:17 - 2012-06-08 13:52 - 00000888 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-11-07 16:15 - 2006-11-02 02:33 - 00703214 ___AC C:\Windows\System32\PerfStringBackup.INI

2012-11-07 16:08 - 2012-06-08 13:52 - 00000884 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-11-06 22:28 - 2012-06-11 13:41 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-11-06 22:15 - 2012-11-07 16:15 - 00906778 ___AC (Farbar) C:\Users\Kenneth\Desktop\FRST.exe

2012-11-06 20:20 - 2012-02-17 15:04 - 00001356 ___AC C:\Users\Kenneth\AppData\Local\d3d9caps.dat

2012-11-06 18:15 - 2008-01-21 12:44 - 00147309 ____A C:\Windows\Minidump\Mini110612-03.dmp

2012-11-06 17:57 - 2012-11-05 21:33 - 00067000 ___AC C:\Windows\PFRO.log

2012-11-06 17:29 - 2012-11-06 17:29 - 00011789 ___AC C:\ComboFix2.txt

2012-11-06 17:26 - 2006-11-02 02:23 - 00000215 ___AC C:\Windows\system.ini

2012-11-06 13:49 - 2012-11-06 13:51 - 04997881 ___RC (Swearware) C:\Users\Kenneth\Desktop\ComboFix.exe

2012-11-06 13:10 - 2012-11-06 13:10 - 00014034 ___AC C:\Users\Kenneth\Desktop\attach.txt

2012-11-06 13:10 - 2012-11-06 13:10 - 00009927 ___AC C:\Users\Kenneth\Desktop\dds.txt

2012-11-06 10:49 - 2008-01-21 12:44 - 00147341 ____A C:\Windows\Minidump\Mini110612-02.dmp

2012-11-06 10:37 - 2012-11-06 10:37 - 00000910 ___AC C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-06 10:14 - 2012-11-06 10:14 - 00001952 ___AC C:\Users\Kenneth\Desktop\HiJackThis.lnk

2012-11-06 09:53 - 2012-11-06 10:56 - 00688779 ___RC (Swearware) C:\Users\Kenneth\Desktop\dds.scr

2012-11-06 09:53 - 2008-01-21 12:44 - 00147341 ____A C:\Windows\Minidump\Mini110612-01.dmp

2012-11-05 21:27 - 2012-11-05 21:31 - 10669896 ___AC (Malwarebytes Corporation ) C:\Users\Kenneth\Desktop\1mbam-setup.exe

2012-11-05 21:25 - 2012-11-05 21:31 - 00080456 ___AC (Malwarebytes Corporation) C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe

2012-11-05 19:05 - 2012-11-05 19:06 - 00302592 ___AC C:\Users\Kenneth\Desktop\Gmerrp1vecox.exe

2012-11-04 19:26 - 2012-11-04 19:31 - 02213976 ___AC (Kaspersky Lab ZAO) C:\Users\Kenneth\Desktop\tdsskiller.exe

2012-11-04 19:26 - 2008-01-21 12:44 - 00147373 ____A C:\Windows\Minidump\Mini110412-01.dmp

2012-11-03 20:15 - 2012-11-03 20:15 - 00255770 ___AC C:\Users\Kenneth\AppData\Local\census.cache

2012-11-03 20:15 - 2012-11-03 20:15 - 00187324 ___AC C:\Users\Kenneth\AppData\Local\ars.cache

2012-11-03 20:03 - 2012-11-03 20:03 - 00000036 ___AC C:\Users\Kenneth\AppData\Local\housecall.guid.cache

2012-11-03 20:02 - 2012-11-03 20:02 - 02002944 ___AC (Trend Micro Inc.) C:\Users\Kenneth\Downloads\HousecallLauncher.exe

2012-11-03 17:49 - 2012-11-03 17:49 - 00001059 ___AC C:\Users\Kenneth\Desktop\Spybot - Search & Destroy.lnk

2012-11-03 16:38 - 2012-11-03 16:37 - 00144848 ___AC C:\Windows\Minidump\Mini110312-03.dmp

2012-11-03 16:37 - 2012-11-03 11:23 - 134975565 ____A C:\Windows\MEMORY.DMP

2012-11-03 11:47 - 2012-11-03 11:47 - 00144848 ___AC C:\Windows\Minidump\Mini110312-02.dmp

2012-11-03 11:24 - 2012-11-03 11:24 - 00144848 ___AC C:\Windows\Minidump\Mini110312-01.dmp

2012-11-02 22:59 - 2006-11-02 02:22 - 38797312 ____A C:\Windows\System32\config\COMPONENTS.bak

2012-11-02 22:59 - 2006-11-02 02:22 - 36438016 ____A C:\Windows\System32\config\SOFTWARE.bak

2012-11-02 22:59 - 2006-11-02 02:22 - 25427968 ____A C:\Windows\System32\config\SYSTEM.bak

2012-11-02 22:59 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak

2012-11-02 22:59 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SAM.bak

2012-11-02 22:59 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak

2012-11-02 22:50 - 2012-11-02 22:50 - 00000866 ___AC C:\Users\Kenneth\Desktop\Eusing Free Registry Cleaner.lnk

2012-11-02 22:03 - 2012-11-02 22:03 - 00001441 ___AC C:\scu.dat

2012-11-02 16:55 - 2012-11-02 16:55 - 00001804 ___AC C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-10-26 02:51 - 2012-10-26 02:50 - 17246984 ___AC (Microsoft Corporation) C:\Users\Kenneth\Downloads\lmsetup (1).exe

2012-10-25 18:03 - 2012-10-25 18:02 - 10165409 ___AC C:\Users\Kenneth\Downloads\October_31st_Webinar_Conference_call_2_30_pm_Central_3_30pm_Eastern.zip

2012-10-11 00:11 - 2012-06-08 13:57 - 00001975 ___AC C:\Users\Public\Desktop\Google Chrome.lnk

2012-10-11 00:08 - 2006-11-02 02:24 - 62968832 ___AC (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-10-09 13:35 - 2012-06-11 13:41 - 00696760 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-10-09 13:35 - 2011-09-09 09:56 - 00073656 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-09-29 17:54 - 2012-11-06 10:37 - 00022856 ___AC (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-27 04:19 - 2011-09-21 03:44 - 00000000 ___AC C:\Users\Kenneth\Downloads\my little helper.jpg.txlrqxa.partial

2012-09-13 05:28 - 2012-10-10 12:49 - 00002048 ___AC (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-08-29 03:27 - 2012-10-10 12:49 - 03602816 ___AC (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2012-08-29 03:27 - 2012-10-10 12:49 - 03550080 ___AC (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-08-24 07:53 - 2012-10-10 12:49 - 00172544 ___AC (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-08-23 23:27 - 2012-09-23 00:01 - 12319744 ___AC (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-23 23:03 - 2012-09-23 00:02 - 09738240 ___AC (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-23 22:59 - 2012-09-23 00:02 - 01800704 ___AC (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-23 22:51 - 2012-09-23 00:02 - 01427968 ___AC (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-23 22:51 - 2012-09-23 00:02 - 01129472 ___AC (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-23 22:51 - 2012-09-23 00:02 - 01103872 ___AC (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-23 22:49 - 2012-09-23 00:02 - 00231936 ___AC (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-23 22:48 - 2012-09-23 00:02 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-23 22:47 - 2012-09-23 00:02 - 00717824 ___AC (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-23 22:47 - 2012-09-23 00:02 - 00420864 ___AC (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-23 22:47 - 2012-09-23 00:02 - 00142848 ___AC (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-23 22:45 - 2012-09-23 00:02 - 00607744 ___AC (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-23 22:44 - 2012-09-23 00:02 - 01793024 ___AC (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-23 22:44 - 2012-09-23 00:02 - 00073216 ___AC (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-23 22:43 - 2012-09-23 00:02 - 02382848 ___AC (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-23 22:40 - 2012-09-23 00:02 - 00176640 ___AC (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-16 00:27 - 2006-11-02 04:44 - 00298312 ___AC C:\Windows\System32\FNTCACHE.DAT

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-06 13:56:05

Restore point made on: 2012-11-06 14:18:29

==================== Memory info ===========================

Percentage of memory in use: 19%

Total physical RAM: 1013.45 MB

Available physical RAM: 813.41 MB

Total Pagefile: 978.31 MB

Available Pagefile: 861.2 MB

Total Virtual: 2047.88 MB

Available Virtual: 1983.6 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:32.51 GB) (Free:12.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:32.26 GB) (Free:32.13 GB) NTFS

4 Drive f: () (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32

5 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.31 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 75 GB 539 KB

Disk 1 Online 15 GB 0 B

Partitions of Disk 0:

===============

Check the system event log for more information on the failure.

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 15 GB 16 KB

=========================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 F FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-11-07 16:14

==================== End Of Log ============================

Link to post
Share on other sites

Ok let's get a different look at this....

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in
    netsvcs
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

Here is EXTRAS.......

OTL Extras logfile created on: 11/7/2012 10:32:33 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kenneth\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.33 Mb Total Physical Memory | 321.69 Mb Available Physical Memory | 31.75% Memory free

2.23 Gb Paging File | 1.38 Gb Available in Paging File | 61.68% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 32.51 Gb Total Space | 11.92 Gb Free Space | 36.68% Space Free | Partition Type: NTFS

Drive D: | 32.26 Gb Total Space | 32.13 Gb Free Space | 99.60% Space Free | Partition Type: NTFS

Drive F: | 14.89 Gb Total Space | 14.89 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: Kenneth | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17

"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"avast" = avast! Free Antivirus

"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe

"CCleaner" = CCleaner (remove only)

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SpywareBlaster_is1" = SpywareBlaster 4.3

"TimeLineRemove_is1" = TimeLineRemove 0.9

"VLC media player" = VLC media player 1.1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/3/2012 3:01:37 AM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 11/3/2012 3:01:37 AM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3058

Description =

Error - 11/3/2012 3:47:38 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4609

Description =

Error - 11/3/2012 4:57:36 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3038

Description =

Error - 11/3/2012 5:00:24 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 11/3/2012 5:00:24 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3058

Description =

Error - 11/3/2012 8:05:03 PM | Computer Name = Home-PC | Source = VSS | ID = 8194

Description =

Error - 11/3/2012 8:38:33 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3038

Description =

Error - 11/3/2012 8:40:33 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 11/3/2012 8:40:33 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3058

Description =

[ System Events ]

Error - 11/6/2012 11:36:30 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 11/6/2012 11:36:30 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 11/6/2012 11:36:30 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 11/6/2012 11:36:36 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = DCOM | ID = 10005

Description =

Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 11/7/2012 1:15:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 11/8/2012 12:12:44 AM | Computer Name = Home-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 10:08:28 PM on 11/7/2012 was unexpected.

< End of report >

Link to post
Share on other sites

Here is OTL.....

OTL logfile created on: 11/7/2012 10:32:33 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kenneth\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.33 Mb Total Physical Memory | 321.69 Mb Available Physical Memory | 31.75% Memory free

2.23 Gb Paging File | 1.38 Gb Available in Paging File | 61.68% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 32.51 Gb Total Space | 11.92 Gb Free Space | 36.68% Space Free | Partition Type: NTFS

Drive D: | 32.26 Gb Total Space | 32.13 Gb Free Space | 99.60% Space Free | Partition Type: NTFS

Drive F: | 14.89 Gb Total Space | 14.89 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: Kenneth | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kenneth\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Kenneth\AppData\Local\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()

PRC - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()

PRC - C:\Acer\Mobility Center\MobilityService.exe ()

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\BatchCrypto.dll ()

MOD - C:\Windows\System32\ShowErrMsg.dll ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (CLSched) -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()

SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\Kenneth\AppData\Local\Temp\catchme.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes,DefaultScope = {915FBF5B-EBCE-4992-8ECC-E9FFDE6C81CF}

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{0A8808A2-AABC-4DFB-BF53-9BBC0B7C7C12}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{915FBF5B-EBCE-4992-8ECC-E9FFDE6C81CF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{B10D787B-03D0-4EF2-8C89-AE5EF6FA3C34}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/web?l=dis&o=APN10022&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A4D&apn_uid=5130376573954600&p2=^A4D^YYYYYY^YY^US&q={searchTerms}

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\SearchScopes\{FB712C83-C6C0-4B41-B8D2-0983AB386191}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYYYUS&apn_uid=40edba8b-8bb5-4517-8c2f-787cbc892291&apn_sauid=80EF17FA-194B-4E6E-AC0F-D37CBA4CEC81

IE - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Kenneth\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

========== Chrome ==========

CHR - homepage: http://www.ask.com/?l=dis&o=15119cr

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.ask.com/?l=dis&o=15119cr

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll

CHR - plugin: registryAccess (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaonkdgfnbiijefodhhpdilffkbbmg\7.15.4.0_0\background/registryAccess.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Kenneth\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Ask Toolbar = C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaonkdgfnbiijefodhhpdilffkbbmg\7.15.4.0_0\

CHR - Extension: avast! WebRep = C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2012/11/06 19:26:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2254466066-3444885189-128781240-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E28C7F8-15AB-45F2-8A8F-BB7E65AC0FEB}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBC7A79D-EB01-474E-8F43-C9A92D8CA7D1}: DhcpNameServer = 172.16.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/07 22:25:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kenneth\Desktop\OTL.exe

[2012/11/07 21:46:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012/11/07 18:15:57 | 000,906,778 | ---- | C] (Farbar) -- C:\Users\Kenneth\Desktop\FRST.exe

[2012/11/07 18:14:27 | 000,000,000 | ---D | C] -- C:\FRST

[2012/11/06 19:29:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/06 19:29:50 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Local\temp

[2012/11/06 15:55:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/06 15:55:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/06 15:55:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/06 15:52:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/06 15:52:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/06 15:51:02 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Kenneth\Desktop\ComboFix.exe

[2012/11/06 12:56:22 | 000,688,779 | R--- | C] (Swearware) -- C:\Users\Kenneth\Desktop\dds.scr

[2012/11/06 12:37:54 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\Malwarebytes

[2012/11/06 12:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/06 12:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/06 12:37:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/11/06 12:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/06 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/11/06 12:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/11/05 23:31:32 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe

[2012/11/05 23:31:23 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kenneth\Desktop\1mbam-setup.exe

[2012/11/04 21:31:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kenneth\Desktop\tdsskiller.exe

[2012/11/03 19:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/11/03 19:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012/11/03 13:24:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/11/03 00:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Defrag

[2012/11/03 00:50:22 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner

[2012/11/03 00:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner

[2012/11/02 18:56:16 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com

[2012/11/02 18:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/11/02 18:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/11/02 18:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/10/31 13:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\D852ADD2F4338B3B0000D851D58690AD

========== Files - Modified Within 30 Days ==========

[2012/11/07 22:30:47 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/11/07 22:30:47 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/11/07 22:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/07 22:24:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kenneth\Desktop\OTL.exe

[2012/11/07 22:17:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/07 22:12:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/07 22:12:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/07 22:12:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/07 22:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/07 21:47:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012/11/07 00:15:40 | 000,906,778 | ---- | M] (Farbar) -- C:\Users\Kenneth\Desktop\FRST.exe

[2012/11/06 22:20:58 | 000,001,356 | ---- | M] () -- C:\Users\Kenneth\AppData\Local\d3d9caps.dat

[2012/11/06 19:26:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/11/06 15:49:28 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Kenneth\Desktop\ComboFix.exe

[2012/11/06 12:37:48 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/06 12:14:15 | 000,001,952 | ---- | M] () -- C:\Users\Kenneth\Desktop\HiJackThis.lnk

[2012/11/06 11:53:56 | 000,688,779 | R--- | M] (Swearware) -- C:\Users\Kenneth\Desktop\dds.scr

[2012/11/05 23:27:06 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kenneth\Desktop\1mbam-setup.exe

[2012/11/05 23:25:26 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe

[2012/11/05 21:05:06 | 000,302,592 | ---- | M] () -- C:\Users\Kenneth\Desktop\Gmerrp1vecox.exe

[2012/11/04 21:26:10 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kenneth\Desktop\tdsskiller.exe

[2012/11/03 22:15:36 | 000,255,770 | ---- | M] () -- C:\Users\Kenneth\AppData\Local\census.cache

[2012/11/03 22:15:14 | 000,187,324 | ---- | M] () -- C:\Users\Kenneth\AppData\Local\ars.cache

[2012/11/03 22:03:07 | 000,000,036 | ---- | M] () -- C:\Users\Kenneth\AppData\Local\housecall.guid.cache

[2012/11/03 19:49:44 | 000,001,059 | ---- | M] () -- C:\Users\Kenneth\Desktop\Spybot - Search & Destroy.lnk

[2012/11/03 18:37:41 | 134,975,565 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/11/03 00:50:22 | 000,000,866 | ---- | M] () -- C:\Users\Kenneth\Desktop\Eusing Free Registry Cleaner.lnk

[2012/11/03 00:03:57 | 000,001,441 | ---- | M] () -- C:\scu.dat

[2012/11/02 18:55:57 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/10/11 02:11:09 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/11/06 15:55:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/06 15:55:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/06 15:55:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/06 15:55:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/06 15:55:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/06 12:37:48 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/06 12:14:15 | 000,001,952 | ---- | C] () -- C:\Users\Kenneth\Desktop\HiJackThis.lnk

[2012/11/05 21:06:53 | 000,302,592 | ---- | C] () -- C:\Users\Kenneth\Desktop\Gmerrp1vecox.exe

[2012/11/03 22:15:36 | 000,255,770 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\census.cache

[2012/11/03 22:15:14 | 000,187,324 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\ars.cache

[2012/11/03 22:03:07 | 000,000,036 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\housecall.guid.cache

[2012/11/03 19:49:44 | 000,001,059 | ---- | C] () -- C:\Users\Kenneth\Desktop\Spybot - Search & Destroy.lnk

[2012/11/03 13:23:30 | 134,975,565 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/11/03 00:50:22 | 000,000,866 | ---- | C] () -- C:\Users\Kenneth\Desktop\Eusing Free Registry Cleaner.lnk

[2012/11/03 00:03:57 | 000,001,441 | ---- | C] () -- C:\scu.dat

[2012/11/02 18:55:57 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/02/17 17:04:38 | 000,001,356 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\d3d9caps.dat

[2010/02/07 10:48:22 | 000,007,168 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2009/07/16 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Acer

[2009/09/19 11:46:49 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Auslogics

[2009/09/21 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\GlarySoft

[2011/12/16 16:14:31 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\iYogi

[2009/07/16 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Leadertech

[2011/11/19 16:21:25 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Sammsoft

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2009/07/23 12:31:52 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2009/07/23 12:31:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2009/07/23 12:31:50 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009/07/23 12:51:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe

[2009/07/23 12:51:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe

[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe

[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2009/07/23 12:31:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >

[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe

[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe

[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe

[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe

[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

[2006/11/02 06:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006/11/02 06:58:10 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/06/08 15:52:15 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2012/06/08 15:52:17 | 000,000,888 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2012/06/11 15:41:50 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

I am not seeing anything that is jumping out at me....

Let's give MBAM-Clean a run through.

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important

​Now please download a new copy of Malwarebytes from here and try to run it.

Link to post
Share on other sites

Hi,

I think that we are dealing with some of the damage that was caused by the ZeroAccess infection that was on your system. Let me look this over some more and I will return as quickly as I can. :)

Link to post
Share on other sites

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

Link to post
Share on other sites

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Kenneth [Admin rights]

Mode : Scan -- Date : 11/08/2012 08:40:07

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8046GSX ATA Device +++++

--- User ---

[MBR] 949816e28938e44b619b222dfce0489b

[bSP] a98e33c95932ffb94cfb7eda1f6ee6ce : Acer tatooed MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo

1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 33294 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 88653824 | Size: 33030 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11082012_02d0840.txt >>

RKreport[1]_S_11082012_02d0840.txt

Link to post
Share on other sites

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

--------------------

Also please run a fresh scan with DDS and post both of the new logs created.

Link to post
Share on other sites

I had to split this file in half because this site wouldn't let me post the whole thing...........

14:26:32.0262 3996 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

14:26:33.0104 3996 ============================================================

14:26:33.0104 3996 Current date / time: 2012/11/08 14:26:33.0104

14:26:33.0104 3996 SystemInfo:

14:26:33.0104 3996

14:26:33.0104 3996 OS Version: 6.0.6002 ServicePack: 2.0

14:26:33.0104 3996 Product type: Workstation

14:26:33.0104 3996 ComputerName: HOME-PC

14:26:33.0104 3996 UserName: Kenneth

14:26:33.0104 3996 Windows directory: C:\Windows

14:26:33.0104 3996 System windows directory: C:\Windows

14:26:33.0104 3996 Processor architecture: Intel x86

14:26:33.0104 3996 Number of processors: 1

14:26:33.0104 3996 Page size: 0x1000

14:26:33.0104 3996 Boot type: Normal boot

14:26:33.0104 3996 ============================================================

14:26:34.0539 3996 BG loaded

14:26:35.0272 3996 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:26:35.0304 3996 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:26:35.0304 3996 ============================================================

14:26:35.0304 3996 \Device\Harddisk0\DR0:

14:26:35.0304 3996 MBR partitions:

14:26:35.0304 3996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x4107000

14:26:35.0304 3996 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x548C000, BlocksNum 0x4083000

14:26:35.0304 3996 \Device\Harddisk1\DR1:

14:26:35.0304 3996 MBR partitions:

14:26:35.0304 3996 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0

14:26:35.0304 3996 ============================================================

14:26:35.0366 3996 C: <-> \Device\Harddisk0\DR0\Partition1

14:26:35.0522 3996 D: <-> \Device\Harddisk0\DR0\Partition2

14:26:35.0522 3996 ============================================================

14:26:35.0522 3996 Initialize success

14:26:35.0522 3996 ============================================================

14:28:44.0157 3912 ============================================================

14:28:44.0157 3912 Scan started

14:28:44.0157 3912 Mode: Manual; SigCheck; TDLFS;

14:28:44.0157 3912 ============================================================

14:28:45.0467 3912 ================ Scan system memory ========================

14:28:45.0467 3912 System memory - ok

14:28:45.0467 3912 ================ Scan services =============================

14:28:45.0576 3912 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

14:28:45.0732 3912 !SASCORE - ok

14:28:45.0982 3912 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

14:28:46.0029 3912 ACPI - ok

14:28:46.0138 3912 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:28:46.0154 3912 AdobeFlashPlayerUpdateSvc - ok

14:28:46.0200 3912 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

14:28:46.0294 3912 adp94xx - ok

14:28:46.0341 3912 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys

14:28:46.0388 3912 adpahci - ok

14:28:46.0419 3912 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

14:28:46.0434 3912 adpu160m - ok

14:28:46.0466 3912 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys

14:28:46.0512 3912 adpu320 - ok

14:28:46.0544 3912 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

14:28:46.0715 3912 AeLookupSvc - ok

14:28:46.0778 3912 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

14:28:46.0840 3912 AFD - ok

14:28:46.0871 3912 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe

14:28:46.0934 3912 AgereModemAudio - ok

14:28:46.0996 3912 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

14:28:47.0152 3912 AgereSoftModem - ok

14:28:47.0168 3912 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys

14:28:47.0199 3912 agp440 - ok

14:28:47.0230 3912 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

14:28:47.0246 3912 aic78xx - ok

14:28:47.0324 3912 [ 3845B6555DE995F6C0C07AE2ABCC0532 ] ALaunchService C:\Acer\ALaunch\ALaunchSvc.exe

14:28:47.0355 3912 ALaunchService ( UnsignedFile.Multi.Generic ) - warning

14:28:47.0355 3912 ALaunchService - detected UnsignedFile.Multi.Generic (1)

14:28:47.0402 3912 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

14:28:47.0558 3912 ALG - ok

14:28:47.0573 3912 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys

14:28:47.0589 3912 aliide - ok

14:28:47.0620 3912 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys

14:28:47.0636 3912 amdagp - ok

14:28:47.0651 3912 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys

14:28:47.0667 3912 amdide - ok

14:28:47.0682 3912 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

14:28:47.0745 3912 AmdK7 - ok

14:28:47.0776 3912 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

14:28:47.0838 3912 AmdK8 - ok

14:28:47.0885 3912 [ DB8EA68E5864ADF61B73516788659E71 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

14:28:47.0932 3912 ApfiltrService - ok

14:28:47.0979 3912 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

14:28:48.0026 3912 Appinfo - ok

14:28:48.0057 3912 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys

14:28:48.0088 3912 arc - ok

14:28:48.0088 3912 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys

14:28:48.0104 3912 arcsas - ok

14:28:48.0150 3912 [ 0AE43C6C411254049279C2EE55630F95 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

14:28:48.0166 3912 aswFsBlk - ok

14:28:48.0228 3912 [ 6693141560B1615D8DCCF0D8EB00087E ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

14:28:48.0244 3912 aswMonFlt - ok

14:28:48.0291 3912 [ DA12626FD9A67F4E917E2F2FBE1E1764 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys

14:28:48.0322 3912 aswRdr - ok

14:28:48.0369 3912 [ DCB199B967375753B5019EC15F008F53 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys

14:28:48.0447 3912 aswSnx - ok

14:28:48.0494 3912 [ B32873E5A1443C0A1E322266E203BF10 ] aswSP C:\Windows\system32\drivers\aswSP.sys

14:28:48.0556 3912 aswSP - ok

14:28:48.0618 3912 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

14:28:48.0634 3912 aswTdi - ok

14:28:48.0665 3912 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

14:28:48.0696 3912 AsyncMac - ok

14:28:48.0743 3912 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

14:28:48.0759 3912 atapi - ok

14:28:48.0821 3912 [ B0C272DEF210B149C0BFA0D85600CE4B ] athr C:\Windows\system32\DRIVERS\athr.sys

14:28:48.0899 3912 athr - ok

14:28:48.0946 3912 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:28:49.0008 3912 AudioEndpointBuilder - ok

14:28:49.0024 3912 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

14:28:49.0055 3912 Audiosrv - ok

14:28:49.0102 3912 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

14:28:49.0118 3912 avast! Antivirus - ok

14:28:49.0149 3912 [ C7EA0E3E37FF1CD2BB65636448322572 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

14:28:49.0211 3912 b57nd60x - ok

14:28:49.0242 3912 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

14:28:49.0305 3912 Beep - ok

14:28:49.0398 3912 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

14:28:49.0476 3912 BFE - ok

14:28:49.0539 3912 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll

14:28:49.0632 3912 BITS - ok

14:28:49.0648 3912 blbdrive - ok

14:28:49.0710 3912 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

14:28:49.0742 3912 bowser - ok

14:28:49.0788 3912 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

14:28:49.0820 3912 BrFiltLo - ok

14:28:49.0851 3912 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

14:28:49.0882 3912 BrFiltUp - ok

14:28:49.0929 3912 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

14:28:49.0976 3912 Browser - ok

14:28:50.0007 3912 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

14:28:50.0069 3912 Brserid - ok

14:28:50.0116 3912 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

14:28:50.0178 3912 BrSerWdm - ok

14:28:50.0210 3912 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

14:28:50.0272 3912 BrUsbMdm - ok

14:28:50.0319 3912 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

14:28:50.0381 3912 BrUsbSer - ok

14:28:50.0397 3912 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

14:28:50.0444 3912 BTHMODEM - ok

14:28:50.0553 3912 catchme - ok

14:28:50.0584 3912 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

14:28:50.0646 3912 cdfs - ok

14:28:50.0678 3912 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

14:28:50.0724 3912 cdrom - ok

14:28:50.0771 3912 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

14:28:50.0818 3912 CertPropSvc - ok

14:28:50.0865 3912 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys

14:28:50.0927 3912 circlass - ok

14:28:51.0036 3912 [ 2A85D608A484DFE7EAC7B9CAE089BF73 ] CLCapSvc C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

14:28:51.0068 3912 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning

14:28:51.0068 3912 CLCapSvc - detected UnsignedFile.Multi.Generic (1)

14:28:51.0114 3912 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

14:28:51.0146 3912 CLFS - ok

14:28:51.0224 3912 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:28:51.0239 3912 clr_optimization_v2.0.50727_32 - ok

14:28:51.0364 3912 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:28:51.0380 3912 clr_optimization_v4.0.30319_32 - ok

14:28:51.0426 3912 [ 746724540BD4B618B89F8A614A02F50D ] CLSched C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

14:28:51.0442 3912 CLSched ( UnsignedFile.Multi.Generic ) - warning

14:28:51.0442 3912 CLSched - detected UnsignedFile.Multi.Generic (1)

14:28:51.0489 3912 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

14:28:51.0520 3912 CmBatt - ok

14:28:51.0551 3912 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys

14:28:51.0567 3912 cmdide - ok

14:28:51.0614 3912 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

14:28:51.0629 3912 Compbatt - ok

14:28:51.0645 3912 COMSysApp - ok

14:28:51.0660 3912 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

14:28:51.0676 3912 crcdisk - ok

14:28:51.0707 3912 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys

14:28:51.0785 3912 Crusoe - ok

14:28:51.0816 3912 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll

14:28:51.0863 3912 CryptSvc - ok

14:28:51.0957 3912 [ 48F25FC1B2796CDA2AEEFFE560666055 ] CyberLink Media Library Service C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

14:28:52.0144 3912 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning

14:28:52.0144 3912 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)

14:28:52.0222 3912 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

14:28:52.0300 3912 DcomLaunch - ok

14:28:52.0362 3912 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

14:28:52.0394 3912 DfsC - ok

14:28:52.0487 3912 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

14:28:53.0018 3912 DFSR - ok

14:28:53.0080 3912 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

14:28:53.0158 3912 Dhcp - ok

14:28:53.0205 3912 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

14:28:53.0220 3912 disk - ok

14:28:53.0267 3912 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys

14:28:53.0283 3912 DKbFltr - ok

14:28:53.0330 3912 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

14:28:53.0423 3912 Dnscache - ok

14:28:53.0517 3912 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

14:28:53.0564 3912 dot3svc - ok

14:28:53.0626 3912 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

14:28:53.0673 3912 Dot4 - ok

14:28:53.0720 3912 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

14:28:53.0766 3912 dot4usb - ok

14:28:53.0829 3912 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

14:28:53.0907 3912 DPS - ok

14:28:53.0954 3912 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys

14:28:53.0954 3912 DritekPortIO - ok

14:28:54.0000 3912 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

14:28:54.0032 3912 drmkaud - ok

14:28:54.0156 3912 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

14:28:54.0234 3912 DXGKrnl - ok

14:28:54.0281 3912 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

14:28:54.0375 3912 E1G60 - ok

14:28:54.0437 3912 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

14:28:54.0453 3912 EapHost - ok

14:28:54.0515 3912 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

14:28:54.0546 3912 Ecache - ok

14:28:54.0609 3912 [ F54907AA07F60AFF81E1E09E97AF98B0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

14:28:54.0656 3912 eDataSecurity Service - ok

14:28:54.0702 3912 [ FB5383BFD4DEC6792AAEF76C9343ECFF ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

14:28:54.0718 3912 eLockService ( UnsignedFile.Multi.Generic ) - warning

14:28:54.0718 3912 eLockService - detected UnsignedFile.Multi.Generic (1)

14:28:54.0749 3912 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys

14:28:54.0780 3912 elxstor - ok

14:28:54.0858 3912 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

14:28:54.0936 3912 EMDMgmt - ok

14:28:54.0983 3912 [ 9316C26F089CF2CEA2BD1496AC9F38A4 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe

14:28:55.0014 3912 eNet Service ( UnsignedFile.Multi.Generic ) - warning

14:28:55.0014 3912 eNet Service - detected UnsignedFile.Multi.Generic (1)

14:28:55.0077 3912 [ 3D184410EF5EE017E186AC96181B3FF8 ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

14:28:55.0092 3912 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning

14:28:55.0092 3912 eRecoveryService - detected UnsignedFile.Multi.Generic (1)

14:28:55.0155 3912 [ DCA768724878D1177034691517EF9B91 ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

14:28:55.0170 3912 eSettingsService ( UnsignedFile.Multi.Generic ) - warning

14:28:55.0170 3912 eSettingsService - detected UnsignedFile.Multi.Generic (1)

14:28:55.0233 3912 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

14:28:55.0326 3912 EventSystem - ok

14:28:55.0373 3912 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

14:28:55.0451 3912 exfat - ok

14:28:55.0498 3912 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

14:28:55.0529 3912 fastfat - ok

14:28:55.0576 3912 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

14:28:55.0670 3912 fdc - ok

14:28:55.0701 3912 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

14:28:55.0748 3912 fdPHost - ok

14:28:55.0779 3912 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

14:28:55.0826 3912 FDResPub - ok

14:28:55.0872 3912 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

14:28:55.0888 3912 FileInfo - ok

14:28:55.0919 3912 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

14:28:55.0982 3912 Filetrace - ok

14:28:56.0013 3912 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

14:28:56.0075 3912 flpydisk - ok

14:28:56.0138 3912 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

14:28:56.0153 3912 FltMgr - ok

14:28:56.0231 3912 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

14:28:56.0340 3912 FontCache - ok

14:28:56.0434 3912 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:28:56.0450 3912 FontCache3.0.0.0 - ok

14:28:56.0496 3912 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

14:28:56.0528 3912 Fs_Rec - ok

14:28:56.0574 3912 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

14:28:56.0590 3912 gagp30kx - ok

14:28:56.0668 3912 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

14:28:56.0793 3912 gpsvc - ok

14:28:56.0886 3912 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

14:28:56.0902 3912 gupdate - ok

14:28:56.0918 3912 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

14:28:56.0933 3912 gupdatem - ok

14:28:56.0964 3912 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

14:28:57.0042 3912 HdAudAddService - ok

14:28:57.0105 3912 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

14:28:57.0167 3912 HDAudBus - ok

14:28:57.0198 3912 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

14:28:57.0261 3912 HidBth - ok

14:28:57.0292 3912 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

14:28:57.0370 3912 HidIr - ok

14:28:57.0432 3912 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

14:28:57.0495 3912 hidserv - ok

14:28:57.0510 3912 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

14:28:57.0542 3912 HidUsb - ok

14:28:57.0588 3912 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

14:28:57.0635 3912 hkmsvc - ok

14:28:57.0666 3912 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

14:28:57.0682 3912 HpCISSs - ok

14:28:57.0729 3912 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS

14:28:57.0791 3912 HSFHWAZL - ok

14:28:57.0822 3912 [ 3F53B4AF98F8FD83B7F0B8B65D2D90A7 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

14:28:57.0963 3912 HSF_DPV - ok

14:28:57.0994 3912 [ 194BC52FC0F53E540FAF9DE8A9C05255 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys

14:28:58.0041 3912 HSXHWAZL - ok

14:28:58.0088 3912 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys

14:28:58.0197 3912 HTTP - ok

14:28:58.0228 3912 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys

14:28:58.0244 3912 i2omp - ok

14:28:58.0290 3912 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

14:28:58.0337 3912 i8042prt - ok

14:28:58.0384 3912 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

14:28:58.0415 3912 iaStorV - ok

14:28:58.0493 3912 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:28:58.0556 3912 idsvc - ok

14:28:58.0649 3912 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

14:28:58.0836 3912 igfx - ok

14:28:58.0883 3912 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

14:28:58.0899 3912 iirsp - ok

14:28:58.0961 3912 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

14:28:59.0039 3912 IKEEXT - ok

14:28:59.0070 3912 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys

14:28:59.0086 3912 int15 - ok

14:28:59.0164 3912 [ 90A10B39896040B3154613C11C932AEB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

14:28:59.0367 3912 IntcAzAudAddService - ok

14:28:59.0414 3912 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

14:28:59.0429 3912 intelide - ok

14:28:59.0492 3912 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

14:28:59.0554 3912 intelppm - ok

14:28:59.0601 3912 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

14:28:59.0632 3912 IPBusEnum - ok

14:28:59.0679 3912 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:28:59.0710 3912 IpFilterDriver - ok

14:28:59.0772 3912 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

14:28:59.0850 3912 iphlpsvc - ok

14:28:59.0866 3912 IpInIp - ok

14:28:59.0897 3912 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

14:28:59.0975 3912 IPMIDRV - ok

14:29:00.0022 3912 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

14:29:00.0053 3912 IPNAT - ok

14:29:00.0100 3912 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

14:29:00.0147 3912 IRENUM - ok

14:29:00.0178 3912 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys

14:29:00.0194 3912 isapnp - ok

14:29:00.0240 3912 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

14:29:00.0256 3912 iScsiPrt - ok

14:29:00.0287 3912 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

14:29:00.0303 3912 iteatapi - ok

14:29:00.0318 3912 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

14:29:00.0334 3912 iteraid - ok

14:29:00.0381 3912 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

14:29:00.0396 3912 kbdclass - ok

14:29:00.0459 3912 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

14:29:00.0521 3912 kbdhid - ok

14:29:00.0568 3912 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

14:29:00.0615 3912 KeyIso - ok

14:29:00.0693 3912 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

14:29:00.0724 3912 KSecDD - ok

14:29:00.0786 3912 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

14:29:00.0864 3912 KtmRm - ok

14:29:00.0896 3912 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

14:29:00.0942 3912 LanmanServer - ok

14:29:00.0989 3912 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:29:01.0036 3912 LanmanWorkstation - ok

14:29:01.0114 3912 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

14:29:01.0130 3912 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

14:29:01.0130 3912 LightScribeService - detected UnsignedFile.Multi.Generic (1)

14:29:01.0176 3912 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

14:29:01.0223 3912 lltdio - ok

14:29:01.0270 3912 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

14:29:01.0317 3912 lltdsvc - ok

14:29:01.0364 3912 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

14:29:01.0442 3912 lmhosts - ok

14:29:01.0488 3912 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

14:29:01.0504 3912 LSI_FC - ok

14:29:01.0535 3912 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

14:29:01.0551 3912 LSI_SAS - ok

14:29:01.0582 3912 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

14:29:01.0598 3912 LSI_SCSI - ok

14:29:01.0629 3912 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

14:29:01.0691 3912 luafv - ok

14:29:01.0754 3912 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys

14:29:01.0769 3912 MBAMSwissArmy - ok

14:29:01.0832 3912 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe

14:29:01.0863 3912 McciCMService ( UnsignedFile.Multi.Generic ) - warning

14:29:01.0863 3912 McciCMService - detected UnsignedFile.Multi.Generic (1)

14:29:01.0910 3912 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

14:29:01.0941 3912 mdmxsdk - ok

14:29:01.0956 3912 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys

14:29:01.0972 3912 megasas - ok

14:29:02.0019 3912 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

14:29:02.0066 3912 MMCSS - ok

14:29:02.0112 3912 MobilityService - ok

14:29:02.0159 3912 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

14:29:02.0190 3912 Modem - ok

14:29:02.0237 3912 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

14:29:02.0284 3912 monitor - ok

14:29:02.0315 3912 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

14:29:02.0331 3912 mouclass - ok

14:29:02.0362 3912 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

14:29:02.0409 3912 mouhid - ok

14:29:02.0440 3912 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

14:29:02.0456 3912 MountMgr - ok

14:29:02.0502 3912 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys

14:29:02.0518 3912 mpio - ok

14:29:02.0565 3912 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

14:29:02.0596 3912 mpsdrv - ok

14:29:02.0674 3912 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

14:29:02.0752 3912 MpsSvc - ok

14:29:02.0783 3912 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

14:29:02.0799 3912 Mraid35x - ok

14:29:02.0846 3912 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

14:29:02.0861 3912 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

14:29:02.0861 3912 MREMP50 - detected UnsignedFile.Multi.Generic (1)

14:29:02.0877 3912 MREMPR5 - ok

14:29:02.0892 3912 MRENDIS5 - ok

14:29:02.0908 3912 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

14:29:02.0939 3912 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

14:29:02.0939 3912 MRESP50 - detected UnsignedFile.Multi.Generic (1)

14:29:02.0986 3912 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

14:29:03.0017 3912 MRxDAV - ok

14:29:03.0048 3912 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

14:29:03.0095 3912 mrxsmb - ok

14:29:03.0126 3912 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:29:03.0173 3912 mrxsmb10 - ok

14:29:03.0204 3912 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:29:03.0236 3912 mrxsmb20 - ok

14:29:03.0267 3912 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys

14:29:03.0298 3912 msahci - ok

14:29:03.0329 3912 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys

14:29:03.0345 3912 msdsm - ok

14:29:03.0392 3912 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

14:29:03.0438 3912 MSDTC - ok

14:29:03.0485 3912 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

14:29:03.0516 3912 Msfs - ok

14:29:03.0548 3912 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

14:29:03.0563 3912 msisadrv - ok

14:29:03.0594 3912 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

14:29:03.0657 3912 MSiSCSI - ok

14:29:03.0657 3912 msiserver - ok

14:29:03.0704 3912 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

14:29:03.0735 3912 MSKSSRV - ok

14:29:03.0766 3912 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

14:29:03.0813 3912 MSPCLOCK - ok

14:29:03.0828 3912 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

14:29:03.0875 3912 MSPQM - ok

14:29:03.0922 3912 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

14:29:03.0953 3912 MsRPC - ok

14:29:04.0000 3912 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

14:29:04.0016 3912 mssmbios - ok

14:29:04.0047 3912 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

14:29:04.0094 3912 MSTEE - ok

14:29:04.0125 3912 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

14:29:04.0140 3912 Mup - ok

14:29:04.0203 3912 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

14:29:04.0265 3912 napagent - ok

14:29:04.0312 3912 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

14:29:04.0359 3912 NativeWifiP - ok

14:29:04.0421 3912 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

14:29:04.0484 3912 NDIS - ok

14:29:04.0515 3912 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

14:29:04.0562 3912 NdisTapi - ok

14:29:04.0593 3912 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

14:29:04.0640 3912 Ndisuio - ok

14:29:04.0686 3912 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

14:29:04.0733 3912 NdisWan - ok

14:29:04.0780 3912 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

14:29:04.0827 3912 NDProxy - ok

14:29:04.0858 3912 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

14:29:04.0905 3912 NetBIOS - ok

14:29:04.0952 3912 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

14:29:04.0983 3912 netbt - ok

14:29:05.0014 3912 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

14:29:05.0030 3912 Netlogon - ok

14:29:05.0092 3912 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

14:29:05.0139 3912 Netman - ok

14:29:05.0186 3912 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

14:29:05.0248 3912 netprofm - ok

14:29:05.0295 3912 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:29:05.0310 3912 NetTcpPortSharing - ok

14:29:05.0357 3912 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

14:29:05.0373 3912 nfrd960 - ok

14:29:05.0420 3912 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

14:29:05.0466 3912 NlaSvc - ok

14:29:05.0513 3912 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

14:29:05.0560 3912 Npfs - ok

14:29:05.0591 3912 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

14:29:05.0638 3912 nsi - ok

14:29:05.0685 3912 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

14:29:05.0732 3912 nsiproxy - ok

14:29:05.0825 3912 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

14:29:06.0075 3912 Ntfs - ok

14:29:06.0106 3912 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys

14:29:06.0122 3912 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning

14:29:06.0122 3912 NTIDrvr - detected UnsignedFile.Multi.Generic (1)

14:29:06.0153 3912 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

14:29:06.0231 3912 ntrigdigi - ok

14:29:06.0262 3912 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

14:29:06.0309 3912 Null - ok

14:29:06.0340 3912 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys

14:29:06.0356 3912 nvraid - ok

14:29:06.0387 3912 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys

14:29:06.0402 3912 nvstor - ok

14:29:06.0449 3912 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

14:29:06.0465 3912 nv_agp - ok

14:29:06.0480 3912 NwlnkFlt - ok

14:29:06.0543 3912 NwlnkFwd - ok

14:29:06.0605 3912 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:29:06.0636 3912 odserv - ok

14:29:06.0668 3912 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

14:29:06.0730 3912 ohci1394 - ok

14:29:06.0777 3912 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:29:06.0792 3912 ose - ok

14:29:06.0855 3912 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

14:29:06.0948 3912 p2pimsvc - ok

14:29:06.0980 3912 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

14:29:07.0042 3912 p2psvc - ok

14:29:07.0089 3912 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

14:29:07.0167 3912 Parport - ok

14:29:07.0214 3912 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

14:29:07.0229 3912 partmgr - ok

14:29:07.0245 3912 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

14:29:07.0307 3912 Parvdm - ok

14:29:07.0354 3912 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

14:29:07.0401 3912 PcaSvc - ok

14:29:07.0448 3912 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

14:29:07.0463 3912 pci - ok

14:29:07.0510 3912 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\DRIVERS\pciide.sys

14:29:07.0526 3912 pciide - ok

14:29:07.0557 3912 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

14:29:07.0572 3912 pcmcia - ok

14:29:07.0619 3912 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

14:29:07.0744 3912 PEAUTH - ok

14:29:07.0838 3912 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

14:29:08.0009 3912 pla - ok

14:29:08.0072 3912 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

14:29:08.0118 3912 PlugPlay - ok

14:29:08.0165 3912 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

14:29:08.0228 3912 PNRPAutoReg - ok

14:29:08.0259 3912 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

14:29:08.0321 3912 PNRPsvc - ok

14:29:08.0368 3912 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

14:29:08.0477 3912 PolicyAgent - ok

14:29:08.0571 3912 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

14:29:08.0618 3912 PptpMiniport - ok

14:29:08.0649 3912 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys

14:29:08.0711 3912 Processor - ok

14:29:08.0758 3912 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

14:29:08.0805 3912 ProfSvc - ok

14:29:08.0836 3912 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

14:29:08.0852 3912 ProtectedStorage - ok

14:29:08.0914 3912 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

14:29:08.0945 3912 PSched - ok

14:29:08.0976 3912 [ E801D5CC24E1CF18FA87D24D7074B876 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys

14:29:08.0992 3912 PSDFilter - ok

14:29:09.0023 3912 [ 24B5E3429F7F0E779FC2E6E36A0A5F73 ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys

14:29:09.0039 3912 PSDNServ - ok

14:29:09.0070 3912 [ 01CBFD08C0E8A6106BB26FCDA297154E ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys

14:29:09.0086 3912 psdvdisk - ok

14:29:09.0148 3912 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys

14:29:09.0351 3912 ql2300 - ok

14:29:09.0382 3912 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

14:29:09.0398 3912 ql40xx - ok

14:29:09.0444 3912 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

14:29:09.0491 3912 QWAVE - ok

14:29:09.0522 3912 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

14:29:09.0569 3912 QWAVEdrv - ok

14:29:09.0600 3912 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

14:29:09.0647 3912 RasAcd - ok

14:29:09.0694 3912 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

14:29:09.0741 3912 RasAuto - ok

14:29:09.0772 3912 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

14:29:09.0803 3912 Rasl2tp - ok

14:29:09.0866 3912 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

14:29:09.0897 3912 RasMan - ok

14:29:09.0959 3912 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

14:29:10.0006 3912 RasPppoe - ok

14:29:10.0037 3912 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

14:29:10.0068 3912 RasSstp - ok

14:29:10.0131 3912 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

14:29:10.0178 3912 rdbss - ok

14:29:10.0209 3912 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

14:29:10.0256 3912 RDPCDD - ok

14:29:10.0302 3912 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

14:29:10.0365 3912 rdpdr - ok

14:29:10.0412 3912 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

14:29:10.0443 3912 RDPENCDD - ok

14:29:10.0505 3912 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

14:29:10.0536 3912 RDPWD - ok

14:29:10.0614 3912 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

14:29:10.0646 3912 RemoteAccess - ok

14:29:10.0724 3912 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

14:29:10.0770 3912 RemoteRegistry - ok

14:29:10.0802 3912 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

14:29:10.0848 3912 RpcLocator - ok

14:29:10.0911 3912 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

14:29:11.0004 3912 RpcSs - ok

14:29:11.0098 3912 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

14:29:11.0160 3912 rspndr - ok

14:29:11.0207 3912 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

14:29:11.0238 3912 SamSs - ok

14:29:11.0316 3912 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

14:29:11.0332 3912 SASDIFSV - ok

14:29:11.0363 3912 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

14:29:11.0379 3912 SASKUTIL - ok

14:29:11.0410 3912 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

14:29:11.0426 3912 sbp2port - ok

14:29:11.0488 3912 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

14:29:11.0535 3912 SCardSvr - ok

14:29:11.0613 3912 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

14:29:11.0722 3912 Schedule - ok

14:29:11.0800 3912 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

14:29:11.0816 3912 SCPolicySvc - ok

14:29:11.0862 3912 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

14:29:11.0925 3912 SDRSVC - ok

14:29:11.0972 3912 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

14:29:12.0050 3912 secdrv - ok

14:29:12.0096 3912 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

14:29:12.0143 3912 seclogon - ok

14:29:12.0190 3912 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

14:29:12.0237 3912 SENS - ok

14:29:12.0252 3912 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

14:29:12.0315 3912 Serenum - ok

14:29:12.0346 3912 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

14:29:12.0408 3912 Serial - ok

14:29:12.0440 3912 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

14:29:12.0471 3912 sermouse - ok

14:29:12.0533 3912 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

14:29:12.0596 3912 SessionEnv - ok

14:29:12.0627 3912 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

14:29:12.0689 3912 sffdisk - ok

14:29:12.0720 3912 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

14:29:12.0783 3912 sffp_mmc - ok

14:29:12.0798 3912 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

14:29:12.0861 3912 sffp_sd - ok

14:29:12.0892 3912 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

14:29:12.0954 3912 sfloppy - ok

14:29:13.0001 3912 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

14:29:13.0064 3912 SharedAccess - ok

14:29:13.0126 3912 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:29:13.0173 3912 ShellHWDetection - ok

14:29:13.0204 3912 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys

14:29:13.0220 3912 sisagp - ok

14:29:13.0235 3912 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

14:29:13.0251 3912 SiSRaid2 - ok

14:29:13.0282 3912 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

14:29:13.0298 3912 SiSRaid4 - ok

14:29:13.0454 3912 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

14:29:14.0140 3912 slsvc - ok

14:29:14.0187 3912 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

14:29:14.0234 3912 SLUINotify - ok

14:29:14.0296 3912 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

14:29:14.0343 3912 Smb - ok

14:29:14.0390 3912 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

14:29:14.0405 3912 SNMPTRAP - ok

14:29:14.0452 3912 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

14:29:14.0468 3912 spldr - ok

14:29:14.0530 3912 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

14:29:14.0561 3912 Spooler - ok

14:29:14.0624 3912 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

14:29:14.0670 3912 srv - ok

14:29:14.0717 3912 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

14:29:14.0780 3912 srv2 - ok

14:29:14.0795 3912 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

14:29:14.0842 3912 srvnet - ok

14:29:14.0889 3912 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

14:29:14.0920 3912 SSDPSRV - ok

14:29:14.0967 3912 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

14:29:15.0029 3912 SstpSvc - ok

14:29:15.0092 3912 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

14:29:15.0216 3912 stisvc - ok

14:29:15.0248 3912 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

14:29:15.0263 3912 swenum - ok

14:29:15.0326 3912 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

14:29:15.0388 3912 swprv - ok

14:29:15.0419 3912 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

14:29:15.0435 3912 Symc8xx - ok

14:29:15.0450 3912 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

14:29:15.0466 3912 Sym_hi - ok

14:29:15.0497 3912 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

14:29:15.0513 3912 Sym_u3 - ok

14:29:15.0591 3912 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

14:29:15.0684 3912 SysMain - ok

14:29:15.0731 3912 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:29:15.0747 3912 TabletInputService - ok

14:29:15.0809 3912 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

14:29:15.0887 3912 TapiSrv - ok

14:29:15.0934 3912 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

14:29:15.0965 3912 TBS - ok

14:29:16.0028 3912 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

14:29:16.0137 3912 Tcpip - ok

14:29:16.0168 3912 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

14:29:16.0230 3912 Tcpip6 - ok

14:29:16.0277 3912 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

14:29:16.0340 3912 tcpipreg - ok

14:29:16.0371 3912 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

14:29:16.0402 3912 TDPIPE - ok

14:29:16.0433 3912 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

14:29:16.0464 3912 TDTCP - ok

14:29:16.0527 3912 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

14:29:16.0574 3912 tdx - ok

14:29:16.0620 3912 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

14:29:16.0636 3912 TermDD - ok

14:29:16.0714 3912 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

14:29:16.0776 3912 TermService - ok

14:29:16.0808 3912 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

14:29:16.0839 3912 Themes - ok

14:29:16.0870 3912 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

14:29:16.0901 3912 THREADORDER - ok

14:29:16.0948 3912 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

14:29:17.0010 3912 TrkWks - ok

14:29:17.0073 3912 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:29:17.0104 3912 TrustedInstaller - ok

14:29:17.0135 3912 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

14:29:17.0198 3912 tssecsrv - ok

14:29:17.0244 3912 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

14:29:17.0276 3912 tunmp - ok

14:29:17.0307 3912 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

14:29:17.0338 3912 tunnel - ok

14:29:17.0369 3912 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

14:29:17.0385 3912 uagp35 - ok

14:29:17.0447 3912 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

14:29:17.0478 3912 udfs - ok

14:29:17.0541 3912 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

14:29:17.0572 3912 UI0Detect - ok

14:29:17.0603 3912 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

14:29:17.0619 3912 uliagpkx - ok

14:29:17.0650 3912 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys

14:29:17.0681 3912 uliahci - ok

14:29:17.0697 3912 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

14:29:17.0728 3912 UlSata - ok

14:29:17.0759 3912 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

14:29:17.0775 3912 ulsata2 - ok

14:29:17.0837 3912 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

14:29:17.0868 3912 umbus - ok

14:29:17.0900 3912 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

14:29:17.0946 3912 upnphost - ok

14:29:18.0009 3912 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

14:29:18.0056 3912 usbccgp - ok

14:29:18.0102 3912 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

14:29:18.0180 3912 usbcir - ok

14:29:18.0227 3912 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

14:29:18.0274 3912 usbehci - ok

14:29:18.0305 3912 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

14:29:18.0352 3912 usbhub - ok

14:29:18.0383 3912 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

14:29:18.0446 3912 usbohci - ok

14:29:18.0477 3912 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

14:29:18.0508 3912 usbprint - ok

14:29:18.0555 3912 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

14:29:18.0586 3912 usbscan - ok

14:29:18.0633 3912 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:29:18.0680 3912 USBSTOR - ok

14:29:18.0726 3912 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

14:29:18.0758 3912 usbuhci - ok

14:29:18.0820 3912 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

14:29:18.0851 3912 UxSms - ok

14:29:18.0898 3912 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

14:29:18.0945 3912 vds - ok

14:29:18.0992 3912 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

14:29:19.0054 3912 vga - ok

14:29:19.0085 3912 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

14:29:19.0116 3912 VgaSave - ok

14:29:19.0148 3912 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys

14:29:19.0163 3912 viaagp - ok

14:29:19.0194 3912 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

14:29:19.0257 3912 ViaC7 - ok

14:29:19.0288 3912 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys

14:29:19.0304 3912 viaide - ok

14:29:19.0319 3912 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

14:29:19.0335 3912 volmgr - ok

14:29:19.0397 3912 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

14:29:19.0428 3912 volmgrx - ok

14:29:19.0475 3912 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

14:29:19.0491 3912 volsnap - ok

14:29:19.0522 3912 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

14:29:19.0553 3912 vsmraid - ok

14:29:19.0616 3912 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

14:29:19.0740 3912 VSS - ok

14:29:19.0787 3912 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

14:29:19.0834 3912 W32Time - ok

14:29:19.0881 3912 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

14:29:19.0943 3912 WacomPen - ok

14:29:19.0990 3912 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

14:29:20.0037 3912 Wanarp - ok

14:29:20.0052 3912 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

14:29:20.0084 3912 Wanarpv6 - ok

14:29:20.0130 3912 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

14:29:20.0240 3912 wcncsvc - ok

14:29:20.0286 3912 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

14:29:20.0333 3912 WcsPlugInService - ok

14:29:20.0380 3912 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys

14:29:20.0396 3912 Wd - ok

14:29:20.0505 3912 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

14:29:20.0552 3912 Wdf01000 - ok

14:29:20.0583 3912 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

14:29:20.0630 3912 WdiServiceHost - ok

14:29:20.0661 3912 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

14:29:20.0692 3912 WdiSystemHost - ok

14:29:20.0723 3912 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

14:29:20.0754 3912 WebClient - ok

14:29:20.0817 3912 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

14:29:20.0864 3912 Wecsvc - ok

14:29:20.0910 3912 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

14:29:20.0973 3912 wercplsupport - ok

14:29:21.0020 3912 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

14:29:21.0051 3912 WerSvc - ok

14:29:21.0113 3912 [ C9C63410D8CF98F621B9CC62243FB877 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

14:29:21.0191 3912 winachsf - ok

14:29:21.0269 3912 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

14:29:21.0300 3912 WinDefend - ok

14:29:21.0316 3912 WinHttpAutoProxySvc - ok

14:29:21.0394 3912 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

14:29:21.0425 3912 Winmgmt - ok

14:29:21.0503 3912 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

14:29:21.0628 3912 WinRM - ok

14:29:21.0706 3912 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

14:29:21.0768 3912 Wlansvc - ok

14:29:21.0800 3912 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

14:29:21.0831 3912 WmiAcpi - ok

14:29:21.0893 3912 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:29:21.0924 3912 wmiApSrv - ok

14:29:21.0956 3912 [ EE80AC462A171DBF06EEB2058B5D3BC6 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

14:29:21.0971 3912 WMIService ( UnsignedFile.Multi.Generic ) - warning

14:29:21.0971 3912 WMIService - detected UnsignedFile.Multi.Generic (1)

14:29:22.0049 3912 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

14:29:22.0174 3912 WMPNetworkSvc - ok

14:29:22.0221 3912 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:29:22.0283 3912 WPCSvc - ok

14:29:22.0330 3912 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

14:29:22.0377 3912 WPDBusEnum - ok

14:29:22.0486 3912 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:29:22.0533 3912 WPFFontCache_v0400 - ok

14:29:22.0580 3912 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:29:22.0626 3912 ws2ifsl - ok

14:29:22.0689 3912 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

14:29:22.0720 3912 wscsvc - ok

14:29:22.0736 3912 WSearch - ok

14:29:22.0829 3912 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

14:29:23.0016 3912 wuauserv - ok

14:29:23.0063 3912 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

14:29:23.0110 3912 WUDFRd - ok

14:29:23.0141 3912 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:29:23.0204 3912 wudfsvc - ok

14:29:23.0235 3912 [ 2E579520E114A9CA309F13BF40AD8292 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys

14:29:23.0282 3912 XAudio - ok

14:29:23.0328 3912 [ F82FC2C30A19442B95AE554215837C46 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe

14:29:23.0391 3912 XAudioService - ok

14:29:23.0500 3912 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

14:29:23.0578 3912 YahooAUService - ok

14:29:23.0594 3912 ================ Scan global ===============================

14:29:23.0656 3912 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

14:29:23.0718 3912 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

14:29:23.0765 3912 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

14:29:23.0812 3912 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

14:29:23.0828 3912 [Global] - ok

14:29:23.0828 3912 ================ Scan MBR ==================================

14:29:23.0843 3912 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0

14:29:27.0540 3912 \Device\Harddisk0\DR0 - ok

14:29:27.0556 3912 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

14:29:27.0696 3912 \Device\Harddisk1\DR1 - ok

14:29:27.0712 3912 ================ Scan VBR ==================================

14:29:27.0806 3912 [ 48519FFAEB34A08B74D8CB367224F239 ] \Device\Harddisk0\DR0\Partition1

14:29:27.0806 3912 \Device\Harddisk0\DR0\Partition1 - ok

14:29:27.0837 3912 [ D4875C0660E367AC864F2693F47B7A81 ] \Device\Harddisk0\DR0\Partition2

14:29:27.0837 3912 \Device\Harddisk0\DR0\Partition2 - ok

14:29:27.0852 3912 [ 3AB1B5126130F63A3423A4A653380327 ] \Device\Harddisk1\DR1\Partition1

14:29:27.0852 3912 \Device\Harddisk1\DR1\Partition1 - ok

14:29:27.0852 3912 ================ Scan active images ========================

14:29:27.0868 3912 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys

14:29:27.0868 3912 C:\Windows\System32\drivers\crashdmp.sys - ok

14:29:27.0868 3912 [ C67EBF9C05531C406E1E079FF669A2E6 ] C:\Windows\System32\drivers\Dumpata.sys

14:29:27.0868 3912 C:\Windows\System32\drivers\Dumpata.sys - ok

14:29:27.0884 3912 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] C:\Windows\System32\drivers\msahci.sys

14:29:27.0884 3912 C:\Windows\System32\drivers\msahci.sys - ok

14:29:27.0899 3912 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS

14:29:27.0899 3912 C:\Windows\System32\drivers\TUNMP.SYS - ok

14:29:27.0915 3912 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys

14:29:27.0915 3912 C:\Windows\System32\drivers\tunnel.sys - ok

14:29:27.0915 3912 [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys

14:29:27.0915 3912 C:\Windows\System32\drivers\intelppm.sys - ok

14:29:27.0930 3912 [ 9378D57E2B96C0A185D844770AD49948 ] C:\Windows\System32\drivers\igdkmd32.sys

14:29:27.0930 3912 C:\Windows\System32\drivers\igdkmd32.sys - ok

14:29:27.0946 3912 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys

14:29:27.0946 3912 C:\Windows\System32\drivers\dxgkrnl.sys - ok

14:29:27.0962 3912 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys

14:29:27.0962 3912 C:\Windows\System32\drivers\watchdog.sys - ok

14:29:27.0962 3912 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys

14:29:27.0962 3912 C:\Windows\System32\drivers\usbport.sys - ok

14:29:27.0977 3912 [ 814D653EFC4D48BE3B04A307ECEFF56F ] C:\Windows\System32\drivers\usbuhci.sys

14:29:27.0977 3912 C:\Windows\System32\drivers\usbuhci.sys - ok

14:29:27.0993 3912 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys

14:29:27.0993 3912 C:\Windows\System32\drivers\usbehci.sys - ok

14:29:28.0008 3912 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys

14:29:28.0008 3912 C:\Windows\System32\drivers\hdaudbus.sys - ok

14:29:28.0008 3912 [ C7EA0E3E37FF1CD2BB65636448322572 ] C:\Windows\System32\drivers\b57nd60x.sys

14:29:28.0008 3912 C:\Windows\System32\drivers\b57nd60x.sys - ok

14:29:28.0024 3912 [ B0C272DEF210B149C0BFA0D85600CE4B ] C:\Windows\System32\drivers\athr.sys

14:29:28.0024 3912 C:\Windows\System32\drivers\athr.sys - ok

14:29:28.0040 3912 [ 73BAF270D24FE726B9CD7F80BB17A23D ] C:\Windows\System32\drivers\DKbFltr.sys

14:29:28.0040 3912 C:\Windows\System32\drivers\DKbFltr.sys - ok

14:29:28.0040 3912 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] C:\Windows\System32\drivers\i8042prt.sys

14:29:28.0040 3912 C:\Windows\System32\drivers\i8042prt.sys - ok

14:29:28.0055 3912 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys

14:29:28.0055 3912 C:\Windows\System32\drivers\kbdclass.sys - ok

14:29:28.0071 3912 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] C:\Windows\System32\drivers\CmBatt.sys

14:29:28.0071 3912 C:\Windows\System32\drivers\CmBatt.sys - ok

14:29:28.0086 3912 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys

14:29:28.0086 3912 C:\Windows\System32\drivers\mouclass.sys - ok

14:29:28.0086 3912 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys

14:29:28.0086 3912 C:\Windows\System32\drivers\cdrom.sys - ok

14:29:28.0102 3912 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] C:\Windows\System32\drivers\NTIDrvr.sys

14:29:28.0102 3912 C:\Windows\System32\drivers\NTIDrvr.sys - ok

14:29:28.0118 3912 [ 2E7255D172DF0B8283CDFB7B433B864E ] C:\Windows\System32\drivers\wmiacpi.sys

14:29:28.0118 3912 C:\Windows\System32\drivers\wmiacpi.sys - ok

14:29:28.0118 3912 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys

14:29:28.0118 3912 C:\Windows\System32\drivers\Storport.sys - ok

14:29:28.0133 3912 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys

14:29:28.0133 3912 C:\Windows\System32\drivers\msiscsi.sys - ok

14:29:28.0149 3912 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys

14:29:28.0149 3912 C:\Windows\System32\drivers\rasl2tp.sys - ok

14:29:28.0149 3912 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys

14:29:28.0149 3912 C:\Windows\System32\drivers\tdi.sys - ok

14:29:28.0164 3912 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys

14:29:28.0164 3912 C:\Windows\System32\drivers\ndistapi.sys - ok

14:29:28.0180 3912 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys

14:29:28.0180 3912 C:\Windows\System32\drivers\ndiswan.sys - ok

14:29:28.0196 3912 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys

14:29:28.0196 3912 C:\Windows\System32\drivers\raspppoe.sys - ok

14:29:28.0196 3912 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys

14:29:28.0196 3912 C:\Windows\System32\drivers\raspptp.sys - ok

14:29:28.0211 3912 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys

14:29:28.0211 3912 C:\Windows\System32\drivers\rassstp.sys - ok

14:29:28.0227 3912 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys

14:29:28.0227 3912 C:\Windows\System32\drivers\termdd.sys - ok

14:29:28.0227 3912 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys

14:29:28.0227 3912 C:\Windows\System32\drivers\ks.sys - ok

14:29:28.0242 3912 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys

14:29:28.0242 3912 C:\Windows\System32\drivers\mssmbios.sys - ok

14:29:28.0258 3912 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys

14:29:28.0258 3912 C:\Windows\System32\drivers\swenum.sys - ok

14:29:28.0258 3912 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys

14:29:28.0258 3912 C:\Windows\System32\drivers\umbus.sys - ok

14:29:28.0274 3912 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys

14:29:28.0274 3912 C:\Windows\System32\drivers\usbhub.sys - ok

14:29:28.0289 3912 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys

14:29:28.0289 3912 C:\Windows\System32\drivers\ndproxy.sys - ok

14:29:28.0305 3912 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys

14:29:28.0305 3912 C:\Windows\System32\drivers\drmk.sys - ok

14:29:28.0305 3912 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys

14:29:28.0305 3912 C:\Windows\System32\drivers\portcls.sys - ok

14:29:28.0320 3912 [ 90A10B39896040B3154613C11C932AEB ] C:\Windows\System32\drivers\RTKVHDA.sys

14:29:28.0320 3912 C:\Windows\System32\drivers\RTKVHDA.sys - ok

14:29:28.0336 3912 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] C:\Windows\System32\drivers\AGRSM.sys

14:29:28.0336 3912 C:\Windows\System32\drivers\AGRSM.sys - ok

14:29:28.0336 3912 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys

14:29:28.0336 3912 C:\Windows\System32\drivers\usbd.sys - ok

14:29:28.0352 3912 [ E13B5EA0F51BA5B1512EC671393D09BA ] C:\Windows\System32\drivers\modem.sys

14:29:28.0352 3912 C:\Windows\System32\drivers\modem.sys - ok

14:29:28.0367 3912 [ DCB199B967375753B5019EC15F008F53 ] C:\Windows\System32\drivers\aswSnx.sys

14:29:28.0367 3912 C:\Windows\System32\drivers\aswSnx.sys - ok

14:29:28.0367 3912 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys

14:29:28.0367 3912 C:\Windows\System32\drivers\fs_rec.sys - ok

14:29:28.0383 3912 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys

14:29:28.0383 3912 C:\Windows\System32\drivers\null.sys - ok

14:29:28.0398 3912 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys

14:29:28.0398 3912 C:\Windows\System32\drivers\beep.sys - ok

14:29:28.0414 3912 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys

14:29:28.0414 3912 C:\Windows\System32\drivers\vga.sys - ok

14:29:28.0414 3912 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys

14:29:28.0414 3912 C:\Windows\System32\drivers\videoprt.sys - ok

14:29:28.0430 3912 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys

14:29:28.0430 3912 C:\Windows\System32\drivers\RDPCDD.sys - ok

14:29:28.0445 3912 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys

14:29:28.0445 3912 C:\Windows\System32\drivers\msfs.sys - ok

14:29:28.0445 3912 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys

14:29:28.0445 3912 C:\Windows\System32\drivers\RDPENCDD.sys - ok

14:29:28.0461 3912 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys

14:29:28.0461 3912 C:\Windows\System32\drivers\npfs.sys - ok

14:29:28.0476 3912 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys

14:29:28.0476 3912 C:\Windows\System32\drivers\rasacd.sys - ok

14:29:28.0476 3912 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys

14:29:28.0476 3912 C:\Windows\System32\drivers\tdx.sys - ok

14:29:28.0492 3912 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] C:\Windows\System32\drivers\aswTdi.sys

14:29:28.0492 3912 C:\Windows\System32\drivers\aswTdi.sys - ok

14:29:28.0508 3912 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys

14:29:28.0508 3912 C:\Windows\System32\drivers\smb.sys - ok

14:29:28.0523 3912 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys

14:29:28.0523 3912 C:\Windows\System32\drivers\afd.sys - ok

14:29:28.0523 3912 [ DA12626FD9A67F4E917E2F2FBE1E1764 ] C:\Windows\System32\drivers\aswRdr.sys

14:29:28.0523 3912 C:\Windows\System32\drivers\aswRdr.sys - ok

14:29:28.0539 3912 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys

14:29:28.0539 3912 C:\Windows\System32\drivers\netbt.sys - ok

14:29:28.0554 3912 [ E3A3CB253C0EC2494D4A61F5E43A389C ] C:\Windows\System32\drivers\ws2ifsl.sys

14:29:28.0554 3912 C:\Windows\System32\drivers\ws2ifsl.sys - ok

14:29:28.0554 3912 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys

14:29:28.0554 3912 C:\Windows\System32\drivers\pacer.sys - ok

14:29:28.0570 3912 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys

14:29:28.0570 3912 C:\Windows\System32\drivers\netbios.sys - ok

14:29:28.0586 3912 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys

14:29:28.0586 3912 C:\Windows\System32\drivers\wanarp.sys - ok

14:29:28.0586 3912 [ 39763504067962108505BFF25F024345 ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

14:29:28.0586 3912 C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok

14:29:28.0601 3912 [ 77B9FC20084B48408AD3E87570EB4A85 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

14:29:28.0601 3912 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok

14:29:28.0617 3912 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys

14:29:28.0617 3912 C:\Windows\System32\drivers\rdbss.sys - ok

14:29:28.0632 3912 [ 5C918D413F5837E67A85775C9873775E ] C:\PROGRA~1\LAUNCH~1\DPortIO.sys

14:29:28.0632 3912 C:\PROGRA~1\LAUNCH~1\DPortIO.sys - ok

14:29:28.0632 3912 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys

14:29:28.0632 3912 C:\Windows\System32\drivers\nsiproxy.sys - ok

14:29:28.0648 3912 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys

14:29:28.0648 3912 C:\Windows\System32\drivers\dfsc.sys - ok

14:29:28.0664 3912 [ B32873E5A1443C0A1E322266E203BF10 ] C:\Windows\System32\drivers\aswSP.sys

14:29:28.0664 3912 C:\Windows\System32\drivers\aswSP.sys - ok

14:29:28.0664 3912 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe

14:29:28.0664 3912 C:\Windows\System32\smss.exe - ok

14:29:28.0679 3912 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll

14:29:28.0679 3912 C:\Windows\System32\ntdll.dll - ok

14:29:28.0695 3912 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe

14:29:28.0695 3912 C:\Windows\System32\autochk.exe - ok

14:29:28.0710 3912 [ BE3DA31C191BC222D9AD503C5224F2AD ] C:\Windows\System32\drivers\USBSTOR.SYS

14:29:28.0710 3912 C:\Windows\System32\drivers\USBSTOR.SYS - ok

14:29:28.0710 3912 [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys

14:29:28.0710 3912 C:\Windows\System32\drivers\fastfat.sys - ok

14:29:28.0726 3912 [ 574B473FACAA0E91702B86578440B525 ] C:\Windows\System32\kernel32.dll

14:29:28.0726 3912 C:\Windows\System32\kernel32.dll - ok

14:29:28.0742 3912 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll

14:29:28.0742 3912 C:\Windows\System32\normaliz.dll - ok

14:29:28.0742 3912 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll

14:29:28.0742 3912 C:\Windows\System32\setupapi.dll - ok

14:29:28.0757 3912 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll

14:29:28.0757 3912 C:\Windows\System32\ole32.dll - ok

14:29:28.0773 3912 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll

14:29:28.0773 3912 C:\Windows\System32\clbcatq.dll - ok

14:29:28.0788 3912 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll

14:29:28.0788 3912 C:\Windows\System32\advapi32.dll - ok

14:29:28.0788 3912 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll

14:29:28.0788 3912 C:\Windows\System32\comdlg32.dll - ok

14:29:28.0804 3912 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll

14:29:28.0804 3912 C:\Windows\System32\rpcrt4.dll - ok

14:29:28.0820 3912 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll

14:29:28.0820 3912 C:\Windows\System32\lpk.dll - ok

14:29:28.0820 3912 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll

14:29:28.0820 3912 C:\Windows\System32\shlwapi.dll - ok

14:29:28.0835 3912 [ 9FAC0F6D5F3D922DB294E30CD3F62369 ] C:\Windows\System32\urlmon.dll

14:29:28.0835 3912 C:\Windows\System32\urlmon.dll - ok

14:29:28.0851 3912 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll

14:29:28.0851 3912 C:\Windows\System32\msvcrt.dll - ok

14:29:28.0851 3912 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll

14:29:28.0851 3912 C:\Windows\System32\msctf.dll - ok

14:29:28.0866 3912 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll

14:29:28.0866 3912 C:\Windows\System32\gdi32.dll - ok

14:29:28.0882 3912 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll

14:29:28.0882 3912 C:\Windows\System32\ws2_32.dll - ok

14:29:28.0898 3912 [ 5553611E2F9EA6F613079177F1233068 ] C:\Windows\System32\wininet.dll

14:29:28.0898 3912 C:\Windows\System32\wininet.dll - ok

14:29:28.0898 3912 [ EB8A00E8E9931A7EC04F920B09D880D8 ] C:\Windows\System32\iertutil.dll

14:29:28.0898 3912 C:\Windows\System32\iertutil.dll - ok

14:29:28.0913 3912 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll

14:29:28.0913 3912 C:\Windows\System32\imm32.dll - ok

14:29:28.0929 3912 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll

14:29:28.0929 3912 C:\Windows\System32\nsi.dll - ok

14:29:28.0929 3912 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll

14:29:28.0929 3912 C:\Windows\System32\oleaut32.dll - ok

14:29:28.0944 3912 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll

14:29:28.0944 3912 C:\Windows\System32\user32.dll - ok

14:29:28.0960 3912 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll

14:29:28.0960 3912 C:\Windows\System32\shell32.dll - ok

14:29:28.0960 3912 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll

14:29:28.0960 3912 C:\Windows\System32\imagehlp.dll - ok

14:29:28.0976 3912 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll

14:29:28.0976 3912 C:\Windows\System32\usp10.dll - ok

14:29:28.0991 3912 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll

14:29:28.0991 3912 C:\Windows\System32\Wldap32.dll - ok

14:29:28.0991 3912 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll

14:29:28.0991 3912 C:\Windows\System32\comctl32.dll - ok

14:29:29.0007 3912 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll

14:29:29.0007 3912 C:\Windows\System32\psapi.dll - ok

14:29:29.0022 3912 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys

14:29:29.0022 3912 C:\Windows\System32\drivers\dxapi.sys - ok

14:29:29.0038 3912 [ 92D85E8A4129FE44A3266266AC8D151D ] C:\Windows\System32\win32k.sys

14:29:29.0038 3912 C:\Windows\System32\win32k.sys - ok

14:29:29.0038 3912 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll

14:29:29.0038 3912 C:\Windows\System32\basesrv.dll - ok

14:29:29.0054 3912 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll

14:29:29.0054 3912 C:\Windows\System32\csrsrv.dll - ok

14:29:29.0069 3912 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe

14:29:29.0069 3912 C:\Windows\System32\csrss.exe - ok

14:29:29.0069 3912 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll

14:29:29.0069 3912 C:\Windows\System32\winsrv.dll - ok

14:29:29.0085 3912 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys

14:29:29.0085 3912 C:\Windows\System32\drivers\monitor.sys - ok

14:29:29.0100 3912 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll

14:29:29.0100 3912 C:\Windows\System32\tsddd.dll - ok

14:29:29.0100 3912 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe

14:29:29.0100 3912 C:\Windows\System32\wininit.exe - ok

14:29:29.0116 3912 [ 026C3BD6F2F2FDC676ECED82062C9F47 ] C:\Program Files\AVAST Software\Avast\snxhk.dll

14:29:29.0116 3912 C:\Program Files\AVAST Software\Avast\snxhk.dll - ok

14:29:29.0132 3912 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll

14:29:29.0132 3912 C:\Windows\System32\sxs.dll - ok

14:29:29.0132 3912 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll

14:29:29.0132 3912 C:\Windows\System32\userenv.dll - ok

14:29:29.0147 3912 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll

14:29:29.0147 3912 C:\Windows\System32\secur32.dll - ok

14:29:29.0163 3912 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll

14:29:29.0163 3912 C:\Windows\System32\cdd.dll - ok

14:29:29.0163 3912 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL

14:29:29.0163 3912 C:\Windows\System32\KBDUS.DLL - ok

14:29:29.0178 3912 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe

14:29:29.0178 3912 C:\Windows\System32\winlogon.exe - ok

14:29:29.0194 3912 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll

14:29:29.0194 3912 C:\Windows\System32\WlS0WndH.dll - ok

14:29:29.0210 3912 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll

14:29:29.0210 3912 C:\Windows\System32\apphelp.dll - ok

14:29:29.0210 3912 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe

14:29:29.0210 3912 C:\Windows\System32\services.exe - ok

14:29:29.0225 3912 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe

14:29:29.0225 3912 C:\Windows\System32\lsass.exe - ok

14:29:29.0241 3912 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe

14:29:29.0241 3912 C:\Windows\System32\lsm.exe - ok

14:29:29.0241 3912 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll

14:29:29.0241 3912 C:\Windows\System32\lsasrv.dll - ok

14:29:29.0256 3912 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll

14:29:29.0256 3912 C:\Windows\System32\winsta.dll - ok

14:29:29.0272 3912 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll

14:29:29.0272 3912 C:\Windows\System32\scesrv.dll - ok

14:29:29.0272 3912 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll

14:29:29.0272 3912 C:\Windows\System32\sysntfy.dll - ok

14:29:29.0288 3912 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll

14:29:29.0288 3912 C:\Windows\System32\wmsgapi.dll - ok

14:29:29.0303 3912 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll

14:29:29.0303 3912 C:\Windows\System32\authz.dll - ok

14:29:29.0303 3912 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll

14:29:29.0303 3912 C:\Windows\System32\netapi32.dll - ok

14:29:29.0319 3912 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll

14:29:29.0319 3912 C:\Windows\System32\ncobjapi.dll - ok

14:29:29.0334 3912 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll

14:29:29.0334 3912 C:\Windows\System32\samsrv.dll - ok

14:29:29.0350 3912 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll

14:29:29.0350 3912 C:\Windows\System32\cryptdll.dll - ok

14:29:29.0350 3912 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll

14:29:29.0350 3912 C:\Windows\System32\dnsapi.dll - ok

14:29:29.0366 3912 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll

14:29:29.0366 3912 C:\Windows\System32\samlib.dll - ok

14:29:29.0381 3912 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll

14:29:29.0381 3912 C:\Windows\System32\aelupsvc.dll - ok

14:29:29.0381 3912 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll

14:29:29.0381 3912 C:\Windows\System32\feclient.dll - ok

14:29:29.0397 3912 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll

14:29:29.0397 3912 C:\Windows\System32\mpr.dll - ok

14:29:29.0412 3912 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll

14:29:29.0412 3912 C:\Windows\System32\msasn1.dll - ok

14:29:29.0412 3912 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll

14:29:29.0412 3912 C:\Windows\System32\ntdsapi.dll - ok

14:29:29.0428 3912 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe

14:29:29.0428 3912 C:\Windows\System32\alg.exe - ok

14:29:29.0444 3912 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll

14:29:29.0444 3912 C:\Windows\System32\appinfo.dll - ok

14:29:29.0459 3912 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\System32\crypt32.dll

14:29:29.0459 3912 C:\Windows\System32\crypt32.dll - ok

14:29:29.0459 3912 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll

14:29:29.0459 3912 C:\Windows\System32\audiosrv.dll - ok

14:29:29.0475 3912 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL

14:29:29.0475 3912 C:\Windows\System32\BFE.DLL - ok

14:29:29.0490 3912 [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll

14:29:29.0490 3912 C:\Windows\System32\qmgr.dll - ok

14:29:29.0490 3912 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll

14:29:29.0490 3912 C:\Windows\System32\SLC.dll - ok

14:29:29.0506 3912 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll

14:29:29.0506 3912 C:\Windows\System32\wevtapi.dll - ok

14:29:29.0522 3912 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll

14:29:29.0522 3912 C:\Windows\System32\browser.dll - ok

14:29:29.0522 3912 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL

14:29:29.0522 3912 C:\Windows\System32\IPHLPAPI.DLL - ok

14:29:29.0537 3912 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll

14:29:29.0537 3912 C:\Windows\System32\certprop.dll - ok

14:29:29.0553 3912 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll

14:29:29.0553 3912 C:\Windows\System32\dhcpcsvc.dll - ok

14:29:29.0553 3912 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll

14:29:29.0553 3912 C:\Windows\System32\dhcpcsvc6.dll - ok

14:29:29.0568 3912 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll

14:29:29.0568 3912 C:\Windows\System32\winnsi.dll - ok

14:29:29.0584 3912 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll

14:29:29.0584 3912 C:\Windows\System32\cngaudit.dll - ok

14:29:29.0584 3912 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll

14:29:29.0600 3912 C:\Windows\System32\comres.dll - ok

14:29:29.0600 3912 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll

14:29:29.0600 3912 C:\Windows\System32\bcrypt.dll - ok

14:29:29.0615 3912 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32\ncrypt.dll

14:29:29.0615 3912 C:\Windows\System32\ncrypt.dll - ok

14:29:29.0631 3912 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll

14:29:29.0631 3912 C:\Windows\System32\credssp.dll - ok

14:29:29.0631 3912 [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\Windows\System32\cryptsvc.dll

14:29:29.0631 3912 C:\Windows\System32\cryptsvc.dll - ok

14:29:29.0646 3912 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll

14:29:29.0646 3912 C:\Windows\System32\oleres.dll - ok

14:29:29.0662 3912 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll

14:29:29.0662 3912 C:\Windows\System32\msprivs.dll - ok

14:29:29.0662 3912 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll

14:29:29.0662 3912 C:\Windows\System32\kerberos.dll - ok

14:29:29.0678 3912 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL

14:29:29.0678 3912 C:\Windows\System32\WSHTCPIP.DLL - ok

14:29:29.0693 3912 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll

14:29:29.0693 3912 C:\Windows\System32\dfsrres.dll - ok

14:29:29.0693 3912 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll

14:29:29.0693 3912 C:\Windows\System32\dot3svc.dll - ok

14:29:29.0709 3912 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll

14:29:29.0709 3912 C:\Windows\System32\wship6.dll - ok

14:29:29.0724 3912 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll

14:29:29.0724 3912 C:\Windows\System32\wshqos.dll - ok

14:29:29.0724 3912 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll

14:29:29.0724 3912 C:\Windows\System32\dps.dll - ok

14:29:29.0740 3912 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll

14:29:29.0740 3912 C:\Windows\System32\NapiNSP.dll - ok

14:29:29.0756 3912 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll

14:29:29.0756 3912 C:\Windows\System32\nlasvc.dll - ok

14:29:29.0756 3912 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll

14:29:29.0756 3912 C:\Windows\System32\eapsvc.dll - ok

14:29:29.0771 3912 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll

14:29:29.0771 3912 C:\Windows\System32\emdmgmt.dll - ok

14:29:29.0787 3912 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll

14:29:29.0787 3912 C:\Windows\System32\pnrpnsp.dll - ok

14:29:29.0802 3912 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll

14:29:29.0802 3912 C:\Windows\System32\wevtsvc.dll - ok

14:29:29.0802 3912 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.