Jump to content


Photo
- - - - -

Ramsomware removal

police ransom fbi

  • This topic is locked This topic is locked
15 replies to this topic

#1 dann

dann

    New Member

  • Members
  • Pip
  • 7 posts

Posted 09 July 2013 - 04:38 PM

I have got a computer that has been infected with ransomware.  I have even tried to book to safe mode but as soon as I boot to safe it auto restarts!

 

I have downloaded  FRST64.exe as recommended from previous posts on here but now I need help in how to remove the virus, I can post the 2 logs here...

 

 

 

 



#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 09 July 2013 - 04:39 PM

If you have those logs, go ahead and post them here ;)


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 dann

dann

    New Member

  • Members
  • Pip
  • 7 posts

Posted 09 July 2013 - 04:41 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01
Ran by SYSTEM on 09-07-2013 22:18:57
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [Maps4PC_0c Browser Plugin Loader] - C:\PROGRA~2\MAPS4P~2\bar\1.bin\0cbrmon.exe [30096 2011-09-28] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] - "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] - "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Les\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18708224 2013-01-08] (Skype Technologies S.A.)
HKU\Les\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHDE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-7525 Series" [241280 2013-02-23] (SEIKO EPSON CORPORATION)
HKU\Les\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-04-19] (Google Inc.)
HKU\Les\...\Winlogon: [Shell] explorer.exe,C:\Users\Les\AppData\Roaming\skype.dat [70144 2011-11-16] () <==== ATTENTION
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll  [22592 2013-06-22] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL c:\progra~3\browse~2\261339~1.144\{c16c1~1\browse~1.dll   C:\PROGRA~2\MUSICT~1\Datamngr\mgrldr.dll  [18496 2013-06-22] ()
IMEO\audibledownloadhelper.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\bingdesktop.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\extendscript toolkit.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\firefox.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\photoshop elements 8.0.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\photoshopelementseditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\photoshopelementsorganizer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\rim.desktop.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
S2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3179584 2013-06-22] (iMesh Inc.)
S2 Maps4PC_0cService; C:\PROGRA~2\MAPS4P~2\bar\1.bin\0cbarsvc.exe [42504 2011-08-22] (COMPANYVERS_NAME)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S4 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [34320 2011-09-27] (MyWebSearch.com)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)

==================== Drivers (Whitelisted) ====================

S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-18] (Duplex Secure Ltd.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 22:18 - 2013-07-09 22:18 - 00000000 ____D C:\FRST
2013-07-08 08:25 - 2013-07-08 11:37 - 00000004 ____A C:\Users\Les\AppData\Roaming\skype.ini
2013-07-07 08:32 - 2013-07-07 09:15 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-07 08:31 - 2013-07-07 08:31 - 14391552 ____A (PortableApps.com) C:\Users\Les\Desktop\Java_Portable_6_Update_21_online.paf.exe
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Users\Les\AppData\Roaming\Delta
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Users\Les\AppData\Roaming\BabSolution
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Users\Les\AppData\Local\Wajam
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____A C:\END
2013-07-05 01:58 - 2013-07-05 01:58 - 00002360 ____A C:\Users\Les\Desktop\Google Chrome.lnk
2013-06-29 14:55 - 2013-06-29 14:55 - 00000000 ____D C:\ProgramData\Browser Manager
2013-06-29 12:38 - 2013-06-29 12:39 - 00021504 ____A C:\Users\Les\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-29 12:36 - 2013-06-29 12:36 - 00000000 ____D C:\Users\Les\AppData\Roaming\MusicNet
2013-06-29 12:35 - 2013-06-29 12:35 - 00000000 ____D C:\Users\Les\Documents\My Received Files
2013-06-29 12:34 - 2013-06-29 12:34 - 00000000 ____D C:\ProgramData\Wincert
2013-06-29 12:33 - 2013-07-08 11:37 - 00000000 ____D C:\ProgramData\Datamngr
2013-06-29 12:33 - 2013-06-29 12:33 - 00000000 ____D C:\Program Files (x86)\Music Toolbar
2013-06-29 09:43 - 2013-06-29 09:43 - 00000000 ____D C:\Users\Les\AppData\Roaming\AVG2013
2013-06-29 01:23 - 2013-06-29 01:23 - 00001003 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-29 01:20 - 2013-06-29 01:25 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-29 01:18 - 2013-06-29 09:44 - 00000000 ____D C:\Users\Les\AppData\Local\Avg2013
2013-06-29 01:18 - 2013-06-29 01:18 - 00000000 ____D C:\Users\Les\AppData\Local\MFAData
2013-06-28 09:32 - 2013-06-28 09:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-28 09:32 - 2013-06-28 09:33 - 00000000 ____D C:\Program Files\iTunes
2013-06-28 09:32 - 2013-06-28 09:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-28 09:32 - 2013-06-28 09:32 - 00000000 ____D C:\Program Files\iPod
2013-06-28 04:59 - 2013-06-28 04:59 - 02238976 ____N C:\Users\Les\Documents\IBA Manual of Deal Pages.xls
2013-06-26 18:06 - 2013-06-26 18:06 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-26 18:06 - 2013-06-26 18:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-26 18:06 - 2013-06-26 18:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-26 18:06 - 2013-06-26 18:06 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-26 18:06 - 2013-06-26 18:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-26 18:06 - 2013-06-26 18:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-26 18:06 - 2013-06-26 18:06 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-26 18:06 - 2013-06-26 18:06 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-26 18:06 - 2013-06-26 18:06 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-26 18:06 - 2013-06-26 18:06 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-26 18:06 - 2013-06-26 18:06 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-26 18:04 - 2013-06-26 18:10 - 00007201 ____A C:\Windows\IE10_main.log
2013-06-26 16:01 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-26 16:01 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-26 16:01 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-26 16:01 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-26 16:01 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-26 15:59 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-26 15:59 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-26 15:58 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-26 15:58 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-26 15:58 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-26 15:58 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-26 15:58 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-26 15:58 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-26 15:58 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-26 15:58 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-26 15:58 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-26 15:58 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-26 15:56 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-26 15:56 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-09 22:18 - 2013-07-09 22:18 - 00000000 ____D C:\FRST
2013-07-08 11:38 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 11:38 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 11:37 - 2013-07-08 08:25 - 00000004 ____A C:\Users\Les\AppData\Roaming\skype.ini
2013-07-08 11:37 - 2013-06-29 12:33 - 00000000 ____D C:\ProgramData\Datamngr
2013-07-08 11:37 - 2011-05-21 07:12 - 01968896 ____A C:\Windows\WindowsUpdate.log
2013-07-08 11:36 - 2011-07-16 02:36 - 00009852 ____A C:\Users\Les\Sti_Trace.log
2013-07-08 11:34 - 2013-01-26 17:00 - 00005594 ____A C:\Windows\setupact.log
2013-07-08 11:34 - 2012-11-17 19:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-08 11:34 - 2011-09-06 07:00 - 00000310 __ASH C:\Windows\Tasks\unzynxnxke.job
2013-07-08 11:34 - 2011-05-21 14:20 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 11:34 - 2011-05-21 07:32 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-07-08 11:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 11:16 - 2011-05-21 14:20 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 11:14 - 2011-05-21 08:21 - 00000000 ____D C:\ProgramData\MFAData
2013-07-08 11:12 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 11:09 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-08 08:41 - 2011-06-06 14:01 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3352994947-2355220423-3568772355-1001UA.job
2013-07-08 08:28 - 2010-11-20 19:47 - 00189192 ____A C:\Windows\PFRO.log
2013-07-08 08:28 - 2009-07-13 21:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-08 07:53 - 2011-05-21 08:00 - 00000000 ____D C:\Users\Les\Documents\Outlook Files
2013-07-08 07:51 - 2012-07-16 08:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 05:41 - 2011-06-06 14:01 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3352994947-2355220423-3568772355-1001Core.job
2013-07-07 09:15 - 2013-07-07 08:32 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-07 09:11 - 2011-06-12 10:06 - 00003125 ____A C:\Users\Les\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-07-07 08:31 - 2013-07-07 08:31 - 14391552 ____A (PortableApps.com) C:\Users\Les\Desktop\Java_Portable_6_Update_21_online.paf.exe
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Users\Les\AppData\Roaming\Delta
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Users\Les\AppData\Roaming\BabSolution
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Users\Les\AppData\Local\Wajam
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-07 08:31 - 2013-07-07 08:31 - 00000000 ____A C:\END
2013-07-06 04:47 - 2011-05-21 08:05 - 00000000 ____D C:\Users\Les\AppData\Roaming\Skype
2013-07-05 01:58 - 2013-07-05 01:58 - 00002360 ____A C:\Users\Les\Desktop\Google Chrome.lnk
2013-06-29 14:55 - 2013-06-29 14:55 - 00000000 ____D C:\ProgramData\Browser Manager
2013-06-29 12:39 - 2013-06-29 12:38 - 00021504 ____A C:\Users\Les\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-29 12:36 - 2013-06-29 12:36 - 00000000 ____D C:\Users\Les\AppData\Roaming\MusicNet
2013-06-29 12:35 - 2013-06-29 12:35 - 00000000 ____D C:\Users\Les\Documents\My Received Files
2013-06-29 12:34 - 2013-06-29 12:34 - 00000000 ____D C:\ProgramData\Wincert
2013-06-29 12:33 - 2013-06-29 12:33 - 00000000 ____D C:\Program Files (x86)\Music Toolbar
2013-06-29 12:17 - 2013-05-01 12:53 - 00000000 ____D C:\Users\Les\Documents\Mr Ohms Logos
2013-06-29 09:44 - 2013-06-29 01:18 - 00000000 ____D C:\Users\Les\AppData\Local\Avg2013
2013-06-29 09:43 - 2013-06-29 09:43 - 00000000 ____D C:\Users\Les\AppData\Roaming\AVG2013
2013-06-29 09:43 - 2011-05-21 08:41 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-29 01:25 - 2013-06-29 01:20 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-29 01:23 - 2013-06-29 01:23 - 00001003 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-29 01:23 - 2012-10-27 01:07 - 00000000 ____D C:\Users\Les\AppData\Roaming\TuneUp Software
2013-06-29 01:22 - 2011-09-24 00:30 - 00000000 ___HD C:\$AVG
2013-06-29 01:18 - 2013-06-29 01:18 - 00000000 ____D C:\Users\Les\AppData\Local\MFAData
2013-06-28 17:50 - 2011-05-21 08:42 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-28 09:36 - 2011-05-23 03:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-28 09:33 - 2013-06-28 09:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-28 09:33 - 2013-06-28 09:32 - 00000000 ____D C:\Program Files\iTunes
2013-06-28 09:33 - 2013-06-28 09:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-28 09:33 - 2012-11-03 08:42 - 00001821 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-28 09:32 - 2013-06-28 09:32 - 00000000 ____D C:\Program Files\iPod
2013-06-28 04:59 - 2013-06-28 04:59 - 02238976 ____N C:\Users\Les\Documents\IBA Manual of Deal Pages.xls
2013-06-26 23:37 - 2011-05-21 14:20 - 00000000 ____D C:\Users\Les\AppData\Local\Google
2013-06-26 19:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-26 18:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-26 18:10 - 2013-06-26 18:04 - 00007201 ____A C:\Windows\IE10_main.log
2013-06-26 18:06 - 2013-06-26 18:06 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-26 18:06 - 2013-06-26 18:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-26 18:06 - 2013-06-26 18:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-26 18:06 - 2013-06-26 18:06 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-26 18:06 - 2013-06-26 18:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-26 18:06 - 2013-06-26 18:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-26 18:06 - 2013-06-26 18:06 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-26 18:06 - 2013-06-26 18:06 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-26 18:06 - 2013-06-26 18:06 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-26 18:06 - 2013-06-26 18:06 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-26 18:06 - 2013-06-26 18:06 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-26 18:06 - 2013-06-26 18:06 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-26 18:01 - 2011-06-01 02:55 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-26 16:51 - 2012-04-14 17:44 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-26 16:51 - 2011-05-21 14:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3352994947-2355220423-3568772355-1001\$46bdc989289dea48ab74525a3982e5a1

Files to move or delete:
====================
C:\Users\Les\AppData\Roaming\skype.dat
C:\Users\Les\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 2047.18 MB
Available physical RAM: 1555.31 MB
Total Pagefile: 2047.18 MB
Available Pagefile: 1543 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:451.11 GB) (Free:350.12 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:278.54 GB) NTFS (Disk=1 Partition=1)
Drive e: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:6.95 GB) NTFS (Disk=0 Partition=1)
Drive h: (KINGSTON) (Removable) (Total:7.44 GB) (Free:7.34 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E04C1E5F)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 7B9C243B)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 65901243)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-07-02 15:06

==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x64) Version: 09-07-2013 01
Ran by SYSTEM at 2013-07-09 22:21:08
Running from H:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======



#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 09 July 2013 - 04:44 PM

Hello dann and welcome to Malwarebytes!

Please do the following:

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

 

C:\Users\Les\AppData\Roaming\skype.dat
C:\Users\Les\AppData\Roaming\skype.ini
C:\$Recycle.Bin\S-1-5-21-3352994947-2355220423-3568772355-1001\$46bdc989289dea48ab74525a3982e5a1
HKU\Les\...\Winlogon: [Shell] explorer.exe,C:\Users\Les\AppData\Roaming\skype.dat [70144 2011-11-16] () <==== ATTENTION


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)


-DFB


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 dann

dann

    New Member

  • Members
  • Pip
  • 7 posts

Posted 09 July 2013 - 04:49 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-07-2013 01
Ran by SYSTEM at 2013-07-09 22:47:48 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

C:\Users\Les\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Les\AppData\Roaming\skype.ini => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3352994947-2355220423-3568772355-1001\$46bdc989289dea48ab74525a3982e5a1 => Moved successfully.
HKU\Les\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

==== End of Fixlog ====



#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 09 July 2013 - 04:50 PM

Are you able to boot normally?


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 dann

dann

    New Member

  • Members
  • Pip
  • 7 posts

Posted 09 July 2013 - 04:55 PM

Excellent! All working fine now... Thank you!



#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 09 July 2013 - 04:55 PM

Glad to hear you can boot.  Let's start getting rid of the rest of it:

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 dann

dann

    New Member

  • Members
  • Pip
  • 7 posts

Posted 09 July 2013 - 05:06 PM

23:02:26.0664 4152  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
23:02:26.0773 4152  ============================================================
23:02:26.0773 4152  Current date / time: 2013/07/09 23:02:26.0773
23:02:26.0773 4152  SystemInfo:
23:02:26.0773 4152  
23:02:26.0773 4152  OS Version: 6.1.7601 ServicePack: 1.0
23:02:26.0773 4152  Product type: Workstation
23:02:26.0773 4152  ComputerName: LES-PC
23:02:26.0773 4152  UserName: Les
23:02:26.0773 4152  Windows directory: C:\Windows
23:02:26.0773 4152  System windows directory: C:\Windows
23:02:26.0773 4152  Running under WOW64
23:02:26.0773 4152  Processor architecture: Intel x64
23:02:26.0773 4152  Number of processors: 2
23:02:26.0773 4152  Page size: 0x1000
23:02:26.0773 4152  Boot type: Normal boot
23:02:26.0773 4152  ============================================================
23:02:28.0350 4152  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:02:28.0366 4152  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:02:28.0381 4152  Drive \Device\Harddisk6\DR6 - Size: 0x1DC8D0800 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:02:28.0381 4152  ============================================================
23:02:28.0381 4152  \Device\Harddisk0\DR0:
23:02:28.0381 4152  MBR partitions:
23:02:28.0381 4152  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x38636000
23:02:28.0381 4152  \Device\Harddisk1\DR1:
23:02:28.0381 4152  MBR partitions:
23:02:28.0381 4152  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
23:02:28.0381 4152  \Device\Harddisk6\DR6:
23:02:28.0397 4152  MBR partitions:
23:02:28.0397 4152  \Device\Harddisk6\DR6\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEE3FA1
23:02:28.0397 4152  ============================================================
23:02:28.0412 4152  C: <-> \Device\Harddisk0\DR0\Partition1
23:02:28.0444 4152  D: <-> \Device\Harddisk1\DR1\Partition1
23:02:28.0444 4152  ============================================================
23:02:28.0444 4152  Initialize success
23:02:28.0444 4152  ============================================================
23:03:19.0674 1528  ============================================================
23:03:19.0674 1528  Scan started
23:03:19.0674 1528  Mode: Manual;
23:03:19.0674 1528  ============================================================
23:03:20.0251 1528  ================ Scan system memory ========================
23:03:20.0251 1528  System memory - ok
23:03:20.0251 1528  ================ Scan services =============================
23:03:20.0392 1528  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:03:20.0392 1528  1394ohci - ok
23:03:20.0423 1528  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:03:20.0439 1528  ACPI - ok
23:03:20.0454 1528  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:03:20.0454 1528  AcpiPmi - ok
23:03:20.0548 1528  [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
23:03:20.0548 1528  AdobeActiveFileMonitor8.0 - ok
23:03:20.0610 1528  [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
23:03:20.0610 1528  AdobeActiveFileMonitor9.0 - ok
23:03:20.0673 1528  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:03:20.0673 1528  AdobeARMservice - ok
23:03:20.0766 1528  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:03:20.0782 1528  AdobeFlashPlayerUpdateSvc - ok
23:03:20.0829 1528  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:03:20.0844 1528  adp94xx - ok
23:03:20.0860 1528  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:03:20.0860 1528  adpahci - ok
23:03:20.0875 1528  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:03:20.0875 1528  adpu320 - ok
23:03:20.0922 1528  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:03:20.0922 1528  AeLookupSvc - ok
23:03:20.0969 1528  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
23:03:20.0985 1528  AFD - ok
23:03:21.0000 1528  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:03:21.0016 1528  agp440 - ok
23:03:21.0031 1528  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:03:21.0031 1528  ALG - ok
23:03:21.0047 1528  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:03:21.0047 1528  aliide - ok
23:03:21.0063 1528  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:03:21.0063 1528  amdide - ok
23:03:21.0094 1528  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:03:21.0094 1528  AmdK8 - ok
23:03:21.0094 1528  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:03:21.0094 1528  AmdPPM - ok
23:03:21.0125 1528  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:03:21.0141 1528  amdsata - ok
23:03:21.0156 1528  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:03:21.0156 1528  amdsbs - ok
23:03:21.0172 1528  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:03:21.0172 1528  amdxata - ok
23:03:21.0187 1528  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
23:03:21.0187 1528  AppID - ok
23:03:21.0219 1528  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:03:21.0219 1528  AppIDSvc - ok
23:03:21.0234 1528  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
23:03:21.0265 1528  Appinfo - ok
23:03:21.0375 1528  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:03:21.0375 1528  Apple Mobile Device - ok
23:03:21.0390 1528  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
23:03:21.0390 1528  arc - ok
23:03:21.0406 1528  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:03:21.0406 1528  arcsas - ok
23:03:21.0421 1528  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:21.0421 1528  AsyncMac - ok
23:03:21.0437 1528  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
23:03:21.0437 1528  atapi - ok
23:03:21.0468 1528  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:03:21.0499 1528  AudioEndpointBuilder - ok
23:03:21.0499 1528  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:03:21.0515 1528  AudioSrv - ok
23:03:21.0546 1528  [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
23:03:21.0546 1528  Avgfwfd - ok
23:03:21.0624 1528  [ 6D3A517FE33AD047578BF73BB447EEAD ] avgfws          C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
23:03:21.0655 1528  avgfws - ok
23:03:21.0796 1528  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
23:03:21.0936 1528  AVGIDSAgent - ok
23:03:21.0967 1528  [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
23:03:21.0967 1528  AVGIDSDriver - ok
23:03:22.0014 1528  [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
23:03:22.0014 1528  AVGIDSHA - ok
23:03:22.0061 1528  [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
23:03:22.0061 1528  Avgldx64 - ok
23:03:22.0092 1528  [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
23:03:22.0092 1528  Avgloga - ok
23:03:22.0123 1528  [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
23:03:22.0123 1528  Avgmfx64 - ok
23:03:22.0139 1528  [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
23:03:22.0139 1528  Avgrkx64 - ok
23:03:22.0170 1528  [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
23:03:22.0170 1528  Avgtdia - ok
23:03:22.0201 1528  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
23:03:22.0201 1528  avgwd - ok
23:03:22.0233 1528  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:03:22.0233 1528  AxInstSV - ok
23:03:22.0264 1528  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:03:22.0279 1528  b06bdrv - ok
23:03:22.0311 1528  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:03:22.0311 1528  b57nd60a - ok
23:03:22.0326 1528  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:03:22.0326 1528  BDESVC - ok
23:03:22.0357 1528  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:03:22.0373 1528  Beep - ok
23:03:22.0389 1528  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
23:03:22.0404 1528  BFE - ok
23:03:22.0451 1528  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
23:03:22.0467 1528  BITS - ok
23:03:22.0467 1528  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:03:22.0482 1528  blbdrive - ok
23:03:22.0576 1528  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:03:22.0591 1528  Bonjour Service - ok
23:03:22.0623 1528  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:03:22.0623 1528  bowser - ok
23:03:22.0654 1528  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:03:22.0654 1528  BrFiltLo - ok
23:03:22.0669 1528  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:03:22.0669 1528  BrFiltUp - ok
23:03:22.0701 1528  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
23:03:22.0701 1528  Browser - ok
23:03:22.0810 1528  [ 013A330F16B1CECBDE5CB6F921689523 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
23:03:22.0857 1528  BrowserDefendert - ok
23:03:22.0872 1528  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:03:22.0888 1528  Brserid - ok
23:03:22.0903 1528  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:03:22.0903 1528  BrSerWdm - ok
23:03:22.0919 1528  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:03:22.0919 1528  BrUsbMdm - ok
23:03:22.0935 1528  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:03:22.0935 1528  BrUsbSer - ok
23:03:22.0950 1528  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:03:22.0950 1528  BTHMODEM - ok
23:03:22.0981 1528  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:03:22.0981 1528  bthserv - ok
23:03:22.0997 1528  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:03:23.0013 1528  cdfs - ok
23:03:23.0028 1528  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:03:23.0028 1528  cdrom - ok
23:03:23.0044 1528  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:03:23.0044 1528  CertPropSvc - ok
23:03:23.0059 1528  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
23:03:23.0059 1528  circlass - ok
23:03:23.0137 1528  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:03:23.0137 1528  CLFS - ok
23:03:23.0184 1528  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:03:23.0184 1528  clr_optimization_v2.0.50727_32 - ok
23:03:23.0231 1528  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:03:23.0247 1528  clr_optimization_v2.0.50727_64 - ok
23:03:23.0309 1528  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:23.0309 1528  clr_optimization_v4.0.30319_32 - ok
23:03:23.0340 1528  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:03:23.0340 1528  clr_optimization_v4.0.30319_64 - ok
23:03:23.0371 1528  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:03:23.0371 1528  CmBatt - ok
23:03:23.0387 1528  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:03:23.0387 1528  cmdide - ok
23:03:23.0434 1528  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
23:03:23.0449 1528  CNG - ok
23:03:23.0465 1528  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:03:23.0465 1528  Compbatt - ok
23:03:23.0481 1528  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:03:23.0481 1528  CompositeBus - ok
23:03:23.0481 1528  COMSysApp - ok
23:03:23.0496 1528  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:03:23.0496 1528  crcdisk - ok
23:03:23.0527 1528  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:03:23.0527 1528  CryptSvc - ok
23:03:23.0652 1528  [ 63BB35797AAA73236FB85C6363E2F156 ] DatamngrCoordinator C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
23:03:23.0746 1528  DatamngrCoordinator - ok
23:03:23.0793 1528  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:03:23.0808 1528  DcomLaunch - ok
23:03:23.0839 1528  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:03:23.0839 1528  defragsvc - ok
23:03:23.0871 1528  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:03:23.0871 1528  DfsC - ok
23:03:23.0902 1528  [ 0B3F6C8F93C5C25977EA5A8B2E656357 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
23:03:23.0902 1528  dg_ssudbus - ok
23:03:23.0933 1528  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:03:23.0933 1528  Dhcp - ok
23:03:23.0964 1528  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:03:23.0964 1528  discache - ok
23:03:23.0980 1528  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
23:03:23.0980 1528  Disk - ok
23:03:24.0011 1528  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:03:24.0011 1528  Dnscache - ok
23:03:24.0042 1528  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:03:24.0042 1528  dot3svc - ok
23:03:24.0058 1528  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
23:03:24.0058 1528  DPS - ok
23:03:24.0089 1528  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:03:24.0089 1528  drmkaud - ok
23:03:24.0136 1528  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:03:24.0151 1528  DXGKrnl - ok
23:03:24.0183 1528  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:03:24.0183 1528  EapHost - ok
23:03:24.0261 1528  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:03:24.0323 1528  ebdrv - ok
23:03:24.0354 1528  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
23:03:24.0354 1528  EFS - ok
23:03:24.0401 1528  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:03:24.0417 1528  ehRecvr - ok
23:03:24.0432 1528  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:03:24.0432 1528  ehSched - ok
23:03:24.0479 1528  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:03:24.0495 1528  elxstor - ok
23:03:24.0495 1528  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:03:24.0510 1528  ErrDev - ok
23:03:24.0573 1528  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:03:24.0588 1528  EventSystem - ok
23:03:24.0619 1528  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:03:24.0635 1528  exfat - ok
23:03:24.0666 1528  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:03:24.0682 1528  fastfat - ok
23:03:24.0713 1528  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
23:03:24.0729 1528  Fax - ok
23:03:24.0744 1528  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
23:03:24.0744 1528  fdc - ok
23:03:24.0760 1528  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:03:24.0760 1528  fdPHost - ok
23:03:24.0775 1528  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:03:24.0775 1528  FDResPub - ok
23:03:24.0807 1528  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:03:24.0807 1528  FileInfo - ok
23:03:24.0807 1528  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:03:24.0822 1528  Filetrace - ok
23:03:24.0869 1528  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:03:24.0885 1528  FLEXnet Licensing Service - ok
23:03:24.0900 1528  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:03:24.0900 1528  flpydisk - ok
23:03:24.0916 1528  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:03:24.0931 1528  FltMgr - ok
23:03:24.0963 1528  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
23:03:24.0994 1528  FontCache - ok
23:03:25.0041 1528  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:03:25.0041 1528  FontCache3.0.0.0 - ok
23:03:25.0056 1528  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:03:25.0072 1528  FsDepends - ok
23:03:25.0119 1528  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
23:03:25.0119 1528  fssfltr - ok
23:03:25.0181 1528  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:03:25.0228 1528  fsssvc - ok
23:03:25.0275 1528  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:03:25.0275 1528  Fs_Rec - ok
23:03:25.0306 1528  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:03:25.0306 1528  fvevol - ok
23:03:25.0321 1528  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:03:25.0321 1528  gagp30kx - ok
23:03:25.0353 1528  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:03:25.0353 1528  GEARAspiWDM - ok
23:03:25.0384 1528  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
23:03:25.0399 1528  gpsvc - ok
23:03:25.0493 1528  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:03:25.0493 1528  gupdate - ok
23:03:25.0493 1528  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:03:25.0509 1528  gupdatem - ok
23:03:25.0555 1528  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:03:25.0571 1528  gusvc - ok
23:03:25.0587 1528  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:03:25.0587 1528  hcw85cir - ok
23:03:25.0633 1528  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:03:25.0633 1528  HdAudAddService - ok
23:03:25.0649 1528  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:03:25.0649 1528  HDAudBus - ok
23:03:25.0680 1528  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:03:25.0680 1528  HidBatt - ok
23:03:25.0696 1528  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:03:25.0696 1528  HidBth - ok
23:03:25.0711 1528  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:03:25.0711 1528  HidIr - ok
23:03:25.0743 1528  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
23:03:25.0743 1528  hidserv - ok
23:03:25.0758 1528  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:03:25.0758 1528  HidUsb - ok
23:03:25.0789 1528  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:03:25.0789 1528  hkmsvc - ok
23:03:25.0821 1528  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:03:25.0821 1528  HomeGroupListener - ok
23:03:25.0852 1528  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:03:25.0867 1528  HomeGroupProvider - ok
23:03:25.0883 1528  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:03:25.0883 1528  HpSAMD - ok
23:03:25.0914 1528  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:03:25.0930 1528  HTTP - ok
23:03:25.0945 1528  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:03:25.0945 1528  hwpolicy - ok
23:03:25.0961 1528  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:03:25.0961 1528  i8042prt - ok
23:03:25.0992 1528  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:03:25.0992 1528  iaStorV - ok
23:03:26.0086 1528  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:03:26.0086 1528  IDriverT - ok
23:03:26.0133 1528  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:03:26.0148 1528  idsvc - ok
23:03:26.0164 1528  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:03:26.0179 1528  iirsp - ok
23:03:26.0211 1528  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:03:26.0242 1528  IKEEXT - ok
23:03:26.0242 1528  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:03:26.0257 1528  intelide - ok
23:03:26.0273 1528  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
23:03:26.0273 1528  intelppm - ok
23:03:26.0289 1528  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:03:26.0289 1528  IPBusEnum - ok
23:03:26.0304 1528  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:03:26.0304 1528  IpFilterDriver - ok
23:03:26.0351 1528  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:03:26.0367 1528  iphlpsvc - ok
23:03:26.0382 1528  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:03:26.0382 1528  IPMIDRV - ok
23:03:26.0398 1528  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:03:26.0413 1528  IPNAT - ok
23:03:26.0476 1528  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:03:26.0491 1528  iPod Service - ok
23:03:26.0523 1528  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:03:26.0523 1528  IRENUM - ok
23:03:26.0554 1528  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:03:26.0554 1528  isapnp - ok
23:03:26.0569 1528  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:03:26.0569 1528  iScsiPrt - ok
23:03:26.0601 1528  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:03:26.0601 1528  kbdclass - ok
23:03:26.0616 1528  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:03:26.0616 1528  kbdhid - ok
23:03:26.0632 1528  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:03:26.0632 1528  KeyIso - ok
23:03:26.0663 1528  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:03:26.0663 1528  KSecDD - ok
23:03:26.0694 1528  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:03:26.0694 1528  KSecPkg - ok
23:03:26.0725 1528  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:03:26.0725 1528  ksthunk - ok
23:03:26.0757 1528  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:03:26.0772 1528  KtmRm - ok
23:03:26.0803 1528  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:03:26.0803 1528  LanmanServer - ok
23:03:26.0850 1528  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:03:26.0850 1528  LanmanWorkstation - ok
23:03:26.0866 1528  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:03:26.0866 1528  lltdio - ok
23:03:26.0897 1528  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:03:26.0897 1528  lltdsvc - ok
23:03:26.0928 1528  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:03:26.0928 1528  lmhosts - ok
23:03:26.0944 1528  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:03:26.0959 1528  LSI_FC - ok
23:03:26.0975 1528  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:03:26.0975 1528  LSI_SAS - ok
23:03:26.0991 1528  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:03:26.0991 1528  LSI_SAS2 - ok
23:03:27.0006 1528  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:03:27.0022 1528  LSI_SCSI - ok
23:03:27.0037 1528  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:03:27.0053 1528  luafv - ok
23:03:27.0100 1528  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
23:03:27.0100 1528  LVRS64 - ok
23:03:27.0287 1528  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
23:03:27.0427 1528  LVUVC64 - ok
23:03:27.0490 1528  [ 622FCF264119F7DF127BE353F796B319 ] Maps4PC_0cService C:\PROGRA~2\MAPS4P~2\bar\1.bin\0cbarsvc.exe
23:03:27.0490 1528  Maps4PC_0cService - ok
23:03:27.0552 1528  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
23:03:27.0552 1528  McComponentHostService - ok
23:03:27.0583 1528  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:03:27.0583 1528  Mcx2Svc - ok
23:03:27.0615 1528  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:03:27.0615 1528  megasas - ok
23:03:27.0630 1528  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:03:27.0646 1528  MegaSR - ok
23:03:27.0661 1528  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:03:27.0677 1528  MMCSS - ok
23:03:27.0708 1528  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:03:27.0708 1528  Modem - ok
23:03:27.0724 1528  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:03:27.0724 1528  monitor - ok
23:03:27.0724 1528  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:03:27.0724 1528  mouclass - ok
23:03:27.0739 1528  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:03:27.0739 1528  mouhid - ok
23:03:27.0755 1528  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:03:27.0755 1528  mountmgr - ok
23:03:27.0786 1528  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:03:27.0786 1528  MozillaMaintenance - ok
23:03:27.0802 1528  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:03:27.0817 1528  mpio - ok
23:03:27.0833 1528  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:03:27.0833 1528  mpsdrv - ok
23:03:27.0880 1528  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:03:27.0895 1528  MpsSvc - ok
23:03:27.0911 1528  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:03:27.0911 1528  MRxDAV - ok
23:03:27.0942 1528  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:03:27.0942 1528  mrxsmb - ok
23:03:27.0973 1528  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:03:27.0989 1528  mrxsmb10 - ok
23:03:28.0005 1528  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:03:28.0005 1528  mrxsmb20 - ok
23:03:28.0020 1528  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:03:28.0020 1528  msahci - ok
23:03:28.0036 1528  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:03:28.0036 1528  msdsm - ok
23:03:28.0051 1528  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:03:28.0051 1528  MSDTC - ok
23:03:28.0083 1528  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:03:28.0083 1528  Msfs - ok
23:03:28.0098 1528  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:03:28.0098 1528  mshidkmdf - ok
23:03:28.0114 1528  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:03:28.0114 1528  msisadrv - ok
23:03:28.0145 1528  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:03:28.0145 1528  MSiSCSI - ok
23:03:28.0145 1528  msiserver - ok
23:03:28.0161 1528  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:03:28.0161 1528  MSKSSRV - ok
23:03:28.0192 1528  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:03:28.0192 1528  MSPCLOCK - ok
23:03:28.0207 1528  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:03:28.0207 1528  MSPQM - ok
23:03:28.0239 1528  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:03:28.0239 1528  MsRPC - ok
23:03:28.0254 1528  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:03:28.0270 1528  mssmbios - ok
23:03:28.0285 1528  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:03:28.0301 1528  MSTEE - ok
23:03:28.0301 1528  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:03:28.0301 1528  MTConfig - ok
23:03:28.0317 1528  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:03:28.0317 1528  Mup - ok
23:03:28.0379 1528  [ BB74024A1D4E4808562C090980151653 ] MyWebSearchService C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
23:03:28.0379 1528  MyWebSearchService - ok
23:03:28.0410 1528  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:03:28.0441 1528  napagent - ok
23:03:28.0473 1528  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:03:28.0473 1528  NativeWifiP - ok
23:03:28.0519 1528  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:03:28.0535 1528  NDIS - ok
23:03:28.0551 1528  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:03:28.0551 1528  NdisCap - ok
23:03:28.0566 1528  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:03:28.0566 1528  NdisTapi - ok
23:03:28.0582 1528  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:03:28.0582 1528  Ndisuio - ok
23:03:28.0597 1528  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:03:28.0613 1528  NdisWan - ok
23:03:28.0629 1528  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:03:28.0629 1528  NDProxy - ok
23:03:28.0644 1528  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:03:28.0644 1528  NetBIOS - ok
23:03:28.0660 1528  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:03:28.0675 1528  NetBT - ok
23:03:28.0691 1528  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:03:28.0691 1528  Netlogon - ok
23:03:28.0722 1528  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:03:28.0722 1528  Netman - ok
23:03:28.0738 1528  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:03:28.0738 1528  netprofm - ok
23:03:28.0769 1528  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:03:28.0769 1528  NetTcpPortSharing - ok
23:03:28.0785 1528  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:03:28.0800 1528  nfrd960 - ok
23:03:28.0816 1528  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:03:28.0831 1528  NlaSvc - ok
23:03:28.0831 1528  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:03:28.0831 1528  Npfs - ok
23:03:28.0863 1528  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:03:28.0863 1528  nsi - ok
23:03:28.0863 1528  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:03:28.0878 1528  nsiproxy - ok
23:03:28.0941 1528  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:03:28.0972 1528  Ntfs - ok
23:03:29.0003 1528  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:03:29.0003 1528  Null - ok
23:03:29.0331 1528  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:03:29.0612 1528  nvlddmkm - ok
23:03:29.0643 1528  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:03:29.0643 1528  nvraid - ok
23:03:29.0674 1528  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:03:29.0674 1528  nvstor - ok
23:03:29.0768 1528  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:03:29.0783 1528  nvsvc - ok
23:03:29.0846 1528  [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:03:29.0877 1528  nvUpdatusService - ok
23:03:29.0892 1528  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:03:29.0892 1528  nv_agp - ok
23:03:29.0924 1528  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:03:29.0924 1528  ohci1394 - ok
23:03:29.0970 1528  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:03:29.0970 1528  ose - ok
23:03:30.0158 1528  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:03:30.0298 1528  osppsvc - ok
23:03:30.0329 1528  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:03:30.0345 1528  p2pimsvc - ok
23:03:30.0376 1528  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:03:30.0392 1528  p2psvc - ok
23:03:30.0407 1528  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
23:03:30.0407 1528  Parport - ok
23:03:30.0438 1528  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:03:30.0438 1528  partmgr - ok
23:03:30.0454 1528  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:03:30.0454 1528  PcaSvc - ok
23:03:30.0470 1528  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
23:03:30.0470 1528  pci - ok
23:03:30.0485 1528  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:03:30.0485 1528  pciide - ok
23:03:30.0501 1528  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:03:30.0501 1528  pcmcia - ok
23:03:30.0516 1528  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:03:30.0532 1528  pcw - ok
23:03:30.0548 1528  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:03:30.0579 1528  PEAUTH - ok
23:03:30.0626 1528  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:03:30.0641 1528  PerfHost - ok
23:03:30.0704 1528  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
23:03:30.0719 1528  pla - ok
23:03:30.0766 1528  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:03:30.0766 1528  PlugPlay - ok
23:03:30.0782 1528  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:03:30.0782 1528  PNRPAutoReg - ok
23:03:30.0797 1528  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:03:30.0797 1528  PNRPsvc - ok
23:03:30.0844 1528  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:03:30.0860 1528  PolicyAgent - ok
23:03:30.0875 1528  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:03:30.0891 1528  Power - ok
23:03:30.0906 1528  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:03:30.0906 1528  PptpMiniport - ok
23:03:30.0938 1528  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
23:03:30.0938 1528  Processor - ok
23:03:30.0969 1528  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:03:30.0969 1528  ProfSvc - ok
23:03:30.0984 1528  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:03:30.0984 1528  ProtectedStorage - ok
23:03:31.0000 1528  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:03:31.0016 1528  Psched - ok
23:03:31.0031 1528  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
23:03:31.0031 1528  PxHlpa64 - ok
23:03:31.0078 1528  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:03:31.0109 1528  ql2300 - ok
23:03:31.0125 1528  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:03:31.0125 1528  ql40xx - ok
23:03:31.0156 1528  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:03:31.0172 1528  QWAVE - ok
23:03:31.0172 1528  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:03:31.0172 1528  QWAVEdrv - ok
23:03:31.0187 1528  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:03:31.0203 1528  RasAcd - ok
23:03:31.0218 1528  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:03:31.0218 1528  RasAgileVpn - ok
23:03:31.0265 1528  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:03:31.0281 1528  RasAuto - ok
23:03:31.0281 1528  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:03:31.0296 1528  Rasl2tp - ok
23:03:31.0312 1528  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:03:31.0312 1528  RasMan - ok
23:03:31.0328 1528  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:03:31.0328 1528  RasPppoe - ok
23:03:31.0343 1528  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:03:31.0359 1528  RasSstp - ok
23:03:31.0390 1528  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:03:31.0390 1528  rdbss - ok
23:03:31.0406 1528  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:03:31.0406 1528  rdpbus - ok
23:03:31.0437 1528  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:03:31.0437 1528  RDPCDD - ok
23:03:31.0452 1528  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:03:31.0452 1528  RDPENCDD - ok
23:03:31.0468 1528  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:03:31.0468 1528  RDPREFMP - ok
23:03:31.0499 1528  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:03:31.0499 1528  RdpVideoMiniport - ok
23:03:31.0530 1528  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:03:31.0530 1528  RDPWD - ok
23:03:31.0562 1528  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:03:31.0562 1528  rdyboost - ok
23:03:31.0593 1528  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:03:31.0593 1528  RemoteAccess - ok
23:03:31.0624 1528  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:03:31.0624 1528  RemoteRegistry - ok
23:03:31.0655 1528  [ AD42432D22940B4215177BE113E4919C ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:03:31.0671 1528  RimUsb - ok
23:03:31.0702 1528  [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
23:03:31.0702 1528  RimVSerPort - ok
23:03:31.0733 1528  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
23:03:31.0733 1528  ROOTMODEM - ok
23:03:31.0749 1528  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:03:31.0749 1528  RpcEptMapper - ok
23:03:31.0780 1528  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:03:31.0780 1528  RpcLocator - ok
23:03:31.0796 1528  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
23:03:31.0811 1528  RpcSs - ok
23:03:31.0811 1528  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:03:31.0827 1528  rspndr - ok
23:03:31.0827 1528  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
23:03:31.0827 1528  SamSs - ok
23:03:31.0842 1528  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:03:31.0842 1528  sbp2port - ok
23:03:31.0858 1528  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:03:31.0874 1528  SCardSvr - ok
23:03:31.0889 1528  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:03:31.0889 1528  scfilter - ok
23:03:31.0936 1528  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:03:31.0967 1528  Schedule - ok
23:03:31.0998 1528  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:03:31.0998 1528  SCPolicySvc - ok
23:03:32.0014 1528  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:03:32.0014 1528  SDRSVC - ok
23:03:32.0030 1528  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:03:32.0030 1528  secdrv - ok
23:03:32.0045 1528  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:03:32.0045 1528  seclogon - ok
23:03:32.0061 1528  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
23:03:32.0061 1528  SENS - ok
23:03:32.0108 1528  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:03:32.0108 1528  SensrSvc - ok
23:03:32.0123 1528  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:03:32.0123 1528  Serenum - ok
23:03:32.0139 1528  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
23:03:32.0139 1528  Serial - ok
23:03:32.0154 1528  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:03:32.0154 1528  sermouse - ok
23:03:32.0186 1528  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:03:32.0186 1528  SessionEnv - ok
23:03:32.0201 1528  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:03:32.0201 1528  sffdisk - ok
23:03:32.0217 1528  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:03:32.0217 1528  sffp_mmc - ok
23:03:32.0248 1528  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:03:32.0248 1528  sffp_sd - ok
23:03:32.0264 1528  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:03:32.0264 1528  sfloppy - ok
23:03:32.0295 1528  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:03:32.0295 1528  SharedAccess - ok
23:03:32.0310 1528  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:03:32.0326 1528  ShellHWDetection - ok
23:03:32.0342 1528  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:03:32.0342 1528  SiSRaid2 - ok
23:03:32.0357 1528  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:03:32.0357 1528  SiSRaid4 - ok
23:03:32.0404 1528  [ FF0DB4D9A08864A5C7B67477CD8E3B2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:03:32.0404 1528  SkypeUpdate - ok
23:03:32.0420 1528  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:03:32.0420 1528  Smb - ok
23:03:32.0435 1528  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:03:32.0435 1528  SNMPTRAP - ok
23:03:32.0451 1528  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:03:32.0451 1528  spldr - ok
23:03:32.0482 1528  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
23:03:32.0498 1528  Spooler - ok
23:03:32.0576 1528  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:03:32.0638 1528  sppsvc - ok
23:03:32.0669 1528  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:03:32.0669 1528  sppuinotify - ok
23:03:32.0700 1528  [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd            C:\Windows\system32\Drivers\sptd.sys
23:03:32.0700 1528  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
23:03:32.0716 1528  sptd ( LockedFile.Multi.Generic ) - warning
23:03:32.0716 1528  sptd - detected LockedFile.Multi.Generic (1)
23:03:32.0747 1528  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:03:32.0763 1528  srv - ok
23:03:32.0794 1528  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:03:32.0794 1528  srv2 - ok
23:03:32.0810 1528  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:03:32.0810 1528  srvnet - ok
23:03:32.0841 1528  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:03:32.0856 1528  SSDPSRV - ok
23:03:32.0872 1528  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:03:32.0872 1528  SstpSvc - ok
23:03:32.0903 1528  [ EA8F41484CCC5BA6A1455C2AD3D1BE3C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
23:03:32.0903 1528  ssudmdm - ok
23:03:32.0966 1528  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:03:32.0981 1528  Stereo Service - ok
23:03:33.0012 1528  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:03:33.0012 1528  stexstor - ok
23:03:33.0044 1528  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:03:33.0059 1528  stisvc - ok
23:03:33.0075 1528  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:03:33.0075 1528  swenum - ok
23:03:33.0122 1528  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:03:33.0137 1528  swprv - ok
23:03:33.0184 1528  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
23:03:33.0215 1528  SysMain - ok
23:03:33.0231 1528  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:03:33.0262 1528  TabletInputService - ok
23:03:33.0278 1528  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:03:33.0278 1528  TapiSrv - ok
23:03:33.0293 1528  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:03:33.0293 1528  TBS - ok
23:03:33.0356 1528  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:03:33.0387 1528  Tcpip - ok
23:03:33.0434 1528  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:03:33.0434 1528  TCPIP6 - ok
23:03:33.0480 1528  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:03:33.0480 1528  tcpipreg - ok
23:03:33.0512 1528  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:03:33.0512 1528  TDPIPE - ok
23:03:33.0543 1528  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:03:33.0543 1528  TDTCP - ok
23:03:33.0558 1528  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:03:33.0558 1528  tdx - ok
23:03:33.0574 1528  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:03:33.0574 1528  TermDD - ok
23:03:33.0605 1528  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
23:03:33.0621 1528  TermService - ok
23:03:33.0636 1528  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:03:33.0636 1528  Themes - ok
23:03:33.0652 1528  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:03:33.0652 1528  THREADORDER - ok
23:03:33.0668 1528  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:03:33.0668 1528  TrkWks - ok
23:03:33.0714 1528  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:03:33.0714 1528  TrustedInstaller - ok
23:03:33.0730 1528  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:03:33.0730 1528  tssecsrv - ok
23:03:33.0761 1528  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:03:33.0761 1528  TsUsbFlt - ok
23:03:33.0777 1528  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:03:33.0792 1528  TsUsbGD - ok
23:03:33.0902 1528  [ DD296C78B0D2C3F5E42DC0D2972CD992 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
23:03:33.0948 1528  TuneUp.UtilitiesSvc - ok
23:03:33.0980 1528  [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
23:03:33.0980 1528  TuneUpUtilitiesDrv - ok
23:03:34.0011 1528  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:03:34.0011 1528  tunnel - ok
23:03:34.0042 1528  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:03:34.0042 1528  uagp35 - ok
23:03:34.0058 1528  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:03:34.0073 1528  udfs - ok
23:03:34.0104 1528  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:03:34.0104 1528  UI0Detect - ok
23:03:34.0120 1528  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:03:34.0120 1528  uliagpkx - ok
23:03:34.0136 1528  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:03:34.0136 1528  umbus - ok
23:03:34.0151 1528  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:03:34.0151 1528  UmPass - ok
23:03:34.0182 1528  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:03:34.0182 1528  upnphost - ok
23:03:34.0214 1528  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:03:34.0229 1528  USBAAPL64 - ok
23:03:34.0260 1528  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:03:34.0260 1528  usbaudio - ok
23:03:34.0307 1528  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:03:34.0307 1528  usbccgp - ok
23:03:34.0323 1528  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:03:34.0323 1528  usbcir - ok
23:03:34.0354 1528  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:03:34.0354 1528  usbehci - ok
23:03:34.0385 1528  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:03:34.0385 1528  usbhub - ok
23:03:34.0416 1528  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:03:34.0416 1528  usbohci - ok
23:03:34.0432 1528  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:03:34.0432 1528  usbprint - ok
23:03:34.0463 1528  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:03:34.0463 1528  usbscan - ok
23:03:34.0479 1528  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:03:34.0479 1528  USBSTOR - ok
23:03:34.0494 1528  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:03:34.0494 1528  usbuhci - ok
23:03:34.0526 1528  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:03:34.0541 1528  usbvideo - ok
23:03:34.0557 1528  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:03:34.0557 1528  UxSms - ok
23:03:34.0572 1528  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:03:34.0572 1528  VaultSvc - ok
23:03:34.0588 1528  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:03:34.0588 1528  vdrvroot - ok
23:03:34.0604 1528  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
23:03:34.0619 1528  vds - ok
23:03:34.0635 1528  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:03:34.0650 1528  vga - ok
23:03:34.0666 1528  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:03:34.0666 1528  VgaSave - ok
23:03:34.0682 1528  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:03:34.0682 1528  vhdmp - ok
23:03:34.0697 1528  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:03:34.0713 1528  viaide - ok
23:03:34.0713 1528  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:03:34.0713 1528  volmgr - ok
23:03:34.0744 1528  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:03:34.0744 1528  volmgrx - ok
23:03:34.0760 1528  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:03:34.0760 1528  volsnap - ok
23:03:34.0775 1528  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:03:34.0775 1528  vsmraid - ok
23:03:34.0838 1528  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
23:03:34.0900 1528  VSS - ok
23:03:34.0916 1528  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:03:34.0916 1528  vwifibus - ok
23:03:34.0931 1528  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:03:34.0947 1528  W32Time - ok
23:03:34.0962 1528  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:03:34.0978 1528  WacomPen - ok
23:03:35.0025 1528  [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
23:03:35.0025 1528  WajamUpdater - ok
23:03:35.0040 1528  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:03:35.0040 1528  WANARP - ok
23:03:35.0056 1528  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:03:35.0056 1528  Wanarpv6 - ok
23:03:35.0103 1528  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:03:35.0134 1528  WatAdminSvc - ok
23:03:35.0181 1528  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:03:35.0212 1528  wbengine - ok
23:03:35.0243 1528  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:03:35.0243 1528  WbioSrvc - ok
23:03:35.0259 1528  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:03:35.0259 1528  wcncsvc - ok
23:03:35.0274 1528  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:03:35.0274 1528  WcsPlugInService - ok
23:03:35.0306 1528  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
23:03:35.0306 1528  Wd - ok
23:03:35.0352 1528  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:03:35.0368 1528  Wdf01000 - ok
23:03:35.0384 1528  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:03:35.0384 1528  WdiServiceHost - ok
23:03:35.0384 1528  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:03:35.0399 1528  WdiSystemHost - ok
23:03:35.0415 1528  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
23:03:35.0415 1528  WebClient - ok
23:03:35.0430 1528  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:03:35.0430 1528  Wecsvc - ok
23:03:35.0446 1528  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:03:35.0446 1528  wercplsupport - ok
23:03:35.0462 1528  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:03:35.0462 1528  WerSvc - ok
23:03:35.0508 1528  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:03:35.0508 1528  WfpLwf - ok
23:03:35.0524 1528  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:03:35.0524 1528  WIMMount - ok
23:03:35.0555 1528  WinDefend - ok
23:03:35.0555 1528  WinHttpAutoProxySvc - ok
23:03:35.0618 1528  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:03:35.0618 1528  Winmgmt - ok
23:03:35.0664 1528  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
23:03:35.0711 1528  WinRM - ok
23:03:35.0758 1528  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:03:35.0774 1528  WinUsb - ok
23:03:35.0805 1528  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:03:35.0820 1528  Wlansvc - ok
23:03:35.0867 1528  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:03:35.0867 1528  wlcrasvc - ok
23:03:35.0992 1528  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:03:36.0054 1528  wlidsvc - ok
23:03:36.0086 1528  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:03:36.0086 1528  WmiAcpi - ok
23:03:36.0117 1528  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:03:36.0132 1528  wmiApSrv - ok
23:03:36.0148 1528  WMPNetworkSvc - ok
23:03:36.0164 1528  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:03:36.0164 1528  WPCSvc - ok
23:03:36.0179 1528  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:03:36.0179 1528  WPDBusEnum - ok
23:03:36.0195 1528  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:03:36.0195 1528  ws2ifsl - ok
23:03:36.0226 1528  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
23:03:36.0226 1528  wscsvc - ok
23:03:36.0242 1528  WSearch - ok
23:03:36.0335 1528  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:03:36.0413 1528  wuauserv - ok
23:03:36.0429 1528  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:03:36.0444 1528  WudfPf - ok
23:03:36.0476 1528  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:03:36.0476 1528  WUDFRd - ok
23:03:36.0491 1528  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:03:36.0507 1528  wudfsvc - ok
23:03:36.0522 1528  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:03:36.0538 1528  WwanSvc - ok
23:03:36.0585 1528  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
23:03:36.0585 1528  yukonw7 - ok
23:03:36.0600 1528  ================ Scan global ===============================
23:03:36.0632 1528  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:03:36.0647 1528  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:03:36.0663 1528  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:03:36.0694 1528  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:03:36.0725 1528  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:03:36.0725 1528  [Global] - ok
23:03:36.0725 1528  ================ Scan MBR ==================================
23:03:36.0741 1528  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:03:36.0912 1528  \Device\Harddisk0\DR0 - ok
23:03:36.0912 1528  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
23:03:36.0928 1528  \Device\Harddisk1\DR1 - ok
23:03:36.0928 1528  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk6\DR6
23:03:36.0944 1528  \Device\Harddisk6\DR6 - ok
23:03:36.0944 1528  ================ Scan VBR ==================================
23:03:36.0944 1528  [ 5E1FFDA03ADF716325B3EEBDA320AD70 ] \Device\Harddisk0\DR0\Partition1
23:03:36.0944 1528  \Device\Harddisk0\DR0\Partition1 - ok
23:03:36.0959 1528  [ F0DB76EEA7384EAFEFA271B4C132FE2D ] \Device\Harddisk1\DR1\Partition1
23:03:36.0959 1528  \Device\Harddisk1\DR1\Partition1 - ok
23:03:36.0959 1528  [ 2CA56DCF83E1A4BF11BF562A88793243 ] \Device\Harddisk6\DR6\Partition1
23:03:36.0959 1528  \Device\Harddisk6\DR6\Partition1 - ok
23:03:36.0959 1528  ============================================================
23:03:36.0959 1528  Scan finished
23:03:36.0959 1528  ============================================================
23:03:36.0975 5116  Detected object count: 1
23:03:36.0975 5116  Actual detected object count: 1
23:05:26.0097 5116  C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
23:05:26.0097 5116  sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
23:05:43.0413 3392  Deinitialize success
 



#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 09 July 2013 - 06:40 PM

Please post the other logs as well whenever possible. :)


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 dann

dann

    New Member

  • Members
  • Pip
  • 7 posts

Posted 09 July 2013 - 06:58 PM

will do when the scans are all done :)



#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 09 July 2013 - 07:39 PM

Sounds good. Keep me posted. :)


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 40,904 posts
  • Gender:Male
  • Location:US

Posted 12 July 2013 - 07:31 PM

Are you still with us?


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#14 dann

dann

    New Member

  • Members
  • Pip
  • 7 posts

Posted 13 July 2013 - 05:06 AM

Yes... The main drive died (old pc) so had to get new HDD...... Thank you for your help anyway :)



#15 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 40,904 posts
  • Gender:Male
  • Location:US

Posted 16 July 2013 - 03:27 AM

Thank you for the follow-up reply.  I'll close your topic now.


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#16 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 40,904 posts
  • Gender:Male
  • Location:US

Posted 16 July 2013 - 03:27 AM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users