TechSpot

AVG secure search virus or clone mailer problem.

Solved
By glhglh
Feb 20, 2013
  1. We allowed my brother inlaw to get to the internet through our network. somehow he loaded a program that seems to have set up a clone drive on his computer (and on our server), along with a mass email sender program. I've been trying to delete the programs for a couple of days.

    I disconected his notebook from the network, and am trying to clean his compter first. Is computer we'll call RR HPnotebook.

    The result from the Mbam scan on RR is:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org


    Database version: v2013.02.20.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Randy :: HP-RANDY [administrator]


    2/20/2013 10:12:51 AM
    mbam-log-2013-02-20 (10-12-51).txt


    Scan type: Full scan (C:\|D:\|E:\|Q:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 337881
    Time elapsed: 44 minute(s), 59 second(s)


    Memory Processes Detected: 0
    (No malicious items detected)


    Memory Modules Detected: 0
    (No malicious items detected)


    Registry Keys Detected: 0
    (No malicious items detected)


    Registry Values Detected: 0
    (No malicious items detected)


    Registry Data Items Detected: 0
    (No malicious items detected)


    Folders Detected: 0
    (No malicious items detected)


    Files Detected: 0
    (No malicious items detected)


    (end)

    The result of the dss:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464
    Run by Randy at 11:01:57 on 2013-02-20
    #Option Extended Search is enabled.
    #Option Whitelisting is disabled.
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.1546 [GMT -8:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=32
    uLocal Page = C:\Windows\System32\blank.htm
    uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    uDefault_Page_URL = hxxp://g.msn.com/HPNOT/1
    mStart Page = hxxp://g.msn.com/HPNOT/1
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    mDefault_Page_URL = hxxp://g.msn.com/HPNOT/1
    mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
    mWinlogon: Shell = explorer.exe
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    uRun: [BYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: ForceActiveDesktopOn = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableInstallerDetection = dword:1
    mPolicies-System: EnableLUA = dword:1
    mPolicies-System: EnableSecureUIAPaths = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: EnableVirtualization = dword:1
    mPolicies-System: PromptOnSecureDesktop = dword:1
    mPolicies-System: ValidateAdminCodeSignatures = dword:0
    mPolicies-System: dontdisplaylastusername = dword:0
    mPolicies-System: scforceoption = dword:0
    mPolicies-System: shutdownwithoutlogon = dword:1
    mPolicies-System: undockwithoutlogon = dword:1
    mPolicies-System: FilterAdministratorToken = dword:0
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    LSP: %SystemRoot%\system32\mswsock.dll
    TCP: NameServer = 192.168.1.5
    TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8} : DHCPNameServer = 192.168.1.5
    TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\14344594F4E4455434 : DHCPNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\25963656027457563747 : DHCPNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\641627D6 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{797FC918-2A02-4A5F-9F81-CC4932956EA0} : DHCPNameServer = 192.168.0.1
    Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
    Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
    Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
    Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
    Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    SSODL: WebCheck - <orphaned>
    SecurityProviders: SecurityProviders = credssp.dll
    LSA: Authentication Packages = msv1_0
    LSA: Notification Packages = scecli
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
    mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
    mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\Windows\System32\themeui.dll
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
    x64-mStart Page = hxxp://g.msn.com/HPNOT/1
    x64-mLocal Page = C:\Windows\System32\blank.htm
    x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    x64-mDefault_Page_URL = hxxp://g.msn.com/HPNOT/1
    x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    x64-mWinlogon: Shell = explorer.exe
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
    x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
    x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
    x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
    x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
    x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
    x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
    x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
    x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\Windows\System32\themeui.dll
    x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
    x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
    x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2010-11-20 334208]
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872]
    R0 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2012-3-1 107904]
    R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2012-3-1 27008]
    R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]
    R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]
    R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2013-2-1 458712]
    R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]
    R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]
    R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
    R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2010-11-20 289664]
    R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2010-11-20 223248]
    R0 hpdskflt;HP Filter;C:\Windows\System32\drivers\hpdskflt.sys [2011-5-13 30008]
    R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
    R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-11-16 95600]
    R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2013-2-1 154480]
    R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2010-11-20 94592]
    R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
    R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]
    R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-11-16 950128]
    R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-11-16 75120]
    R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2010-11-20 184704]
    R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]
    R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
    R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
    R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-2-13 1913192]
    R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
    R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2010-11-20 71552]
    R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
    R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2012-3-1 296320]
    R0 Wd;Microsoft Watchdog Timer Driver;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]
    R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-11-19 785512]
    R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-6-26 498688]
    R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]
    R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
    R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2010-11-20 147456]
    R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2010-11-20 102400]
    R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]
    R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]
    R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]
    R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]
    R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2010-11-20 261632]
    R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]
    R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
    R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]
    R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2010-11-20 131584]
    R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2010-11-20 309248]
    R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]
    R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
    R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
    R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2010-11-20 119296]
    R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2010-11-20 63360]
    R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-20 88576]
    R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-10 235520]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-10 361984]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-1-19 106144]
    R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
    R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
    R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
    R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    R2 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k GPSvcGroup [2009-7-13 27136]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-11-22 227896]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-11-29 34872]
    R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
    R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]
    R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]
    R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2012-6-26 138760]
    R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-13 651264]
    R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
    R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
    R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
    R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]
    R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]
    R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-6-26 31232]
    R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]
    R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-11-16 559104]
    R2 STacSV;Audio Service;C:\Program Files\IDT\WDM\stacsv64.exe [2012-6-26 311808]
    R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-11-16 45568]
    R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-3-28 2292096]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2010-11-20 1525248]
    R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2012-3-1 591872]
    R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880]
    R3 Accelerometer;HP Mobile Data Protection Sensor;C:\Windows\System32\drivers\Accelerometer.sys [2011-5-13 43320]
    R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-6-26 46136]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-2-10 10825216]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-2-10 328704]
    R3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]
    R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-1-19 36000]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\System32\drivers\athrx.sys [2012-6-26 2801664]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120]
    R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2012-3-1 90624]
    R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-1-19 339616]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-1-19 110752]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-1-19 30368]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-1-19 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-1-19 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-1-19 280992]
    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-1-19 550560]
    R3 BthEnum;Bluetooth Request Block Driver;C:\Windows\System32\drivers\bthenum.sys [2009-7-13 41984]
    R3 BthPan;Bluetooth Device (Personal Area Network);C:\Windows\System32\drivers\bthpan.sys [2009-7-13 118784]
    R3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]
    R3 BTHUSB;Bluetooth Radio USB Driver;C:\Windows\System32\drivers\BTHUSB.SYS [2012-3-1 80384]
    R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1301000.01C\ccSetx64.sys [2012-6-26 167048]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]
    R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2010-11-20 38912]
    R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2012-3-1 983920]
    R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R3 eeCtrl;Symantec Eraser Control driver;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-12-5 484512]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-5 138912]
    R3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]
    R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-11-20 42856]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2010-11-20 122368]
    R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2010-11-20 30208]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
    R3 hpqwmiex;HP Software Framework Service;C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-11-22 981048]
    R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2010-11-20 753664]
    R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]
    R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSviA64.sys [2013-2-20 513184]
    R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]
    R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-6-26 31232]
    R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]
    R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]
    R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]
    R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]
    R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
    R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2012-3-1 158208]
    R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2012-3-1 288768]
    R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2012-3-1 128000]
    R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]
    R3 NAVENG;NAVENG;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\eng64.sys [2013-2-20 126192]
    R3 NAVEX15;NAVEX15;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\ex64.sys [2013-2-20 2087664]
    R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]
    R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2010-11-20 56832]
    R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2010-11-20 164352]
    R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2010-11-20 57856]
    R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2012-11-16 1659760]
    R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]
    R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2010-11-20 111104]
    R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
    R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2010-11-20 129536]
    R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]
    R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]
    R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\Windows\System32\drivers\rfcomm.sys [2009-7-13 158720]
    R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-26 258664]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-26 565352]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 SRTSP;Symantec Real Time Storage Protection x64;C:\Windows\System32\drivers\NISx64\1301000.01C\srtsp64.sys [2012-6-26 729720]
    R3 SRTSPX;Symantec Real Time Storage Protection (PEL) x64;C:\Windows\System32\drivers\NISx64\1301000.01C\srtspx64.sys [2012-6-26 37496]
    R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2012-3-1 467456]
    R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2012-3-1 410112]
    R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2012-3-1 168448]
    R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    R3 STHDA;IDT High Definition Audio CODEC;C:\Windows\System32\drivers\stwrt64.sys [2012-6-26 535552]
    R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]
    R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1301000.01C\SymDS64.sys [2012-6-26 451192]
    R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1301000.01C\SymEFA64.sys [2012-6-26 1084536]
    R3 SymEvent;SymEvent;C:\Windows\System32\drivers\SYMEVENT64x86.SYS [2012-6-26 174200]
    R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\Ironx64.sys [2012-6-26 189560]
    R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\symnets.sys [2012-6-26 401016]
    R3 SynTP;Synaptics TouchPad Driver;C:\Windows\System32\drivers\SynTP.sys [2011-10-14 396848]
    R3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2010-11-20 125440]
    R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2010-11-20 48640]
    R3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2012-3-1 52736]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-26 56448]
    R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2012-3-1 343040]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2012-3-1 25600]

    More to come;
  2. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    We allowed my brother inlaw to get to the internet through our network. somehow he loaded a program that seems to have set up a clone drive on his computer (and on our server), along with a mass email sender program. I've been trying to delete the programs for a couple of days.
    I disconected his notebook from the network, and am trying to clean his compter first. Is computer we'll call RR HPnotebook.
    The result from the Mbam scan on RR is:
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.20.06
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Randy :: HP-RANDY [administrator]

    2/20/2013 10:12:51 AM
    mbam-log-2013-02-20 (10-12-51).txt

    Scan type: Full scan (C:\|D:\|E:\|Q:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 337881
    Time elapsed: 44 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    The result of the dss:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464
    Run by Randy at 11:01:57 on 2013-02-20
    #Option Extended Search is enabled.
    #Option Whitelisting is disabled.
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.1546 [GMT -8:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=32
    uLocal Page = C:\Windows\System32\blank.htm
    uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    uDefault_Page_URL = hxxp://g.msn.com/HPNOT/1
    mStart Page = hxxp://g.msn.com/HPNOT/1
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    mDefault_Page_URL = hxxp://g.msn.com/HPNOT/1
    mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
    mWinlogon: Shell = explorer.exe
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    uRun: [BYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: ForceActiveDesktopOn = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableInstallerDetection = dword:1
    mPolicies-System: EnableLUA = dword:1
    mPolicies-System: EnableSecureUIAPaths = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: EnableVirtualization = dword:1
    mPolicies-System: PromptOnSecureDesktop = dword:1
    mPolicies-System: ValidateAdminCodeSignatures = dword:0
    mPolicies-System: dontdisplaylastusername = dword:0
    mPolicies-System: scforceoption = dword:0
    mPolicies-System: shutdownwithoutlogon = dword:1
    mPolicies-System: undockwithoutlogon = dword:1
    mPolicies-System: FilterAdministratorToken = dword:0
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    LSP: %SystemRoot%\system32\mswsock.dll
    TCP: NameServer = 192.168.1.5
    TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8} : DHCPNameServer = 192.168.1.5
    TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\14344594F4E4455434 : DHCPNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\25963656027457563747 : DHCPNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\641627D6 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{797FC918-2A02-4A5F-9F81-CC4932956EA0} : DHCPNameServer = 192.168.0.1
    Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
    Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
    Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
    Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
    Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    SSODL: WebCheck - <orphaned>
    SecurityProviders: SecurityProviders = credssp.dll
    LSA: Authentication Packages = msv1_0
    LSA: Notification Packages = scecli
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
    mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
    mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\Windows\System32\themeui.dll
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
    x64-mStart Page = hxxp://g.msn.com/HPNOT/1
    x64-mLocal Page = C:\Windows\System32\blank.htm
    x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    x64-mDefault_Page_URL = hxxp://g.msn.com/HPNOT/1
    x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    x64-mWinlogon: Shell = explorer.exe
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
    x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
    x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
    x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
    x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
    x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
    x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
    x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
    x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\Windows\System32\themeui.dll
    x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
    x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
    x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2010-11-20 334208]
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872]
    R0 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2012-3-1 107904]
    R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2012-3-1 27008]
    R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]
    R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]
    R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2013-2-1 458712]
    R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]
    R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]
    R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
    R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2010-11-20 289664]
    R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2010-11-20 223248]
    R0 hpdskflt;HP Filter;C:\Windows\System32\drivers\hpdskflt.sys [2011-5-13 30008]
    R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
    R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-11-16 95600]
    R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2013-2-1 154480]
    R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2010-11-20 94592]
    R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
    R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]
    R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-11-16 950128]
    R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-11-16 75120]
    R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2010-11-20 184704]
    R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]
    R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
    R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
    R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-2-13 1913192]
    R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
    R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2010-11-20 71552]
    R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
    R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2012-3-1 296320]
    R0 Wd;Microsoft Watchdog Timer Driver;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]
    R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-11-19 785512]
    R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-6-26 498688]
    R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]
    R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
    R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2010-11-20 147456]
    R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2010-11-20 102400]
    R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]
    R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]
    R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]
    R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]
    R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2010-11-20 261632]
    R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]
    R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
    R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]
    R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2010-11-20 131584]
    R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2010-11-20 309248]
    R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]
    R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
    R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
    R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2010-11-20 119296]
    R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2010-11-20 63360]
    R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-20 88576]
    R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-10 235520]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-10 361984]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-1-19 106144]
    R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
    R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
    R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
    R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    R2 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k GPSvcGroup [2009-7-13 27136]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-11-22 227896]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-11-29 34872]
    R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
    R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]
    R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]
    R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2012-6-26 138760]
    R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-13 651264]
    R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
    R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
    R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
    R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]
    R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]
    R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-6-26 31232]
    R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]
    R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-11-16 559104]
    R2 STacSV;Audio Service;C:\Program Files\IDT\WDM\stacsv64.exe [2012-6-26 311808]
    R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-11-16 45568]
    R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-3-28 2292096]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2010-11-20 1525248]
    R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2012-3-1 591872]
    R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880]
    R3 Accelerometer;HP Mobile Data Protection Sensor;C:\Windows\System32\drivers\Accelerometer.sys [2011-5-13 43320]
    R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-6-26 46136]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-2-10 10825216]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-2-10 328704]
    R3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]
    R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-1-19 36000]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\System32\drivers\athrx.sys [2012-6-26 2801664]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120]
    R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2012-3-1 90624]
    R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-1-19 339616]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-1-19 110752]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-1-19 30368]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-1-19 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-1-19 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-1-19 280992]
    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-1-19 550560]
    R3 BthEnum;Bluetooth Request Block Driver;C:\Windows\System32\drivers\bthenum.sys [2009-7-13 41984]
    R3 BthPan;Bluetooth Device (Personal Area Network);C:\Windows\System32\drivers\bthpan.sys [2009-7-13 118784]
    R3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]
    R3 BTHUSB;Bluetooth Radio USB Driver;C:\Windows\System32\drivers\BTHUSB.SYS [2012-3-1 80384]
    R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1301000.01C\ccSetx64.sys [2012-6-26 167048]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]
    R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2010-11-20 38912]
    R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2012-3-1 983920]
    R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R3 eeCtrl;Symantec Eraser Control driver;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-12-5 484512]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-5 138912]
    R3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]
    R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-11-20 42856]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2010-11-20 122368]
    R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2010-11-20 30208]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
    R3 hpqwmiex;HP Software Framework Service;C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-11-22 981048]
    R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2010-11-20 753664]
    R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]
    R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSviA64.sys [2013-2-20 513184]
    R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]
    R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-6-26 31232]
    R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]
    R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]
    R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]
    R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]
    R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
    R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2012-3-1 158208]
    R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2012-3-1 288768]
    R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2012-3-1 128000]
    R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]
    R3 NAVENG;NAVENG;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\eng64.sys [2013-2-20 126192]
    R3 NAVEX15;NAVEX15;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\ex64.sys [2013-2-20 2087664]
    R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]
    R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2010-11-20 56832]
    R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2010-11-20 164352]
    R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2010-11-20 57856]
    R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2012-11-16 1659760]
    R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]
    R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2010-11-20 111104]
    R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
    R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2010-11-20 129536]
    R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]
    R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]
    R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\Windows\System32\drivers\rfcomm.sys [2009-7-13 158720]
    R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-26 258664]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-26 565352]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 SRTSP;Symantec Real Time Storage Protection x64;C:\Windows\System32\drivers\NISx64\1301000.01C\srtsp64.sys [2012-6-26 729720]
    R3 SRTSPX;Symantec Real Time Storage Protection (PEL) x64;C:\Windows\System32\drivers\NISx64\1301000.01C\srtspx64.sys [2012-6-26 37496]
    R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2012-3-1 467456]
    R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2012-3-1 410112]
    R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2012-3-1 168448]
    R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    R3 STHDA;IDT High Definition Audio CODEC;C:\Windows\System32\drivers\stwrt64.sys [2012-6-26 535552]
    R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]
    R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1301000.01C\SymDS64.sys [2012-6-26 451192]
    R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1301000.01C\SymEFA64.sys [2012-6-26 1084536]
    R3 SymEvent;SymEvent;C:\Windows\System32\drivers\SYMEVENT64x86.SYS [2012-6-26 174200]
    R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\Ironx64.sys [2012-6-26 189560]
    R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\symnets.sys [2012-6-26 401016]
    R3 SynTP;Synaptics TouchPad Driver;C:\Windows\System32\drivers\SynTP.sys [2011-10-14 396848]
    R3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    R3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2010-11-20 125440]
    R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2010-11-20 48640]
    R3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2012-3-1 52736]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-26 56448]
    R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2012-3-1 343040]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2012-3-1 25600]
  3. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Attach log:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/15/2012 2:41:45 PM
    System Uptime: 2/20/2013 8:39:23 AM (3 hours ago)
    .
    Motherboard: Hewlett-Packard | | 184B
    Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics | Socket FT1 | 2700/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 445 GiB total, 393.408 GiB free.
    D: is FIXED (NTFS) - 20 GiB total, 2.19 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP27: 1/30/2013 2:28:34 PM - Scheduled Checkpoint
    RP28: 1/31/2013 10:00:03 PM - avast! Free Antivirus Setup
    RP29: 2/1/2013 12:33:00 PM - avast! Free Antivirus Setup
    RP30: 2/1/2013 9:24:00 PM - Windows Update
    RP31: 2/5/2013 1:06:14 PM - Installed Microsoft Office Word Viewer 2003
    RP32: 2/7/2013 12:32:49 AM - Windows Update
    RP33: 2/14/2013 12:04:50 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.5) MUI
    Adobe Shockwave Player 11.6
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Fuel
    AMD Steady Video Plug-In
    AMD VISION Engine Control Center
    Atheros Bluetooth Suite (64)
    Atheros Driver Installation Program
    Bejeweled 3
    Bing Bar
    Blackhawk Striker 2
    Blio
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Cradle of Rome 2
    CyberLink YouCam
    D3DX10
    DHTML Editing Component
    Dora's World Adventure
    ESU for Microsoft Windows 7 SP1
    Evernote v. 4.5.2
    Farm Frenzy
    Farmscapes
    FATE
    Final Drive Fury
    Google Chrome
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.2.0
    Hoyle Card Games
    HP 3D DriveGuard
    HP Application Assistant
    HP Auto
    HP Client Services
    HP Connection Manager
    HP CoolSense
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP Launch Box
    HP MovieStore
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Recovery Manager
    HP Security Assistant
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    IDT Audio
    Jewel Match 3
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    John Deere Drive Green
    Junk Mail filter update
    Letters from Nowhere 2
    LG United Mobile Driver
    LG Verizon United Drivers
    Luxor HD
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Internet Security
    opensource
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    RollerCoaster Tycoon 3: Platinum
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Skype™ 5.10
    swMSM
    Synaptics Pointing Device Driver
    The Treasures of Mystery Island: The Ghost Ship
    Torchlight
    Turbo Lister 2
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    WildTangent Games App (HP Games)
    WinALDL
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Toolbar
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/16/2013 2:07:37 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {69B37063-2BB6-43B5-A109-60E69A77840F} and APPID {CD11FAB6-1C0E-45E1-BA31-5C6008EF2607} to the user HP-Randy\Randy SID (S-1-5-21-2783097096-289569773-1546617986-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/14/2013 8:08:57 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3973625B-D550-4482-8626-055C851FA7F8} because another computer on the network has the same name. The server could not start.
    2/13/2013 4:07:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user HP-Randy\Randy SID (S-1-5-21-2783097096-289569773-1546617986-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/13/2013 4:07:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user HP-Randy\Randy SID (S-1-5-21-2783097096-289569773-1546617986-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/13/2013 1:15:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user HP-Randy\Randy SID (S-1-5-21-2783097096-289569773-1546617986-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================

    I will try to get everything off of this RRnotebook, then the server (Server 2003 we used in our 2 1 person businesses, but still use even after I have retired).
  4. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    [​IMG] Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    You posted partial DDS.txt log twice. I need to see entire log.
  5. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Believe it or not, I was trying to not make that mistake. copied it to a word file for a word count, deleted the first post, then made the second post. It happened when I changed browsers, even last year, when I tried to post a long post on TS, my computer would freeze for a long time. doesn't happen in chrome.

    Here is the post:

    2nd half of DSS
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2012-3-1 25600]
    R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-13 24576]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    R3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-13 14336]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-1-3 116648]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2010-11-20 3524608]
    S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2010-11-20 229888]
    S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2010-11-20 12800]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-1 251248]
    S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
    S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
    S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
    S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-13 61008]
    S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-13 79360]
    S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-13 15440]
    S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-13 15440]
    S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-13 64512]
    S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
    S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2010-11-20 61440]
    S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
    S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-1-19 51872]
    S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]
    S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
    S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
    S3 BCM43XX;Broadcom 802.11 Network Adapter Driver;C:\Windows\System32\drivers\BCMWL664.SYS [2009-6-10 1311232]
    S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]
    S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]
    S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-13 286720]
    S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]
    S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-13 14720]
    S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-13 72192]
    S3 BTHPORT;Bluetooth Port Driver;C:\Windows\System32\drivers\bthport.sys [2012-11-16 552960]
    S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-13 45568]
    S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-13 17488]
    S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
    S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]
    S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-13 5632]
    S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
    S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-6-26 31232]
    S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2010-11-20 696832]
    S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-13 127488]
    S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
    S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-13 9728]
    S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-13 195072]
    S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2010-11-20 689152]
    S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-13 29696]
    S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-13 34304]
    S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-13 24576]
    S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-13 55376]
    S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-13 65088]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-1-3 116648]
    S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
    S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2010-11-20 350208]
    S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-13 26624]
    S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-13 100864]
    S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-13 46592]
    S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2010-11-20 78720]
    S3 iaStorV;iaStorV;C:\Windows\System32\drivers\iaStorV.sys [2012-3-1 410496]
    S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2010-11-20 856400]
    S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
    S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-13 16960]
    S3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-13 62464]
    S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2010-11-20 82944]
    S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2010-11-20 78848]
    S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-13 116224]
    S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-13 17920]
    S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-13 20544]
    S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2010-11-20 273792]
    S3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2010-11-20 33280]
    S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]
    S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-1-19 36128]
    S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
    S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
    S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
    S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
    S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
    S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
    S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-13 40448]
    S3 mpio;mpio;C:\Windows\System32\drivers\mpio.sys [2010-11-20 155008]
    S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2010-11-20 140800]
    S3 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2010-11-20 31104]
    S3 msdsm;msdsm;C:\Windows\System32\drivers\msdsm.sys [2010-11-20 140672]
    S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-13 141824]
    S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]
    S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2010-11-20 128000]
    S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-13 11136]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-13 7168]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-13 6784]
    S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2010-11-20 366976]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-13 8064]
    S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-13 15360]
    S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-13 35328]
    S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-6-26 31232]
    S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
    S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-13 122960]
    S3 NVENETFD;NVIDIA nForce Networking Controller Driver;C:\Windows\System32\drivers\nvm62x64.sys [2009-6-10 408960]
    S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2012-3-1 148352]
    S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2012-3-1 166272]
    S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-13 72832]
    S3 ose;Office Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 149352]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
    S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
    S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-13 97280]
    S3 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-13 12352]
    S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-13 220752]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
    S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
    S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
    S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
    S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-13 60416]
    S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2012-6-26 31232]
    S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
    S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
    S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-13 46592]
    S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-13 14848]
    S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-13 24064]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-1 19456]
    S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-11-16 210944]
    S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-13 27136]
    S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-13 10240]
    S3 sbp2port;sbp2port;C:\Windows\System32\drivers\sbp2port.sys [2010-11-20 103808]
    S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2010-11-20 29696]
    S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 sdbus;sdbus;C:\Windows\System32\drivers\sdbus.sys [2010-11-20 109056]
    S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]
    S3 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-13 23552]
    S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-13 94208]
    S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-13 26624]
    S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-13 14336]
    S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]
    S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2010-11-20 14336]
    S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-13 16896]
    S3 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
    S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
    S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-13 93184]
    S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-13 14336]
    S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
    S3 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-13 27136]
    S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-13 27136]
    S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-2-13 1913192]
    S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-13 15872]
    S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-6-26 23552]
    S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
    S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2010-11-20 39424]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-1 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-1 30208]
    S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-13 64080]
    S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-13 40960]
    S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]
    S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-13 9728]
    S3 usbbus;LGE Mobile Composite USB Device;C:\Windows\System32\drivers\lgx64bus.sys [2013-1-19 17920]
  6. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    And:

    S3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2012-3-1 98816]
    S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-13 100352]
    S3 UsbDiag;LGE Mobile USB Serial Port;C:\Windows\System32\drivers\lgx64diag.sys [2013-1-19 28160]
    S3 USBModem;LGE Mobile USB Modem;C:\Windows\System32\drivers\lgx64modem.sys [2013-1-19 34816]
    S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-13 25088]
    S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2012-3-1 91648]
    S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2012-3-1 30720]
    S3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2010-11-20 184960]
    S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2012-6-26 31232]
    S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2010-11-20 533504]
    S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-13 29184]
    S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2010-11-20 215936]
    S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-13 17488]
    S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
    S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2010-11-20 1600512]
    S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-13 27776]
    S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-20 88576]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-19 1255736]
    S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2010-11-20 1504256]
    S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]
    S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]
    S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]
    S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
    S3 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]
    S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
    S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
    S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-13 203264]
    S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
    S3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-11-19 87040]
    S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-11-19 198656]
    S3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
    S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-13 92160]
    S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
    S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-13 24144]
    S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-7-13 116560]
    S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2010-11-20 328192]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    S4 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-13 21504]
    .
    =============== File Associations ===============
    .
    FileExt: .bat: batfile="%1" %*
    FileExt: .cmd: cmdfile="%1" %*
    FileExt: .com: comfile="%1" %*
    FileExt: .exe: exefile="%1" %*
    FileExt: .pif: piffile="%1" %*
    FileExt: .scr: scrfile="%1" /S
    FileExt: .reg: regfile=regedit.exe "%1"
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
    FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
    FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
    FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
    ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "%1"
    ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
    ShellExec: iexplore.exe: open="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
    ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
    ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
    ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
    ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
    ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
    ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
    ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
    ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
    ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
    ShellExec: wordview.exe: Open="C:\PROGRA~2\MICROS~1\OFFICE11\WORDVIEW.EXE" /n /dde
    .
    =============== Created Last 60 ================
    .
    2013-02-20 18:02:48 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-02-20 18:02:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-14 16:09:48 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 16:09:48 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 08:05:25 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-14 08:05:25 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-14 08:05:24 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2013-02-14 08:05:24 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2013-02-14 08:05:24 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-14 08:05:24 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2013-02-14 08:05:24 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2013-02-14 08:05:24 149528 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2013-02-14 08:05:23 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    2013-02-14 08:05:23 757280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2013-02-14 08:05:23 248320 ----a-w- C:\Windows\System32\ieui.dll
    2013-02-14 08:05:23 237056 ----a-w- C:\Windows\System32\url.dll
    2013-02-14 08:05:23 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2013-02-14 08:05:23 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    2013-02-14 08:05:23 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2013-02-14 08:05:23 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-14 08:05:23 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-14 08:05:23 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2013-02-14 08:05:22 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2013-02-14 08:05:22 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2013-02-14 08:05:22 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
    2013-02-14 08:05:22 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-14 08:05:22 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
    2013-02-14 08:05:22 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-14 08:05:22 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-14 08:05:22 1346048 ----a-w- C:\Windows\System32\urlmon.dll
    2013-02-14 08:05:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-14 08:05:21 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2013-02-14 08:05:21 816640 ----a-w- C:\Windows\System32\jscript.dll
    2013-02-14 08:05:21 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2013-02-14 08:05:21 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-14 08:05:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-14 08:05:21 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-14 08:05:20 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2013-02-14 08:05:20 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2013-02-14 08:05:20 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2013-02-14 08:05:20 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
    2013-02-14 08:05:20 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    2013-02-14 08:05:20 2147840 ----a-w- C:\Windows\System32\iertutil.dll
    2013-02-14 08:05:20 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2013-02-14 08:05:20 12321280 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2013-02-14 08:05:18 17812992 ----a-w- C:\Windows\System32\mshtml.dll
    2013-02-14 08:05:17 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2013-02-14 08:05:17 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2013-02-13 23:28:34 -------- d--h--r- C:\MSOCache
    2013-02-13 19:54:15 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-13 19:54:08 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-13 19:54:07 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-13 19:54:07 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-13 19:54:05 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-13 19:54:05 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-13 19:54:05 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-13 19:54:05 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-13 19:54:05 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-13 19:54:05 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-13 19:54:04 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-13 19:54:04 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-09 20:31:08 15739760 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-02-05 21:05:52 -------- d-----w- C:\Program Files (x86)\MSECache
    2013-02-02 06:22:57 -------- d-----w- C:\Users\Randy\AppData\Roaming\IDT
    2013-02-02 05:43:14 -------- d-----w- C:\Jaguar Service Manuals
    2013-02-02 05:26:45 70004024 ----a-w- C:\Windows\System32\MRT.exe
    2013-02-02 05:26:17 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
    2013-02-02 05:26:16 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2013-02-02 05:26:16 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2013-02-02 05:26:15 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2013-02-02 05:26:14 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
    2013-02-02 05:26:14 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
    2013-02-02 05:26:14 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
    2013-02-02 05:26:13 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
    2013-02-02 05:26:13 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
    2013-02-02 05:26:13 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
    2013-02-02 05:26:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2013-02-02 05:26:13 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
    2013-02-02 05:26:13 384000 ----a-w- C:\Windows\System32\wksprt.exe
    2013-02-02 05:26:13 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2013-02-02 05:26:13 322560 ----a-w- C:\Windows\System32\aaclient.dll
    2013-02-02 05:26:13 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2013-02-02 05:26:13 243200 ----a-w- C:\Windows\System32\rdpudd.dll
    2013-02-02 05:26:13 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
    2013-02-02 05:26:13 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
    2013-02-02 05:26:13 18432 ----a-w- C:\Windows\System32\wksprtPS.dll
    2013-02-02 05:26:13 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
    2013-02-02 05:26:13 1123840 ----a-w- C:\Windows\System32\mstsc.exe
    2013-02-02 05:26:13 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2013-02-02 05:26:12 5773824 ----a-w- C:\Windows\System32\mstscax.dll
    2013-02-02 05:26:12 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-02-02 05:26:12 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
    2013-02-02 05:23:46 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-02-02 05:23:46 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-02-02 05:23:46 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-02-02 05:23:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-02-02 05:23:45 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-02-02 05:23:45 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-02-02 05:23:45 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-02-02 05:23:41 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2013-02-02 05:23:41 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2013-02-02 04:07:39 -------- d-----w- C:\ProgramData\Xerox
    2013-02-01 20:49:06 -------- d-----w- C:\Users\Randy\AppData\Roaming\Malwarebytes
    2013-02-01 20:48:50 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-02-01 20:48:30 -------- d-----w- C:\Users\Randy\AppData\Local\Programs
    2013-02-01 20:47:10 -------- d-----w- C:\Data RRR
    2013-02-01 06:02:38 -------- d-----w- C:\Program Files\Google
    2013-02-01 06:00:59 285328 ----a-w- C:\Windows\System32\aswBoot.exe
    2013-02-01 06:00:26 -------- d-----w- C:\ProgramData\AVAST Software
    2013-02-01 06:00:26 -------- d-----w- C:\Program Files\AVAST Software
    2013-02-01 05:08:22 -------- d--h--r- C:\ESD
    2013-01-28 21:42:49 -------- d-----w- C:\ProgramData\Yahoo!
    2013-01-28 21:42:44 -------- d-----w- C:\Users\Randy\AppData\Roaming\Yahoo!
    2013-01-28 21:42:44 -------- d-----w- C:\ProgramData\Yahoo! Companion
    2013-01-28 21:42:41 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2013-01-28 21:04:33 -------- d-----w- C:\Users\Randy\AppData\Roaming\Xerox
    2013-01-28 21:03:57 41472 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\Xrpp_b.dll
    2013-01-28 21:03:57 12288 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\Xrprt_b.dll
    2013-01-28 18:00:45 -------- d-----w- C:\Users\Randy\AppData\Roaming\hewlett-packard
    2013-01-28 18:00:44 -------- d-----w- C:\Users\Randy\AppData\Local\Hewlett-Packard_Company
    2013-01-23 06:20:52 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-01-23 06:20:38 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-01-23 06:20:28 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-01-23 06:20:20 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-01-21 16:31:49 -------- d-----w- C:\Windows\Minidump
    2013-01-20 05:23:42 53248 ----a-w- C:\Windows\SysWow64\CommonDL.dll
    2013-01-20 05:23:38 -------- d-----w- C:\ProgramData\LGMOBILEAX
    2013-01-20 05:22:49 34816 ----a-w- C:\Windows\System32\drivers\lgx64modem.sys
    2013-01-20 05:22:49 28160 ----a-w- C:\Windows\System32\drivers\lgx64diag.sys
    2013-01-20 05:22:49 17920 ----a-w- C:\Windows\System32\drivers\lgx64bus.sys
    2013-01-20 03:57:32 655872 ----a-w- C:\Windows\SysWow64\msvcr90.dll
    2013-01-20 03:57:32 568832 ----a-w- C:\Windows\SysWow64\msvcp90.dll
    2013-01-20 03:57:32 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
    2013-01-20 03:57:32 224768 ----a-w- C:\Windows\SysWow64\msvcm90.dll
    2013-01-20 03:50:16 -------- d-----w- C:\LGMobileUpgrade
    2013-01-20 03:49:01 98304 ----a-w- C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
    2013-01-20 03:49:01 5275648 ----a-w- C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LG_VZW_United_WHQL_v2.7.1.msi
    2013-01-20 03:49:01 24576 ----a-w- C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
    2013-01-20 03:49:00 1347584 ----a-w- C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
    2013-01-20 03:48:30 90112 ----a-r- C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Templates\F\LGUTchkdl.dll
    2013-01-20 03:48:30 24576 ----a-r- C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Templates\F\LGEUSBAutorun.dll
    2013-01-19 02:12:15 -------- d-----w- C:\Users\Randy\AppData\Local\{3BC0DD74-3709-4627-ADC3-455494AFD0D8}
    2013-01-19 02:09:57 -------- d-----w- C:\Users\Randy\AppData\Local\Evernote
    2013-01-18 19:33:37 -------- d-----w- C:\Program Files (x86)\Common Files\Telespree
    2013-01-09 17:24:52 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 17:24:52 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 17:24:32 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-01-09 17:24:32 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-01-09 17:24:31 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-09 17:24:31 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-09 17:24:31 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 17:24:31 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 17:24:31 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 17:24:30 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 17:24:25 55296 ----a-w- C:\Windows\SysWow64\cero.rs
    2013-01-09 17:24:25 55296 ----a-w- C:\Windows\System32\cero.rs
    2013-01-09 17:24:25 51712 ----a-w- C:\Windows\SysWow64\esrb.rs
    2013-01-09 17:24:25 51712 ----a-w- C:\Windows\System32\esrb.rs
    2013-01-09 17:24:25 46592 ----a-w- C:\Windows\SysWow64\fpb.rs
    2013-01-09 17:24:25 46592 ----a-w- C:\Windows\System32\fpb.rs
    2013-01-09 17:24:25 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
    2013-01-09 17:24:25 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2013-01-09 17:24:25 44544 ----a-w- C:\Windows\SysWow64\pegibbfc.rs
    2013-01-09 17:24:25 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2013-01-09 17:24:25 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2013-01-09 17:24:25 43520 ----a-w- C:\Windows\SysWow64\csrr.rs
    2013-01-09 17:24:25 43520 ----a-w- C:\Windows\System32\csrr.rs
    2013-01-09 17:24:25 40960 ----a-w- C:\Windows\SysWow64\cob-au.rs
    2013-01-09 17:24:25 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2013-01-09 17:24:25 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2013-01-09 17:24:25 30720 ----a-w- C:\Windows\SysWow64\usk.rs
    2013-01-09 17:24:25 30720 ----a-w- C:\Windows\System32\usk.rs
    2013-01-09 17:24:25 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2013-01-09 17:24:25 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2013-01-09 17:24:25 23552 ----a-w- C:\Windows\SysWow64\oflc.rs
    2013-01-09 17:24:25 23552 ----a-w- C:\Windows\System32\oflc.rs
    2013-01-09 17:24:25 21504 ----a-w- C:\Windows\SysWow64\grb.rs
    2013-01-09 17:24:25 21504 ----a-w- C:\Windows\System32\grb.rs
    2013-01-09 17:24:25 20480 ----a-w- C:\Windows\SysWow64\pegi.rs
    2013-01-09 17:24:25 20480 ----a-w- C:\Windows\SysWow64\pegi-pt.rs
    2013-01-09 17:24:25 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs
    2013-01-09 17:24:25 20480 ----a-w- C:\Windows\System32\pegi.rs
    2013-01-09 17:24:25 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2013-01-09 17:24:25 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2013-01-09 17:24:25 15360 ----a-w- C:\Windows\SysWow64\djctq.rs
    2013-01-09 17:24:25 15360 ----a-w- C:\Windows\System32\djctq.rs
    2013-01-09 17:23:57 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-01-09 17:23:57 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2013-01-09 17:23:57 338432 ----a-w- C:\Windows\System32\conhost.exe
    2013-01-09 17:23:57 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2013-01-09 17:23:57 243200 ----a-w- C:\Windows\System32\wow64.dll
    2013-01-09 17:23:57 1161216 ----a-w- C:\Windows\System32\kernel32.dll
    2013-01-09 17:23:57 1114112 ----a-w- C:\Windows\SysWow64\kernel32.dll
    2013-01-09 17:23:56 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-01-09 17:23:56 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2013-01-09 17:23:56 5120 ---ha-w- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-01-09 17:23:56 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-09 17:23:56 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-09 17:23:56 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-09 17:23:56 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-09 17:23:56 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2013-01-09 17:23:56 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2013-01-09 17:23:56 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-09 17:23:56 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-09 17:23:56 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-01-09 17:23:56 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-09 17:23:56 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-09 17:23:56 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-09 17:23:56 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2013-01-09 17:23:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2013-01-09 17:23:55 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-01-09 17:23:55 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-09 17:23:55 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 17:23:55 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 17:23:55 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-09 17:23:55 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 17:23:41 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-07 19:06:54 -------- d-----w- C:\Users\Randy\AppData\Roaming\WildTangent
    2013-01-04 04:56:33 -------- d-----w- C:\Program Files (x86)\Google
    2013-01-04 04:56:22 -------- d-----w- C:\Users\Randy\AppData\Local\Google
    2013-01-04 04:55:59 -------- d-----w- C:\Users\Randy\AppData\Local\Deployment
    2013-01-04 04:55:59 -------- d-----w- C:\Users\Randy\AppData\Local\Apps
    2013-01-02 22:37:37 -------- d-----w- C:\Users\Randy\AppData\Roaming\Macrovision
    2012-12-28 20:41:19 -------- d-----w- C:\Users\Randy\AppData\Local\Diagnostics
    .
    ==================== Find6M ====================

    2013-02-14 16:34:31 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-14 16:34:31 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-10 03:11:10 49152 ----a-r- C:\Windows\SysWow64\inetwh32.dll
    2012-10-10 03:11:10 1044480 ----a-r- C:\Windows\SysWow64\roboex32.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-29 06:32:08 2177688 ----a-w- C:\Windows\System32\coin92.dll
    2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    .
    ============= FINISH: 11:02:50.62 ===============
  7. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Cool :)

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  8. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Both say nothing, but the Q drive is the one it created. I changed the name of it. There was no virtual drive on this computer before:

    19:08:42.0616 4596 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    19:08:42.0632 4596 ============================================================
    19:08:42.0632 4596 Current date / time: 2013/02/20 19:08:42.0632
    19:08:42.0632 4596 SystemInfo:
    19:08:42.0632 4596
    19:08:42.0632 4596 OS Version: 6.1.7601 ServicePack: 1.0
    19:08:42.0632 4596 Product type: Workstation
    19:08:42.0632 4596 ComputerName: HP-RANDY
    19:08:42.0632 4596 UserName: Randy
    19:08:42.0632 4596 Windows directory: C:\Windows
    19:08:42.0632 4596 System windows directory: C:\Windows
    19:08:42.0632 4596 Running under WOW64
    19:08:42.0632 4596 Processor architecture: Intel x64
    19:08:42.0632 4596 Number of processors: 2
    19:08:42.0632 4596 Page size: 0x1000
    19:08:42.0632 4596 Boot type: Normal boot
    19:08:42.0632 4596 ============================================================
    19:08:44.0426 4596 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:08:44.0426 4596 Drive \Device\Harddisk1\DR3 - Size: 0x3BE6E0000 (14.98 Gb), SectorSize: 0x200, Cylinders: 0x7A2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    19:08:44.0426 4596 ============================================================
    19:08:44.0426 4596 \Device\Harddisk0\DR0:
    19:08:44.0426 4596 MBR partitions:
    19:08:44.0426 4596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    19:08:44.0426 4596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37A9B800
    19:08:44.0426 4596 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37AFF800, BlocksNum 0x2852800
    19:08:44.0426 4596 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33800
    19:08:44.0426 4596 \Device\Harddisk1\DR3:
    19:08:44.0426 4596 MBR partitions:
    19:08:44.0426 4596 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F50, BlocksNum 0x1DEF7B0
    19:08:44.0426 4596 ============================================================
    19:08:44.0457 4596 C: <-> \Device\Harddisk0\DR0\Partition2
    19:08:44.0504 4596 D: <-> \Device\Harddisk0\DR0\Partition3
    19:08:44.0504 4596 ============================================================
    19:08:44.0504 4596 Initialize success
    19:08:44.0504 4596 ============================================================
    19:09:01.0071 6296 ============================================================
    19:09:01.0071 6296 Scan started
    19:09:01.0071 6296 Mode: Manual;
    19:09:01.0071 6296 ============================================================
    19:09:01.0492 6296 ================ Scan system memory ========================
    19:09:01.0492 6296 System memory - ok
    19:09:01.0492 6296 ================ Scan services =============================
    19:09:01.0757 6296 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:09:01.0757 6296 1394ohci - ok
    19:09:01.0804 6296 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\drivers\Accelerometer.sys
    19:09:01.0804 6296 Accelerometer - ok
    19:09:01.0820 6296 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:09:01.0835 6296 ACPI - ok
    19:09:01.0866 6296 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:09:01.0866 6296 AcpiPmi - ok
    19:09:01.0929 6296 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    19:09:01.0929 6296 AdobeARMservice - ok
    19:09:02.0054 6296 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:09:02.0054 6296 AdobeFlashPlayerUpdateSvc - ok
    19:09:02.0100 6296 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    19:09:02.0100 6296 adp94xx - ok
    19:09:02.0163 6296 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    19:09:02.0178 6296 adpahci - ok
    19:09:02.0194 6296 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    19:09:02.0194 6296 adpu320 - ok
    19:09:02.0225 6296 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:09:02.0225 6296 AeLookupSvc - ok
    19:09:02.0272 6296 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    19:09:02.0272 6296 AFD - ok
    19:09:02.0303 6296 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:09:02.0303 6296 agp440 - ok
    19:09:02.0334 6296 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    19:09:02.0334 6296 ALG - ok
    19:09:02.0397 6296 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:09:02.0397 6296 aliide - ok
    19:09:02.0428 6296 [ D2A8D3FE8D5EA4B3A631C86E5DD838E5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    19:09:02.0428 6296 AMD External Events Utility - ok
    19:09:02.0459 6296 AMD FUEL Service - ok
    19:09:02.0490 6296 [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193 ] amdhub30 C:\Windows\system32\drivers\amdhub30.sys
    19:09:02.0506 6296 amdhub30 - ok
    19:09:02.0537 6296 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    19:09:02.0537 6296 amdide - ok
    19:09:02.0553 6296 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\drivers\amdiox64.sys
    19:09:02.0553 6296 amdiox64 - ok
    19:09:02.0584 6296 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    19:09:02.0584 6296 AmdK8 - ok
    19:09:02.0818 6296 [ 90663B2830BB226B67E101A72CFF8383 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    19:09:03.0005 6296 amdkmdag - ok
    19:09:03.0052 6296 [ 9503F413AF5CC1721D58CF1753483C96 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    19:09:03.0052 6296 amdkmdap - ok
    19:09:03.0099 6296 [ 554FB0F28C411FB1EAFD4EA46A8CAAA4 ] amdkmpfd C:\Windows\system32\drivers\amdkmpfd.sys
    19:09:03.0099 6296 amdkmpfd - ok
    19:09:03.0114 6296 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    19:09:03.0114 6296 AmdPPM - ok
    19:09:03.0130 6296 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:09:03.0130 6296 amdsata - ok
    19:09:03.0161 6296 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    19:09:03.0177 6296 amdsbs - ok
    19:09:03.0192 6296 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:09:03.0192 6296 amdxata - ok
    19:09:03.0208 6296 [ 541A6C49C792ED71FB3EFF8C815CFE60 ] amdxhc C:\Windows\system32\drivers\amdxhc.sys
    19:09:03.0224 6296 amdxhc - ok
    19:09:03.0224 6296 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
    19:09:03.0224 6296 amd_sata - ok
    19:09:03.0255 6296 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
    19:09:03.0255 6296 amd_xata - ok
    19:09:03.0286 6296 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    19:09:03.0286 6296 AppID - ok
    19:09:03.0302 6296 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:09:03.0317 6296 AppIDSvc - ok
    19:09:03.0333 6296 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    19:09:03.0333 6296 Appinfo - ok
    19:09:03.0348 6296 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    19:09:03.0348 6296 arc - ok
    19:09:03.0364 6296 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    19:09:03.0380 6296 arcsas - ok
    19:09:03.0395 6296 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:09:03.0395 6296 AsyncMac - ok
    19:09:03.0426 6296 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    19:09:03.0426 6296 atapi - ok
    19:09:03.0458 6296 [ D0B119D6F52BDCA8D204F79D27690209 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
    19:09:03.0458 6296 AthBTPort - ok
    19:09:03.0504 6296 [ 4119870B90E1B5E7797D6433D21F9216 ] ATHDFU C:\Windows\System32\Drivers\AthDfu.sys
    19:09:03.0504 6296 ATHDFU - ok
    19:09:03.0551 6296 [ 86F8A0A8D59D0AE2B1096F3103F0E0AD ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    19:09:03.0551 6296 AtherosSvc - ok
    19:09:03.0629 6296 [ 881AF14AD2F1207672873B65ACA6C92F ] athr C:\Windows\system32\DRIVERS\athrx.sys
    19:09:03.0645 6296 athr - ok
    19:09:03.0692 6296 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    19:09:03.0692 6296 AtiHDAudioService - ok
    19:09:03.0738 6296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:09:03.0738 6296 AudioEndpointBuilder - ok
    19:09:03.0754 6296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:09:03.0754 6296 AudioSrv - ok
    19:09:03.0801 6296 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:09:03.0801 6296 AxInstSV - ok
    19:09:03.0848 6296 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    19:09:03.0848 6296 b06bdrv - ok
    19:09:03.0894 6296 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:09:03.0894 6296 b57nd60a - ok
    19:09:03.0972 6296 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    19:09:03.0972 6296 BBSvc - ok
    19:09:04.0004 6296 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    19:09:04.0004 6296 BBUpdate - ok
    19:09:04.0050 6296 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    19:09:04.0066 6296 BCM43XX - ok
    19:09:04.0113 6296 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:09:04.0113 6296 BDESVC - ok
    19:09:04.0144 6296 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:09:04.0144 6296 Beep - ok
    19:09:04.0175 6296 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    19:09:04.0191 6296 BFE - ok
    19:09:04.0300 6296 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys
    19:09:04.0316 6296 BHDrvx64 - ok
    19:09:04.0362 6296 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    19:09:04.0362 6296 BITS - ok
    19:09:04.0394 6296 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    19:09:04.0394 6296 blbdrive - ok
    19:09:04.0425 6296 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:09:04.0425 6296 bowser - ok
    19:09:04.0456 6296 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    19:09:04.0472 6296 BrFiltLo - ok
    19:09:04.0472 6296 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    19:09:04.0472 6296 BrFiltUp - ok
    19:09:04.0503 6296 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    19:09:04.0503 6296 Browser - ok
    19:09:04.0518 6296 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:09:04.0534 6296 Brserid - ok
    19:09:04.0550 6296 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:09:04.0550 6296 BrSerWdm - ok
    19:09:04.0565 6296 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:09:04.0565 6296 BrUsbMdm - ok
    19:09:04.0596 6296 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:09:04.0596 6296 BrUsbSer - ok
    19:09:04.0643 6296 [ C05ED3246C06EC56F10D85B0304CD09E ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
    19:09:04.0659 6296 BTATH_A2DP - ok
    19:09:04.0674 6296 [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
    19:09:04.0674 6296 btath_avdt - ok
    19:09:04.0706 6296 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\drivers\btath_bus.sys
    19:09:04.0737 6296 BTATH_BUS - ok
    19:09:04.0752 6296 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\drivers\btath_hcrp.sys
    19:09:04.0752 6296 BTATH_HCRP - ok
    19:09:04.0784 6296 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
    19:09:04.0784 6296 BTATH_LWFLT - ok
    19:09:04.0799 6296 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\drivers\btath_rcp.sys
    19:09:04.0815 6296 BTATH_RCP - ok
    19:09:04.0846 6296 [ 4FBDD8AF372ED5CB2EA63C0890C62435 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
    19:09:04.0846 6296 BtFilter - ok
    19:09:04.0877 6296 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    19:09:04.0877 6296 BthEnum - ok
    19:09:04.0908 6296 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    19:09:04.0908 6296 BTHMODEM - ok
    19:09:04.0940 6296 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    19:09:04.0940 6296 BthPan - ok
    19:09:04.0986 6296 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    19:09:04.0986 6296 BTHPORT - ok
    19:09:05.0002 6296 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    19:09:05.0002 6296 bthserv - ok
    19:09:05.0018 6296 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    19:09:05.0018 6296 BTHUSB - ok
    19:09:05.0080 6296 [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys
    19:09:05.0080 6296 ccSet_NIS - ok
    19:09:05.0096 6296 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:09:05.0096 6296 cdfs - ok
    19:09:05.0127 6296 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    19:09:05.0142 6296 cdrom - ok
    19:09:05.0174 6296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    19:09:05.0174 6296 CertPropSvc - ok
    19:09:05.0189 6296 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    19:09:05.0189 6296 circlass - ok
    19:09:05.0205 6296 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    19:09:05.0205 6296 CLFS - ok
    19:09:05.0283 6296 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:09:05.0283 6296 clr_optimization_v2.0.50727_32 - ok
    19:09:05.0330 6296 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:09:05.0330 6296 clr_optimization_v2.0.50727_64 - ok
    19:09:05.0392 6296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:09:05.0392 6296 clr_optimization_v4.0.30319_32 - ok
    19:09:05.0439 6296 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:09:05.0470 6296 clr_optimization_v4.0.30319_64 - ok
    19:09:05.0517 6296 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
    19:09:05.0517 6296 clwvd - ok
    19:09:05.0548 6296 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    19:09:05.0548 6296 CmBatt - ok
    19:09:05.0564 6296 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:09:05.0564 6296 cmdide - ok
    19:09:05.0595 6296 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
    19:09:05.0595 6296 CNG - ok
    19:09:05.0642 6296 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    19:09:05.0642 6296 Compbatt - ok
    19:09:05.0642 6296 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    19:09:05.0657 6296 CompositeBus - ok
    19:09:05.0657 6296 COMSysApp - ok
    19:09:05.0673 6296 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    19:09:05.0688 6296 crcdisk - ok
    19:09:05.0720 6296 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:09:05.0720 6296 CryptSvc - ok
    19:09:05.0798 6296 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    19:09:05.0813 6296 cvhsvc - ok
    19:09:05.0844 6296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:09:05.0860 6296 DcomLaunch - ok
    19:09:05.0891 6296 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    19:09:05.0891 6296 defragsvc - ok
    19:09:05.0907 6296 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:09:05.0907 6296 DfsC - ok
    19:09:05.0938 6296 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:09:05.0938 6296 Dhcp - ok
    19:09:05.0969 6296 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    19:09:05.0969 6296 discache - ok
    19:09:05.0985 6296 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    19:09:05.0985 6296 Disk - ok
    19:09:06.0000 6296 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:09:06.0000 6296 Dnscache - ok
    19:09:06.0016 6296 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:09:06.0032 6296 dot3svc - ok
    19:09:06.0047 6296 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    19:09:06.0047 6296 DPS - ok
    19:09:06.0094 6296 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:09:06.0094 6296 drmkaud - ok
    19:09:06.0125 6296 [ CE7743807258A7D383C427E3C178A49E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:09:06.0125 6296 DXGKrnl - ok
    19:09:06.0172 6296 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    19:09:06.0172 6296 EapHost - ok
    19:09:06.0250 6296 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    19:09:06.0281 6296 ebdrv - ok
    19:09:06.0312 6296 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    19:09:06.0312 6296 eeCtrl - ok
    19:09:06.0359 6296 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    19:09:06.0359 6296 EFS - ok
    19:09:06.0422 6296 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:09:06.0422 6296 ehRecvr - ok
    19:09:06.0437 6296 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    19:09:06.0437 6296 ehSched - ok
    19:09:06.0468 6296 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    19:09:06.0484 6296 elxstor - ok
    19:09:06.0500 6296 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    19:09:06.0500 6296 EraserUtilRebootDrv - ok
    19:09:06.0515 6296 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:09:06.0515 6296 ErrDev - ok
    19:09:06.0578 6296 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    19:09:06.0578 6296 EventSystem - ok
    19:09:06.0609 6296 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    19:09:06.0609 6296 exfat - ok
    19:09:06.0624 6296 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:09:06.0624 6296 fastfat - ok
    19:09:06.0656 6296 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    19:09:06.0671 6296 Fax - ok
    19:09:06.0687 6296 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    19:09:06.0687 6296 fdc - ok
    19:09:06.0734 6296 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    19:09:06.0734 6296 fdPHost - ok
    19:09:06.0734 6296 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:09:06.0734 6296 FDResPub - ok
    19:09:06.0749 6296 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:09:06.0749 6296 FileInfo - ok
    19:09:06.0765 6296 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:09:06.0765 6296 Filetrace - ok
    19:09:06.0812 6296 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    19:09:06.0812 6296 flpydisk - ok
    19:09:06.0827 6296 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:09:06.0827 6296 FltMgr - ok
    19:09:06.0890 6296 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    19:09:06.0890 6296 FontCache - ok
    19:09:06.0936 6296 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:09:06.0936 6296 FontCache3.0.0.0 - ok
    19:09:06.0968 6296 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:09:06.0968 6296 FsDepends - ok
    19:09:06.0999 6296 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:09:06.0999 6296 Fs_Rec - ok
    19:09:07.0046 6296 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:09:07.0046 6296 fvevol - ok
    19:09:07.0061 6296 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    19:09:07.0061 6296 gagp30kx - ok
    19:09:07.0139 6296 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    19:09:07.0139 6296 GamesAppService - ok
    19:09:07.0186 6296 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    19:09:07.0202 6296 gpsvc - ok
    19:09:07.0295 6296 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:09:07.0295 6296 gupdate - ok
    19:09:07.0311 6296 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:09:07.0311 6296 gupdatem - ok
    19:09:07.0342 6296 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:09:07.0342 6296 hcw85cir - ok
    19:09:07.0358 6296 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:09:07.0358 6296 HdAudAddService - ok
    19:09:07.0389 6296 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    19:09:07.0389 6296 HDAudBus - ok
    19:09:07.0404 6296 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    19:09:07.0404 6296 HidBatt - ok
    19:09:07.0420 6296 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    19:09:07.0420 6296 HidBth - ok
    19:09:07.0451 6296 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    19:09:07.0451 6296 HidIr - ok
    19:09:07.0482 6296 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    19:09:07.0482 6296 hidserv - ok
    19:09:07.0514 6296 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:09:07.0514 6296 HidUsb - ok
    19:09:07.0545 6296 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:09:07.0560 6296 hkmsvc - ok
    19:09:07.0560 6296 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:09:07.0576 6296 HomeGroupListener - ok
    19:09:07.0592 6296 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:09:07.0592 6296 HomeGroupProvider - ok
    19:09:07.0670 6296 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    19:09:07.0670 6296 HP Support Assistant Service - ok
    19:09:07.0716 6296 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    19:09:07.0716 6296 HPClientSvc - ok
    19:09:07.0794 6296 [ E07F8E78D08D9269E3365C2A4F637191 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    19:09:07.0794 6296 hpCMSrv - ok
    19:09:07.0841 6296 [ 3D85344F1B6A74B5EB1D97BB8DAEE224 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    19:09:07.0841 6296 HPDrvMntSvc.exe - ok
    19:09:07.0872 6296 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\drivers\hpdskflt.sys
    19:09:07.0872 6296 hpdskflt - ok
    19:09:07.0935 6296 [ 7BBD5B17B77CE24BAB3ADF54991ABB36 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    19:09:07.0935 6296 hpqwmiex - ok
    19:09:07.0966 6296 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:09:07.0966 6296 HpSAMD - ok
    19:09:07.0997 6296 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
    19:09:07.0997 6296 hpsrv - ok
    19:09:08.0060 6296 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    19:09:08.0060 6296 HPWMISVC - ok
    19:09:08.0091 6296 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:09:08.0106 6296 HTTP - ok
    19:09:08.0122 6296 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:09:08.0122 6296 hwpolicy - ok
    19:09:08.0169 6296 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    19:09:08.0169 6296 i8042prt - ok
    19:09:08.0200 6296 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:09:08.0200 6296 iaStorV - ok
    19:09:08.0262 6296 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:09:08.0262 6296 idsvc - ok
    19:09:08.0340 6296 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSvia64.sys
    19:09:08.0340 6296 IDSVia64 - ok
    19:09:08.0372 6296 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    19:09:08.0372 6296 iirsp - ok
    19:09:08.0418 6296 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    19:09:08.0418 6296 IKEEXT - ok
    19:09:08.0434 6296 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    19:09:08.0450 6296 intelide - ok
    19:09:08.0450 6296 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    19:09:08.0450 6296 intelppm - ok
    19:09:08.0481 6296 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:09:08.0481 6296 IPBusEnum - ok
    19:09:08.0496 6296 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:09:08.0496 6296 IpFilterDriver - ok
    19:09:08.0528 6296 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:09:08.0528 6296 iphlpsvc - ok
    19:09:08.0559 6296 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:09:08.0574 6296 IPMIDRV - ok
    19:09:08.0590 6296 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:09:08.0590 6296 IPNAT - ok
    19:09:08.0621 6296 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:09:08.0621 6296 IRENUM - ok
    19:09:08.0637 6296 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:09:08.0637 6296 isapnp - ok
    19:09:08.0652 6296 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:09:08.0668 6296 iScsiPrt - ok
    19:09:08.0699 6296 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    19:09:08.0699 6296 kbdclass - ok
    19:09:08.0730 6296 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    19:09:08.0730 6296 kbdhid - ok
    19:09:08.0746 6296 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    19:09:08.0746 6296 KeyIso - ok
    19:09:08.0762 6296 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:09:08.0762 6296 KSecDD - ok
    19:09:08.0793 6296 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:09:08.0793 6296 KSecPkg - ok
    19:09:08.0824 6296 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:09:08.0824 6296 ksthunk - ok
    19:09:08.0855 6296 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:09:08.0871 6296 KtmRm - ok
    19:09:08.0902 6296 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    19:09:08.0902 6296 LanmanServer - ok
    19:09:08.0933 6296 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:09:08.0933 6296 LanmanWorkstation - ok
    19:09:08.0964 6296 [ 6CE0F55287EB8E8E472656E84DDCF4EA ] lehidmini C:\Windows\system32\drivers\leath_hid.sys
    19:09:08.0964 6296 lehidmini - ok
    19:09:08.0996 6296 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:09:08.0996 6296 lltdio - ok
    19:09:09.0027 6296 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:09:09.0027 6296 lltdsvc - ok
    19:09:09.0042 6296 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:09:09.0042 6296 lmhosts - ok
    19:09:09.0089 6296 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    19:09:09.0089 6296 LSI_FC - ok
    19:09:09.0105 6296 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    19:09:09.0105 6296 LSI_SAS - ok
    19:09:09.0120 6296 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    19:09:09.0120 6296 LSI_SAS2 - ok
    19:09:09.0136 6296 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    19:09:09.0136 6296 LSI_SCSI - ok
    19:09:09.0167 6296 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    19:09:09.0167 6296 luafv - ok
    19:09:09.0198 6296 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:09:09.0214 6296 Mcx2Svc - ok
    19:09:09.0230 6296 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    19:09:09.0230 6296 megasas - ok
    19:09:09.0261 6296 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    19:09:09.0276 6296 MegaSR - ok
    19:09:09.0308 6296 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    19:09:09.0308 6296 MMCSS - ok
    19:09:09.0323 6296 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    19:09:09.0323 6296 Modem - ok
    19:09:09.0339 6296 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:09:09.0339 6296 monitor - ok
    19:09:09.0370 6296 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:09:09.0370 6296 mouclass - ok
    19:09:09.0401 6296 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:09:09.0401 6296 mouhid - ok
    19:09:09.0417 6296 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:09:09.0417 6296 mountmgr - ok
    19:09:09.0432 6296 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:09:09.0432 6296 mpio - ok
    19:09:09.0448 6296 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:09:09.0464 6296 mpsdrv - ok
    19:09:09.0495 6296 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:09:09.0510 6296 MpsSvc - ok
    19:09:09.0542 6296 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:09:09.0557 6296 MRxDAV - ok
    19:09:09.0573 6296 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:09:09.0573 6296 mrxsmb - ok
    19:09:09.0588 6296 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:09:09.0588 6296 mrxsmb10 - ok
    19:09:09.0604 6296 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:09:09.0604 6296 mrxsmb20 - ok
    19:09:09.0620 6296 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:09:09.0620 6296 msahci - ok
    19:09:09.0651 6296 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:09:09.0651 6296 msdsm - ok
    19:09:09.0666 6296 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    19:09:09.0666 6296 MSDTC - ok
    19:09:09.0698 6296 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:09:09.0698 6296 Msfs - ok
    19:09:09.0713 6296 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:09:09.0713 6296 mshidkmdf - ok
    19:09:09.0729 6296 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:09:09.0729 6296 msisadrv - ok
    19:09:09.0776 6296 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:09:09.0776 6296 MSiSCSI - ok
    19:09:09.0776 6296 msiserver - ok
    19:09:09.0791 6296 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:09:09.0807 6296 MSKSSRV - ok
    19:09:09.0838 6296 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:09:09.0838 6296 MSPCLOCK - ok
    19:09:09.0838 6296 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:09:09.0838 6296 MSPQM - ok
    19:09:09.0869 6296 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:09:09.0869 6296 MsRPC - ok
    19:09:09.0885 6296 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    19:09:09.0885 6296 mssmbios - ok
    19:09:09.0900 6296 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:09:09.0900 6296 MSTEE - ok
    19:09:09.0916 6296 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    19:09:09.0916 6296 MTConfig - ok
    19:09:09.0947 6296 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    19:09:09.0947 6296 Mup - ok
    19:09:09.0978 6296 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    19:09:09.0994 6296 napagent - ok
    19:09:10.0010 6296 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:09:10.0025 6296 NativeWifiP - ok
    19:09:10.0072 6296 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\ENG64.SYS
    19:09:10.0088 6296 NAVENG - ok
    19:09:10.0134 6296 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\EX64.SYS
    19:09:10.0150 6296 NAVEX15 - ok
    19:09:10.0212 6296 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:09:10.0212 6296 NDIS - ok
    19:09:10.0244 6296 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:09:10.0244 6296 NdisCap - ok
    19:09:10.0275 6296 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:09:10.0290 6296 NdisTapi - ok
    19:09:10.0306 6296 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:09:10.0306 6296 Ndisuio - ok
    19:09:10.0322 6296 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:09:10.0322 6296 NdisWan - ok
    19:09:10.0337 6296 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:09:10.0337 6296 NDProxy - ok
    19:09:10.0368 6296 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:09:10.0368 6296 NetBIOS - ok
    19:09:10.0384 6296 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:09:10.0384 6296 NetBT - ok
    19:09:10.0400 6296 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    19:09:10.0400 6296 Netlogon - ok
    19:09:10.0431 6296 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    19:09:10.0431 6296 Netman - ok
    19:09:10.0446 6296 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    19:09:10.0462 6296 netprofm - ok
    19:09:10.0493 6296 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:09:10.0493 6296 NetTcpPortSharing - ok
    19:09:10.0524 6296 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    19:09:10.0524 6296 nfrd960 - ok
    19:09:10.0602 6296 [ E127420B7FEB65C7F279EAAC183BBC0E ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
    19:09:10.0602 6296 NIS - ok
    19:09:10.0634 6296 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:09:10.0634 6296 NlaSvc - ok
    19:09:10.0649 6296 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:09:10.0649 6296 Npfs - ok
    19:09:10.0665 6296 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    19:09:10.0680 6296 nsi - ok
  9. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Next part:
    19:09:10.0680 6296 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:09:10.0680 6296 nsiproxy - ok
    19:09:10.0743 6296 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:09:10.0758 6296 Ntfs - ok
    19:09:10.0790 6296 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    19:09:10.0790 6296 Null - ok
    19:09:10.0821 6296 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    19:09:10.0821 6296 NVENETFD - ok
    19:09:10.0852 6296 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:09:10.0852 6296 nvraid - ok
    19:09:10.0868 6296 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:09:10.0883 6296 nvstor - ok
    19:09:10.0899 6296 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:09:10.0899 6296 nv_agp - ok
    19:09:10.0930 6296 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:09:10.0930 6296 ohci1394 - ok
    19:09:10.0977 6296 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:09:10.0992 6296 ose - ok
    19:09:11.0133 6296 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    19:09:11.0226 6296 osppsvc - ok
    19:09:11.0258 6296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:09:11.0258 6296 p2pimsvc - ok
    19:09:11.0273 6296 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    19:09:11.0273 6296 p2psvc - ok
    19:09:11.0304 6296 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    19:09:11.0304 6296 Parport - ok
    19:09:11.0336 6296 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:09:11.0336 6296 partmgr - ok
    19:09:11.0367 6296 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:09:11.0367 6296 PcaSvc - ok
    19:09:11.0382 6296 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    19:09:11.0382 6296 pci - ok
    19:09:11.0398 6296 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    19:09:11.0398 6296 pciide - ok
    19:09:11.0429 6296 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    19:09:11.0445 6296 pcmcia - ok
    19:09:11.0460 6296 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:09:11.0460 6296 pcw - ok
    19:09:11.0476 6296 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:09:11.0492 6296 PEAUTH - ok
    19:09:11.0585 6296 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:09:11.0585 6296 PerfHost - ok
    19:09:11.0632 6296 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    19:09:11.0648 6296 pla - ok
    19:09:11.0694 6296 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:09:11.0694 6296 PlugPlay - ok
    19:09:11.0710 6296 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:09:11.0710 6296 PNRPAutoReg - ok
    19:09:11.0726 6296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:09:11.0741 6296 PNRPsvc - ok
    19:09:11.0757 6296 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:09:11.0772 6296 PolicyAgent - ok
    19:09:11.0788 6296 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    19:09:11.0788 6296 Power - ok
    19:09:11.0819 6296 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:09:11.0835 6296 PptpMiniport - ok
    19:09:11.0835 6296 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    19:09:11.0850 6296 Processor - ok
    19:09:11.0866 6296 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    19:09:11.0866 6296 ProfSvc - ok
    19:09:11.0882 6296 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:09:11.0882 6296 ProtectedStorage - ok
    19:09:11.0913 6296 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:09:11.0913 6296 Psched - ok
    19:09:11.0960 6296 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    19:09:11.0975 6296 ql2300 - ok
    19:09:11.0991 6296 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    19:09:12.0006 6296 ql40xx - ok
    19:09:12.0038 6296 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    19:09:12.0038 6296 QWAVE - ok
    19:09:12.0053 6296 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:09:12.0053 6296 QWAVEdrv - ok
    19:09:12.0069 6296 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:09:12.0069 6296 RasAcd - ok
    19:09:12.0116 6296 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:09:12.0116 6296 RasAgileVpn - ok
    19:09:12.0147 6296 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    19:09:12.0147 6296 RasAuto - ok
    19:09:12.0162 6296 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:09:12.0162 6296 Rasl2tp - ok
    19:09:12.0178 6296 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    19:09:12.0178 6296 RasMan - ok
    19:09:12.0194 6296 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:09:12.0209 6296 RasPppoe - ok
    19:09:12.0240 6296 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:09:12.0240 6296 RasSstp - ok
    19:09:12.0256 6296 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:09:12.0256 6296 rdbss - ok
    19:09:12.0272 6296 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    19:09:12.0272 6296 rdpbus - ok
    19:09:12.0303 6296 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:09:12.0303 6296 RDPCDD - ok
    19:09:12.0318 6296 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:09:12.0318 6296 RDPENCDD - ok
    19:09:12.0350 6296 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:09:12.0350 6296 RDPREFMP - ok
    19:09:12.0396 6296 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    19:09:12.0396 6296 RdpVideoMiniport - ok
    19:09:12.0428 6296 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:09:12.0428 6296 RDPWD - ok
    19:09:12.0474 6296 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:09:12.0474 6296 rdyboost - ok
    19:09:12.0490 6296 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:09:12.0490 6296 RemoteAccess - ok
    19:09:12.0521 6296 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:09:12.0521 6296 RemoteRegistry - ok
    19:09:12.0568 6296 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    19:09:12.0568 6296 RFCOMM - ok
    19:09:12.0599 6296 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:09:12.0599 6296 RpcEptMapper - ok
    19:09:12.0615 6296 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    19:09:12.0615 6296 RpcLocator - ok
    19:09:12.0630 6296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    19:09:12.0630 6296 RpcSs - ok
    19:09:12.0662 6296 [ 1BDF0DFB56603888E7BA07A99BFF3C97 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
    19:09:12.0662 6296 RSP2STOR - ok
    19:09:12.0708 6296 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:09:12.0708 6296 rspndr - ok
    19:09:12.0740 6296 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    19:09:12.0755 6296 RTL8167 - ok
    19:09:12.0771 6296 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    19:09:12.0771 6296 SamSs - ok
    19:09:12.0786 6296 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:09:12.0786 6296 sbp2port - ok
    19:09:12.0818 6296 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:09:12.0818 6296 SCardSvr - ok
    19:09:12.0833 6296 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:09:12.0833 6296 scfilter - ok
    19:09:12.0864 6296 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    19:09:12.0880 6296 Schedule - ok
    19:09:12.0911 6296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:09:12.0911 6296 SCPolicySvc - ok
    19:09:12.0942 6296 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    19:09:12.0942 6296 sdbus - ok
    19:09:12.0958 6296 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:09:12.0974 6296 SDRSVC - ok
    19:09:12.0989 6296 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:09:12.0989 6296 secdrv - ok
    19:09:13.0005 6296 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    19:09:13.0005 6296 seclogon - ok
    19:09:13.0020 6296 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    19:09:13.0020 6296 SENS - ok
    19:09:13.0052 6296 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:09:13.0052 6296 SensrSvc - ok
    19:09:13.0098 6296 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    19:09:13.0098 6296 Serenum - ok
    19:09:13.0114 6296 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    19:09:13.0130 6296 Serial - ok
    19:09:13.0145 6296 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    19:09:13.0145 6296 sermouse - ok
    19:09:13.0176 6296 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    19:09:13.0192 6296 SessionEnv - ok
    19:09:13.0208 6296 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:09:13.0208 6296 sffdisk - ok
    19:09:13.0223 6296 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:09:13.0223 6296 sffp_mmc - ok
    19:09:13.0239 6296 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:09:13.0239 6296 sffp_sd - ok
    19:09:13.0270 6296 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    19:09:13.0270 6296 sfloppy - ok
    19:09:13.0317 6296 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    19:09:13.0332 6296 Sftfs - ok
    19:09:13.0395 6296 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    19:09:13.0395 6296 sftlist - ok
    19:09:13.0426 6296 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    19:09:13.0442 6296 Sftplay - ok
    19:09:13.0457 6296 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    19:09:13.0473 6296 Sftredir - ok
    19:09:13.0473 6296 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    19:09:13.0473 6296 Sftvol - ok
    19:09:13.0488 6296 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    19:09:13.0488 6296 sftvsa - ok
    19:09:13.0535 6296 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:09:13.0551 6296 SharedAccess - ok
    19:09:13.0566 6296 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:09:13.0582 6296 ShellHWDetection - ok
    19:09:13.0582 6296 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    19:09:13.0582 6296 SiSRaid2 - ok
    19:09:13.0613 6296 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    19:09:13.0613 6296 SiSRaid4 - ok
    19:09:13.0676 6296 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:09:13.0691 6296 SkypeUpdate - ok
    19:09:13.0707 6296 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:09:13.0707 6296 Smb - ok
    19:09:13.0754 6296 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:09:13.0754 6296 SNMPTRAP - ok
    19:09:13.0769 6296 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:09:13.0769 6296 spldr - ok
    19:09:13.0785 6296 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    19:09:13.0800 6296 Spooler - ok
    19:09:13.0878 6296 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    19:09:13.0910 6296 sppsvc - ok
    19:09:13.0925 6296 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:09:13.0925 6296 sppuinotify - ok
    19:09:13.0988 6296 [ 1321A6C3C92BBD3F3BBE1292CFF8E91A ] SRTSP C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS
    19:09:14.0003 6296 SRTSP - ok
    19:09:14.0019 6296 [ BD129C22C3B8C2E584227269DFA77B09 ] SRTSPX C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS
    19:09:14.0019 6296 SRTSPX - ok
    19:09:14.0034 6296 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:09:14.0034 6296 srv - ok
    19:09:14.0066 6296 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:09:14.0066 6296 srv2 - ok
    19:09:14.0097 6296 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    19:09:14.0097 6296 SrvHsfHDA - ok
    19:09:14.0144 6296 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    19:09:14.0159 6296 SrvHsfV92 - ok
    19:09:14.0190 6296 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    19:09:14.0190 6296 SrvHsfWinac - ok
    19:09:14.0206 6296 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:09:14.0206 6296 srvnet - ok
    19:09:14.0253 6296 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:09:14.0253 6296 SSDPSRV - ok
    19:09:14.0284 6296 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:09:14.0284 6296 SstpSvc - ok
    19:09:14.0362 6296 [ D30FE3ECF1D6D521365FAE307B500BC0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
    19:09:14.0378 6296 STacSV - ok
    19:09:14.0393 6296 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    19:09:14.0409 6296 stexstor - ok
    19:09:14.0456 6296 [ 6F69D75F50E8FAF1003AA6CFB18B91EC ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    19:09:14.0456 6296 STHDA - ok
    19:09:14.0502 6296 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    19:09:14.0518 6296 stisvc - ok
    19:09:14.0549 6296 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    19:09:14.0549 6296 swenum - ok
    19:09:14.0596 6296 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    19:09:14.0596 6296 swprv - ok
    19:09:14.0612 6296 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS
    19:09:14.0627 6296 SymDS - ok
    19:09:14.0674 6296 [ FE29B18BF86FFCD55D8733C9B01E5042 ] SymEFA C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS
    19:09:14.0690 6296 SymEFA - ok
    19:09:14.0705 6296 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    19:09:14.0705 6296 SymEvent - ok
    19:09:14.0721 6296 [ DD70DA422460FDED831D211DF151D560 ] SymIRON C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS
    19:09:14.0721 6296 SymIRON - ok
    19:09:14.0752 6296 [ BCE4EB2EEF05E388959B46FD21388C2D ] SymNetS C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS
    19:09:14.0752 6296 SymNetS - ok
    19:09:14.0814 6296 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    19:09:14.0830 6296 SynTP - ok
    19:09:14.0892 6296 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    19:09:14.0908 6296 SysMain - ok
    19:09:14.0924 6296 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:09:14.0924 6296 TabletInputService - ok
    19:09:14.0955 6296 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:09:14.0955 6296 TapiSrv - ok
    19:09:14.0986 6296 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    19:09:14.0986 6296 TBS - ok
    19:09:15.0048 6296 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:09:15.0064 6296 Tcpip - ok
    19:09:15.0095 6296 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:09:15.0111 6296 TCPIP6 - ok
    19:09:15.0126 6296 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:09:15.0126 6296 tcpipreg - ok
    19:09:15.0158 6296 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:09:15.0158 6296 TDPIPE - ok
    19:09:15.0173 6296 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:09:15.0173 6296 TDTCP - ok
    19:09:15.0204 6296 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:09:15.0220 6296 tdx - ok
    19:09:15.0236 6296 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    19:09:15.0236 6296 TermDD - ok
    19:09:15.0282 6296 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    19:09:15.0298 6296 TermService - ok
    19:09:15.0314 6296 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    19:09:15.0314 6296 Themes - ok
    19:09:15.0329 6296 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    19:09:15.0345 6296 THREADORDER - ok
    19:09:15.0360 6296 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    19:09:15.0376 6296 TrkWks - ok
    19:09:15.0392 6296 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:09:15.0392 6296 TrustedInstaller - ok
    19:09:15.0407 6296 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:09:15.0407 6296 tssecsrv - ok
    19:09:15.0454 6296 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:09:15.0454 6296 TsUsbFlt - ok
    19:09:15.0470 6296 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    19:09:15.0470 6296 TsUsbGD - ok
    19:09:15.0501 6296 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:09:15.0501 6296 tunnel - ok
    19:09:15.0516 6296 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    19:09:15.0516 6296 uagp35 - ok
    19:09:15.0532 6296 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:09:15.0548 6296 udfs - ok
    19:09:15.0579 6296 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:09:15.0579 6296 UI0Detect - ok
    19:09:15.0594 6296 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:09:15.0594 6296 uliagpkx - ok
    19:09:15.0610 6296 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    19:09:15.0626 6296 umbus - ok
    19:09:15.0626 6296 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    19:09:15.0626 6296 UmPass - ok
    19:09:15.0657 6296 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    19:09:15.0657 6296 upnphost - ok
    19:09:15.0704 6296 [ C85B8247FADD432FA54FE11667C8D97D ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
    19:09:15.0704 6296 usbbus - ok
    19:09:15.0719 6296 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:09:15.0735 6296 usbccgp - ok
    19:09:15.0750 6296 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:09:15.0750 6296 usbcir - ok
    19:09:15.0782 6296 [ D8CDC12F5429878F23DDB3785A0FDF95 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
    19:09:15.0782 6296 UsbDiag - ok
    19:09:15.0813 6296 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    19:09:15.0813 6296 usbehci - ok
    19:09:15.0844 6296 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    19:09:15.0844 6296 usbfilter - ok
    19:09:15.0875 6296 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
    19:09:15.0875 6296 usbhub - ok
    19:09:15.0906 6296 [ 79FA7A22B0F6F0082F640CBC82A00FCE ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
    19:09:15.0906 6296 USBModem - ok
    19:09:15.0922 6296 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    19:09:15.0922 6296 usbohci - ok
    19:09:15.0953 6296 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:09:15.0953 6296 usbprint - ok
    19:09:15.0969 6296 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:09:15.0969 6296 USBSTOR - ok
    19:09:16.0016 6296 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    19:09:16.0016 6296 usbuhci - ok
    19:09:16.0031 6296 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    19:09:16.0031 6296 usbvideo - ok
    19:09:16.0047 6296 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    19:09:16.0062 6296 UxSms - ok
    19:09:16.0078 6296 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    19:09:16.0078 6296 VaultSvc - ok
    19:09:16.0094 6296 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:09:16.0094 6296 vdrvroot - ok
    19:09:16.0109 6296 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    19:09:16.0109 6296 vds - ok
    19:09:16.0140 6296 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:09:16.0140 6296 vga - ok
    19:09:16.0156 6296 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:09:16.0172 6296 VgaSave - ok
    19:09:16.0187 6296 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:09:16.0187 6296 vhdmp - ok
    19:09:16.0203 6296 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:09:16.0218 6296 viaide - ok
    19:09:16.0234 6296 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:09:16.0234 6296 volmgr - ok
    19:09:16.0250 6296 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:09:16.0250 6296 volmgrx - ok
    19:09:16.0281 6296 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:09:16.0281 6296 volsnap - ok
    19:09:16.0296 6296 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    19:09:16.0296 6296 vsmraid - ok
    19:09:16.0359 6296 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    19:09:16.0374 6296 VSS - ok
    19:09:16.0390 6296 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    19:09:16.0390 6296 vwifibus - ok
    19:09:16.0406 6296 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    19:09:16.0406 6296 vwififlt - ok
    19:09:16.0437 6296 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    19:09:16.0437 6296 vwifimp - ok
    19:09:16.0468 6296 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    19:09:16.0468 6296 W32Time - ok
    19:09:16.0499 6296 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    19:09:16.0499 6296 WacomPen - ok
    19:09:16.0530 6296 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:09:16.0530 6296 WANARP - ok
    19:09:16.0530 6296 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:09:16.0530 6296 Wanarpv6 - ok
    19:09:16.0686 6296 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:09:16.0702 6296 WatAdminSvc - ok
    19:09:16.0749 6296 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    19:09:16.0780 6296 wbengine - ok
    19:09:16.0780 6296 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:09:16.0780 6296 WbioSrvc - ok
    19:09:16.0796 6296 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:09:16.0811 6296 wcncsvc - ok
    19:09:16.0827 6296 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:09:16.0827 6296 WcsPlugInService - ok
    19:09:16.0858 6296 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    19:09:16.0858 6296 Wd - ok
    19:09:16.0889 6296 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:09:16.0889 6296 Wdf01000 - ok
    19:09:16.0920 6296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:09:16.0920 6296 WdiServiceHost - ok
    19:09:16.0920 6296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:09:16.0920 6296 WdiSystemHost - ok
    19:09:16.0936 6296 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    19:09:16.0952 6296 WebClient - ok
    19:09:16.0952 6296 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:09:16.0952 6296 Wecsvc - ok
    19:09:16.0967 6296 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:09:16.0967 6296 wercplsupport - ok
    19:09:16.0998 6296 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:09:17.0014 6296 WerSvc - ok
    19:09:17.0045 6296 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:09:17.0045 6296 WfpLwf - ok
    19:09:17.0061 6296 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:09:17.0061 6296 WIMMount - ok
    19:09:17.0076 6296 WinDefend - ok
    19:09:17.0092 6296 WinHttpAutoProxySvc - ok
    19:09:17.0139 6296 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:09:17.0139 6296 Winmgmt - ok
    19:09:17.0201 6296 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    19:09:17.0232 6296 WinRM - ok
    19:09:17.0279 6296 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:09:17.0279 6296 Wlansvc - ok
    19:09:17.0342 6296 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    19:09:17.0342 6296 wlcrasvc - ok
    19:09:17.0420 6296 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:09:17.0435 6296 wlidsvc - ok
    19:09:17.0466 6296 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:09:17.0466 6296 WmiAcpi - ok
    19:09:17.0498 6296 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:09:17.0498 6296 wmiApSrv - ok
    19:09:17.0544 6296 WMPNetworkSvc - ok
    19:09:17.0576 6296 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:09:17.0576 6296 WPCSvc - ok
    19:09:17.0591 6296 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:09:17.0591 6296 WPDBusEnum - ok
    19:09:17.0622 6296 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:09:17.0622 6296 ws2ifsl - ok
    19:09:17.0638 6296 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    19:09:17.0638 6296 wscsvc - ok
    19:09:17.0638 6296 WSearch - ok
    19:09:17.0716 6296 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:09:17.0732 6296 wuauserv - ok
    19:09:17.0747 6296 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:09:17.0747 6296 WudfPf - ok
    19:09:17.0810 6296 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:09:17.0825 6296 WUDFRd - ok
    19:09:17.0841 6296 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:09:17.0841 6296 wudfsvc - ok
    19:09:17.0856 6296 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:09:17.0872 6296 WwanSvc - ok
    19:09:17.0919 6296 [ A5B25E310678175F4779499FFF7D0994 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    19:09:17.0919 6296 ZAtheros Bt&Wlan Coex Agent - ok
    19:09:17.0934 6296 ================ Scan global ===============================
    19:09:17.0950 6296 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    19:09:17.0981 6296 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    19:09:17.0981 6296 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    19:09:17.0997 6296 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    19:09:18.0028 6296 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    19:09:18.0028 6296 [Global] - ok
    19:09:18.0028 6296 ================ Scan MBR ==================================
    19:09:18.0044 6296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:09:18.0293 6296 \Device\Harddisk0\DR0 - ok
    19:09:18.0293 6296 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
    19:09:20.0181 6296 \Device\Harddisk1\DR3 - ok
    19:09:20.0181 6296 ================ Scan VBR ==================================
    19:09:20.0212 6296 [ 76F26BB08C79612F15350010F42BD9BB ] \Device\Harddisk0\DR0\Partition1
    19:09:20.0228 6296 \Device\Harddisk0\DR0\Partition1 - ok
    19:09:20.0228 6296 [ 78C90734F2CBFF533348837148F84667 ] \Device\Harddisk0\DR0\Partition2
    19:09:20.0228 6296 \Device\Harddisk0\DR0\Partition2 - ok
    19:09:20.0259 6296 [ 0AAEE657EF60E8D70E117CBB185A1D96 ] \Device\Harddisk0\DR0\Partition3
    19:09:20.0259 6296 \Device\Harddisk0\DR0\Partition3 - ok
    19:09:20.0274 6296 [ 1B8D8C002B9B392C4060BC23D2F4A0F5 ] \Device\Harddisk0\DR0\Partition4
    19:09:20.0274 6296 \Device\Harddisk0\DR0\Partition4 - ok
    19:09:20.0274 6296 [ 5715B29F32140C31B8979EBDD744C298 ] \Device\Harddisk1\DR3\Partition1
    19:09:20.0274 6296 \Device\Harddisk1\DR3\Partition1 - ok
    19:09:20.0274 6296 ============================================================
    19:09:20.0274 6296 Scan finished
    19:09:20.0274 6296 ============================================================
    19:09:20.0290 1688 Detected object count: 0
    19:09:20.0290 1688 Actual detected object count: 0
  10. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Malwarebytes Anti-Rootkit BETA 1.01.0.1020
    www.malwarebytes.org

    Database version: v2013.02.04.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Randy :: HP-RANDY [administrator]

    2/20/2013 7:31:33 PM
    mbar-log-2013-02-20 (19-31-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 29215
    Time elapsed: 15 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    System-Log\

    Malwarebytes Anti-Rootkit BETA 1.01.0.1020

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.695000 GHz
    Memory total: 3734364160, free: 1705144320

    ------------ Kernel report ------------
    02/20/2013 19:14:09
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amd_sata.sys
    \SystemRoot\system32\drivers\storport.sys
    \SystemRoot\system32\drivers\amd_xata.sys
    \SystemRoot\system32\drivers\amdsata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\system32\drivers\hpdskflt.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\amdkmpfd.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\drivers\amdppm.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\amdxhc.sys
    \SystemRoot\system32\drivers\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\drivers\usbohci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\RtsP2Stor.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\drivers\Accelerometer.sys
    \SystemRoot\system32\drivers\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\clwvd.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\amdiox64.sys
    \SystemRoot\system32\drivers\btath_bus.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\drivers\amdhub30.sys
    \SystemRoot\system32\drivers\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\btfilter.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\drivers\btath_rcp.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\drivers\btath_avdt.sys
    \SystemRoot\system32\drivers\btath_a2dp.sys
    \SystemRoot\system32\drivers\btath_hcrp.sys
    \SystemRoot\system32\DRIVERS\btath_flt.sys
    \SystemRoot\system32\DRIVERS\btath_lwflt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \SystemRoot\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS
    \SystemRoot\system32\drivers\NISx64\1301000.01C\ccSetx64.sys
    \SystemRoot\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    \SystemRoot\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS
    \SystemRoot\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS
    \SystemRoot\system32\drivers\NISx64\1301000.01C\Ironx64.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    \SystemRoot\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\EX64.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\ENG64.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSvia64.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\imm32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\usp10.dll
    \Windows\System32\psapi.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\sechost.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xfffffa800be7d060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000ae\
    Lower Device Object: 0xfffffa800960ea30
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80043a2260
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000068\
    Lower Device Object: 0xfffffa8004327060
    Lower Device Driver Name: \Driver\amd_sata\
    Driver name found: amd_sata
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
    Load Function returned 0x0
    No address found
    No address found
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80043a2260, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80043a3040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80043a2260, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80043a2b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
    DevicePointer: 0xfffffa800432b040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa8004327060, DeviceName: \Device\00000068\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00e23aaf0, 0xfffffa80043a2260, 0xfffffa800a8c8790
    Lower DeviceData: 0xfffff8a00e8bf6f0, 0xfffffa8004327060, 0xfffffa800ad82460
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 915B52F3

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 933869568

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 934279168 Numsec = 42280960

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128 Numsec = 210944

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa800be7d060, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80041de8d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800be7d060, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800960ea30, DeviceName: \Device\000000ae\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0292ea140, 0xfffffa800be7d060, 0xfffffa800a2ba790
    Lower DeviceData: 0xfffff8a02b353a60, 0xfffffa800960ea30, 0xfffffa800852dd60
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C3072E18

    Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 16208 Numsec = 31389616
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 16079781888 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
  11. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    I didn't ask for TDSSKiller but RogueKiller.
     
  12. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Getting old is a pain. I'm using a usb between computers, and copied the wrong program. sorry.

    here is the log:

    RogueKiller V8.5.1 [Feb 21 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Randy [Admin rights]
    Mode : Remove -- Date : 02/21/2013 16:48:56
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : Z1 (cmd /c "C:\Users\Randy\Desktop\RRR Virus 2-19-2013\mbar-1.01.0.1020\mbar\mbar.exe" /cleanup /s) [7] -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
    --- User ---
    [MBR] 77fa1d858a8c63e6b064e2d9215b3df4
    [BSP] b9ef7629f0ffd11443ea4d917c936735 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 455991 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 934279168 | Size: 20645 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
    --- User ---
    [MBR] de79b0a6ba136ca530d3978bc047a5be
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 16208 | Size: 15326 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_02212013_02d1648.txt >>
    RKreport[1]_S_02212013_02d1636.txt ; RKreport[2]_D_02212013_02d1648.txt

    Drive: Q, that I renamed Bad disk, is still there. Seeing I ran the wrong program, should I run the MBAR again?
  13. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Tell me about it...lol

    No need to re-run MBAR.

    =======================

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  14. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Without uninstalling the norton on his machine, I shut down everything I could:

    ComboFix 13-02-21.02 - Randy 02/21/2013 17:46:54.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.1508 [GMT -8:00]
    Running from: c:\users\Randy\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-22 01:57 . 2013-02-22 01:57--------d-----w-c:\users\Default\AppData\Local\temp
    2013-02-20 18:02 . 2013-02-20 18:02--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-02-20 18:02 . 2012-12-15 00:4924176----a-w-c:\windows\system32\drivers\mbam.sys
    2013-02-14 16:09 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 16:09 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 23:28 . 2013-02-13 23:28--------d-----r-C:\MSOCache
    2013-02-13 19:54 . 2013-01-04 03:263153408----a-w-c:\windows\system32\win32k.sys
    2013-02-13 19:54 . 2013-01-05 05:535553512----a-w-c:\windows\system32\ntoskrnl.exe
    2013-02-13 19:54 . 2013-01-05 05:003967848----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 19:54 . 2013-01-05 05:003913064----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 19:54 . 2013-01-04 05:46215040----a-w-c:\windows\system32\winsrv.dll
    2013-02-13 19:54 . 2013-01-04 04:515120----a-w-c:\windows\SysWow64\wow32.dll
    2013-02-13 19:54 . 2013-01-04 02:4725600----a-w-c:\windows\SysWow64\setup16.exe
    2013-02-13 19:54 . 2013-01-04 02:477680----a-w-c:\windows\SysWow64\instnm.exe
    2013-02-13 19:54 . 2013-01-04 02:472048----a-w-c:\windows\SysWow64\user.exe
    2013-02-13 19:54 . 2013-01-04 02:4714336----a-w-c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 19:54 . 2013-01-03 06:001913192----a-w-c:\windows\system32\drivers\tcpip.sys
    2013-02-13 19:54 . 2013-01-03 06:00288088----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-09 20:31 . 2013-02-09 20:3115739760----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-02-05 21:05 . 2013-02-05 21:05--------d-----w-c:\program files (x86)\MSECache
    2013-02-02 06:22 . 2013-02-02 06:22--------d-----w-c:\users\Randy\AppData\Roaming\IDT
    2013-02-02 05:43 . 2013-02-07 00:29--------d-----w-C:\Jaguar Service Manuals
    2013-02-02 05:23 . 2012-08-24 18:09458712----a-w-c:\windows\system32\drivers\cng.sys
    2013-02-02 05:23 . 2012-08-24 18:05340992----a-w-c:\windows\system32\schannel.dll
    2013-02-02 05:23 . 2012-08-24 16:57247808----a-w-c:\windows\SysWow64\schannel.dll
    2013-02-02 05:23 . 2012-08-24 18:13154480----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2013-02-02 05:23 . 2012-08-24 18:031448448----a-w-c:\windows\system32\lsasrv.dll
    2013-02-02 05:23 . 2012-08-24 16:5722016----a-w-c:\windows\SysWow64\secur32.dll
    2013-02-02 05:23 . 2012-08-24 16:5396768----a-w-c:\windows\SysWow64\sspicli.dll
    2013-02-02 05:23 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
    2013-02-02 05:23 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
    2013-02-02 04:07 . 2013-02-02 04:07--------d-----w-c:\programdata\Xerox
    2013-02-01 20:49 . 2013-02-01 20:49--------d-----w-c:\users\Randy\AppData\Roaming\Malwarebytes
    2013-02-01 20:48 . 2013-02-01 20:48--------d-----w-c:\programdata\Malwarebytes
    2013-02-01 20:48 . 2013-02-01 20:48--------d-----w-c:\users\Randy\AppData\Local\Programs
    2013-02-01 20:47 . 2013-02-01 20:47--------d-----w-C:\Data RRR
    2013-02-01 06:02 . 2013-02-01 20:38--------d-----w-c:\program files\Google
    2013-02-01 06:00 . 2012-10-30 23:50285328----a-w-c:\windows\system32\aswBoot.exe
    2013-02-01 06:00 . 2013-02-01 20:38--------d-----w-c:\programdata\AVAST Software
    2013-02-01 06:00 . 2013-02-01 06:00--------d-----w-c:\program files\AVAST Software
    2013-02-01 05:08 . 2013-02-01 05:08--------d-----r-C:\ESD
    2013-01-28 21:42 . 2013-02-20 18:55--------d-----w-c:\programdata\Yahoo!
    2013-01-28 21:42 . 2013-01-28 21:43--------d-----w-c:\programdata\Yahoo! Companion
    2013-01-28 21:42 . 2013-01-28 21:42--------d-----w-c:\users\Randy\AppData\Roaming\Yahoo!
    2013-01-28 21:42 . 2013-02-20 18:55--------d-----w-c:\program files (x86)\Yahoo!
    2013-01-28 21:04 . 2013-01-28 21:04--------d-----w-c:\users\Randy\AppData\Roaming\Xerox
    2013-01-28 21:03 . 2009-07-17 14:0641472----a-w-c:\windows\system32\Spool\prtprocs\x64\Xrpp_b.dll
    2013-01-28 21:03 . 2009-07-17 14:0612288----a-w-c:\windows\system32\Spool\prtprocs\x64\Xrprt_b.dll
    2013-01-28 18:00 . 2013-01-28 18:00--------d-----w-c:\users\Randy\AppData\Roaming\hewlett-packard
    2013-01-28 18:00 . 2013-01-28 18:00--------d-----w-c:\users\Randy\AppData\Local\Hewlett-Packard_Company
    2013-01-23 06:20 . 2013-01-23 06:20737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-01-23 06:20 . 2013-01-23 06:202876528----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-01-23 06:20 . 2013-01-23 06:2042776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-01-23 06:20 . 2013-01-23 06:20539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-14 16:34 . 2012-03-01 19:0171024----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-14 16:34 . 2012-03-01 19:01691568----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-20 03:49 . 2013-01-20 03:4998304----a-w-c:\users\Randy\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
    2013-01-20 03:49 . 2013-01-20 03:4924576----a-w-c:\users\Randy\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
    2013-01-20 03:49 . 2013-01-20 03:491347584----a-w-c:\users\Randy\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
    2013-01-04 04:43 . 2013-02-13 19:5444032----a-w-c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-21 07:5446080----a-w-c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 07:54367616----a-w-c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 07:54295424----a-w-c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 07:5434304----a-w-c:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20 . 2013-01-09 17:24441856----a-w-c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 17:242746368----a-w-c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 17:24308736----a-w-c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 17:242576384----a-w-c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 17:2430720----a-w-c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 17:2443520----a-w-c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 17:2423552----a-w-c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 17:2445568----a-w-c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 17:2444544----a-w-c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 17:2420480----a-w-c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 17:2420480----a-w-c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 17:2420480----a-w-c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 17:2446592----a-w-c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 17:2440960----a-w-c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 17:2421504----a-w-c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 17:2415360----a-w-c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 17:2455296----a-w-c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 17:2451712----a-w-c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 17:2443520----a-w-c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 17:2430720----a-w-c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 17:2445568----a-w-c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 17:2444544----a-w-c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 17:2423552----a-w-c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 17:2420480----a-w-c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 17:2420480----a-w-c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 17:2446592----a-w-c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 17:2420480----a-w-c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 17:2421504----a-w-c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 17:2440960----a-w-c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 17:2415360----a-w-c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 17:2455296----a-w-c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 17:2451712----a-w-c:\windows\SysWow64\esrb.rs
    2012-11-30 05:45 . 2013-01-09 17:23362496----a-w-c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 17:23243200----a-w-c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 17:2313312----a-w-c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 17:2316384----a-w-c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 17:23424448----a-w-c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 17:231161216----a-w-c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 17:236144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:234608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:234608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:234096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:234096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233584---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233584---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:235120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:234096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:234096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 17:233072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-09 17:23274944----a-w-c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 17:234608---ha-w-c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:234096---ha-w-c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:234096---ha-w-c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:234096---ha-w-c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:234096---ha-w-c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233584---ha-w-c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233584---ha-w-c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233584---ha-w-c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233584---ha-w-c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233584---ha-w-c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233584---ha-w-c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:234096---ha-w-c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:235120---ha-w-c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 17:233072---ha-w-c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BYR_AGENT"="c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-12-10 392320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-10 630912]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-11-30 576568]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-14 103992]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-15 512360]
    "Z1"="f:\rrr virus 2-19-2013\mbar-1.01.0.1020\mbar\mbar.exe" [2013-02-05 1363528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-12 193616]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2012-01-19 51872]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys [2012-01-19 36128]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-20 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-12-13 82048]
    S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-12-13 42624]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys [2012-02-02 31872]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-10 235520]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-10 361984]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-01-19 106144]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-11-23 227896]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-11-30 34872]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-01-19 158880]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-10-26 102528]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-10-26 219776]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-01-19 36000]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-12 240208]
    S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-01-19 339616]
    S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-01-19 110752]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2012-01-19 30368]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2012-01-19 167584]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-01-19 68256]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2012-01-19 280992]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-01-19 550560]
    S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [2011-08-08 167048]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-06 138912]
    S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-14 1098296]
    S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSvia64.sys [2012-12-05 513184]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-09-21 258664]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [2011-07-25 451192]
    S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [2011-07-28 1084536]
    S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [2011-07-25 189560]
    S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [2011-07-25 401016]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-14 56448]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 13400773
    *Deregistered* - 13400773
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-02 04:011607120----a-w-c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-01 16:34]
    .
    2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 04:56]
    .
    2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 04:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-01-19 1016992]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-01-19 800416]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=32
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    TCP: DhcpNameServer = 192.168.1.5
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-21 18:23:21
    ComboFix-quarantined-files.txt 2013-02-22 02:23
    .
    Pre-Run: 425,669,754,880 bytes free
    Post-Run: 425,650,634,752 bytes free
    .
    - - End Of File - - 56FEAF70C586DCF2C2EFBA96981011B2
  15. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Looks good.

    Any current issues?

    ==============================

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  16. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    I'll run these tonight and tomorrow morning. the Q drive still shows on windows explorer, but not in Services/disk management. when I tried to delete it, it says "insufficient permissions". I'm logged in as the administrator.

    under advenced security settings, Q\ Unable to display current owner. I tried to format it, but couldn't.

    I think this was set up by the program as a clone drive to push out emails.

    I'll post the other things later.

    As always, Thank you for your help. Do you think I can follow the same directions on our 2003 Server? The program put something on that drive (raid) also.
  17. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    There is not too many tools for servers but we can try to take a look. In a separate topic though.
  18. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    OK, in order.
    # AdwCleaner v2.112 - Logfile created 02/22/2013 at 10:21:48
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Randy - HP-RANDY
    # Boot Mode : Normal
    # Running from : F:\RRR Virus 2-19-2013\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1842 octets] - [22/02/2013 10:20:56]
    AdwCleaner[S1].txt - [1641 octets] - [22/02/2013 10:21:48]

    ########## EOF - C:\AdwCleaner[S1].txt - [1701 octets] ##########

    JRT:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.5 (02.18.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Randy on Fri 02/22/2013 at 10:39:12.41
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 02/22/2013 at 10:48:27.20
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    OTL on next.
  19. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    OTL Log:

    OTL logfile created on: 2/22/2013 2:28:11 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = F:\RRR Virus 2-19-2013
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.48 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 60.63% Memory free
    6.95 Gb Paging File | 5.36 Gb Available in Paging File | 77.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 445.30 Gb Total Space | 396.01 Gb Free Space | 88.93% Space Free | Partition Type: NTFS
    Drive D: | 20.16 Gb Total Space | 2.19 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
    Drive F: | 14.95 Gb Total Space | 14.90 Gb Free Space | 99.62% Space Free | Partition Type: FAT32

    Computer Name: HP-RRR | User Name: Randy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/22 14:12:10 | 000,116,480 | ---- | M] (Yahoo! Inc.) -- C:\Users\Randy\AppData\Local\Temp\~nsu.tmp\Au_.exe
    PRC - [2013/02/22 14:08:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\RRR Virus 2-19-2013\OTL (1).exe
    PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
    PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
    PRC - [2012/01/19 12:40:32 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2011/11/29 18:20:24 | 000,576,568 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2011/11/29 18:20:24 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/11/28 14:08:00 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/11/22 19:43:36 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    PRC - [2011/08/26 14:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/08/10 04:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/02/10 13:54:58 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/02/10 00:00:36 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2012/01/04 00:37:16 | 000,311,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/05/13 12:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/02/14 08:34:34 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/01/19 12:40:32 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
    SRV - [2012/01/19 12:22:08 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011/11/29 18:20:24 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/11/22 19:43:36 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/09/13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/08/10 04:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
    SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/06/26 02:01:36 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/03/02 16:03:00 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2012/03/02 16:03:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2012/03/02 16:03:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2012/03/01 10:44:02 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/03/01 10:44:02 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/10 16:26:24 | 010,825,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/02/10 12:54:38 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/02/02 00:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
    DRV:64bit: - [2012/01/19 12:32:02 | 000,036,128 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\leath_hid.sys -- (lehidmini)
    DRV:64bit: - [2012/01/19 12:31:32 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2012/01/19 12:30:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2012/01/19 12:30:32 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2012/01/19 12:30:02 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2012/01/19 12:29:44 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2012/01/19 12:29:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2012/01/19 12:29:14 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2012/01/19 12:29:02 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2012/01/19 12:28:32 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
    DRV:64bit: - [2012/01/14 04:05:54 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2012/01/10 20:38:28 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2012/01/04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/12/13 04:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/12/13 04:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2011/12/06 03:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/10/26 11:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
    DRV:64bit: - [2011/10/26 11:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
    DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/21 15:33:50 | 000,258,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
    DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/08/08 07:38:06 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\ccSetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2011/08/02 10:22:10 | 000,729,720 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/08/02 10:22:10 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2011/07/28 11:20:02 | 001,084,536 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2011/07/25 10:18:40 | 000,401,016 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/07/25 10:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2011/07/25 10:15:52 | 000,189,560 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2011/05/13 12:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 12:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/07/28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 12:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2013/02/08 08:50:20 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\ex64.sys -- (NAVEX15)
    DRV - [2013/02/08 08:50:20 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\eng64.sys -- (NAVENG)
    DRV - [2013/01/15 18:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/12/05 17:16:04 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/12/05 17:16:04 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/12/04 16:27:16 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\..\SearchScopes\{0D277F83-CB7D-4E30-918B-75AD420BE535}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    IE - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/02/22 14:12:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/02/22 14:11:58 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Google Drive = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Norton Identity Protection = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\
    CHR - Extension: Gmail = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2783097096-289569773-1546617986-1001..\Run: [BYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/sto...sPage&SiteID=hpappli&Locale=en_US&keywords=%w
    O7 - HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797FC918-2A02-4A5F-9F81-CC4932956EA0}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/22 10:39:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/02/22 10:39:02 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/22 10:23:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/02/21 18:23:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/02/21 17:45:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/02/21 17:45:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/02/21 17:45:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/02/21 17:27:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/21 17:27:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/02/21 17:27:15 | 005,034,671 | R--- | C] (Swearware) -- C:\Users\Randy\Desktop\ComboFix.exe
    [2013/02/21 16:34:13 | 000,000,000 | ---D | C] -- C:\Users\Randy\Desktop\RK_Quarantine
    [2013/02/20 19:08:33 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Randy\Desktop\tdsskiller.exe
    [2013/02/20 10:01:16 | 000,000,000 | ---D | C] -- C:\Users\Randy\Desktop\RRR Virus 2-19-2013
    [2013/02/13 15:28:34 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2013/02/05 13:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
    [2013/02/01 22:22:57 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\IDT
    [2013/02/01 21:43:14 | 000,000,000 | ---D | C] -- C:\Jaguar Service Manuals
    [2013/02/01 20:26:30 | 000,000,000 | ---D | C] -- C:\Users\Randy\Documents\RRR Personal
    [2013/02/01 20:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
    [2013/02/01 19:54:20 | 000,000,000 | ---D | C] -- C:\Users\Randy\Documents\Doterra
    [2013/02/01 12:49:06 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Malwarebytes
    [2013/02/01 12:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/02/01 12:48:30 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\Programs
    [2013/02/01 12:47:10 | 000,000,000 | ---D | C] -- C:\Data RRR
    [2013/01/31 22:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2013/01/31 22:00:59 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2013/01/31 22:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/01/31 22:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/01/31 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Randy\Desktop\Virus Scanning
    [2013/01/31 21:08:22 | 000,000,000 | R--D | C] -- C:\ESD
    [2013/01/28 13:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2013/01/28 13:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2013/01/28 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Yahoo!
    [2013/01/28 13:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
    [2013/01/28 13:04:33 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Xerox
    [2013/01/28 12:49:47 | 000,000,000 | ---D | C] -- C:\Users\Randy\Documents\JAGUAR
    [2013/01/28 10:00:45 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\hewlett-packard
    [2013/01/28 10:00:44 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\Hewlett-Packard_Company

    ========== Files - Modified Within 30 Days ==========

    [2013/02/22 14:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/22 14:27:16 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/22 14:27:16 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/22 14:27:16 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/22 14:14:54 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/22 14:14:54 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/22 14:09:34 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/22 14:09:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/22 14:08:56 | 2800,771,072 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/22 14:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/21 17:07:34 | 005,034,671 | R--- | M] (Swearware) -- C:\Users\Randy\Desktop\ComboFix.exe
    [2013/02/20 17:51:04 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Randy\Desktop\tdsskiller.exe
    [2013/02/14 08:30:51 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/01 21:58:37 | 000,001,312 | ---- | M] () -- C:\Users\Randy\Desktop\Jaguar Service Manuals.lnk
    [2013/01/31 22:00:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/01/31 21:43:38 | 000,001,396 | ---- | M] () -- C:\Users\Randy\Desktop\Install Windows.lnk
    [2013/01/29 15:15:13 | 000,264,026 | ---- | M] () -- C:\Users\Randy\On_Guard_Throat_Drops_Flyer.pdf
    [2013/01/28 12:47:51 | 000,824,800 | ---- | M] () -- C:\Users\Randy\Documents\TEST2BETTY.xps
    [2013/01/28 12:46:15 | 000,824,793 | ---- | M] () -- C:\Users\Randy\Documents\TEST BETTY.xps
    [2013/01/26 11:50:14 | 000,077,473 | ---- | M] () -- C:\Users\Randy\safelink free phone.pdf

    ========== Files Created - No Company Name ==========

    [2013/02/21 17:45:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/02/21 17:45:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/02/21 17:45:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/02/21 17:45:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/02/21 17:45:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/02/20 19:11:10 | 000,001,304 | ---- | C] () -- C:\Users\Randy\Desktop\Notepad.lnk
    [2013/02/05 13:06:43 | 000,002,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
    [2013/02/01 21:46:42 | 000,001,312 | ---- | C] () -- C:\Users\Randy\Desktop\Jaguar Service Manuals.lnk
    [2013/01/31 22:00:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2013/01/31 21:43:38 | 000,001,396 | ---- | C] () -- C:\Users\Randy\Desktop\Install Windows.lnk
    [2013/01/29 15:15:13 | 000,264,026 | ---- | C] () -- C:\Users\Randy\On_Guard_Throat_Drops_Flyer.pdf
    [2013/01/28 12:47:50 | 000,824,800 | ---- | C] () -- C:\Users\Randy\Documents\TEST2BETTY.xps
    [2013/01/28 12:46:13 | 000,824,793 | ---- | C] () -- C:\Users\Randy\Documents\TEST BETTY.xps
    [2013/01/26 11:50:14 | 000,077,473 | ---- | C] () -- C:\Users\Randy\safelink free phone.pdf
    [2013/01/19 21:23:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
    [2013/01/19 19:57:32 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2012/11/23 11:40:47 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/26 01:55:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/02/10 13:11:50 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/10 13:11:50 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/02/10 00:24:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/12/13 20:44:10 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2011/09/13 06:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/09/06 11:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/02/01 22:22:57 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\IDT
    [2013/02/14 00:04:39 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\SoftGrid Client
    [2012/11/15 14:44:21 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Synaptics
    [2012/11/23 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\TP
    [2013/01/07 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\WildTangent
    [2013/01/28 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Xerox

    ========== Purity Check ==========



    < End of report >
  20. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Extras Log:

    OTL Extras logfile created on: 2/22/2013 2:28:11 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = F:\RRR Virus 2-19-2013
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.48 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 60.63% Memory free
    6.95 Gb Paging File | 5.36 Gb Available in Paging File | 77.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 445.30 Gb Total Space | 396.01 Gb Free Space | 88.93% Space Free | Partition Type: NTFS
    Drive D: | 20.16 Gb Total Space | 2.19 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
    Drive F: | 14.95 Gb Total Space | 14.90 Gb Free Space | 99.62% Space Free | Partition Type: FAT32

    Computer Name: HP-RRR | User Name: Randy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05D46443-C45D-438A-8ED9-9C7892CC716D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{2D32032C-A5E3-4442-8CA5-392A6DF90B78}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2DCE0E36-0528-4F77-AB4D-C484F14AB238}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{30D59425-4DF7-41BC-8006-58F17EA2A076}" = lport=139 | protocol=6 | dir=in | app=system |
    "{31BD7FD5-28E0-4425-A19B-E694D323F63A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{341ECB0F-9934-4BF8-B11A-DAD7E8748946}" = rport=139 | protocol=6 | dir=out | app=system |
    "{3DE9CB85-07C8-4F98-BEA2-0B44E3BA2001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5D8B1E52-AF88-42C0-9CD9-3227BD7454D6}" = rport=138 | protocol=17 | dir=out | app=system |
    "{684D2926-5B50-4E58-BB44-9C76DF024FE4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{7083832B-0B64-452E-9E8D-9E38C04A3C71}" = lport=138 | protocol=17 | dir=in | app=system |
    "{735B6C77-91C6-4036-ACB5-3BEE3D2E36DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{75DCED21-EB8B-4B80-9DF8-51B4860B97B0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7AFCF529-3AA0-41B8-B2F4-9AF22CC85380}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7B6E522A-EE48-4344-BC57-AF24FC4BC553}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{86E4DE2F-3543-41B5-A7F2-BAC6ABEFA60D}" = rport=137 | protocol=17 | dir=out | app=system |
    "{8CFC0CAB-A02A-403D-8E37-6156D4EF7EC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8DC6FDFA-0F03-4919-B651-A4B6D05044DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A7821114-8DE2-4F09-B69C-C392E05A4460}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{B567742D-F8D1-4649-B7F9-1357D6FA1F5B}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C8260EC6-5BD5-4545-9772-26A055E7E098}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DB753BD2-F3DA-4C4C-8AC0-B409163DEC21}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{E7D3BC18-AE36-4612-8C46-1E3C162D618F}" = rport=445 | protocol=6 | dir=out | app=system |
    "{ECA3530F-C050-44CC-AFBE-EA9113C147AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FC730BC3-8E94-49F2-B914-6034FD76AA37}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0633A37F-91DD-42CC-A258-84437B13D1B8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1A00933A-B1B9-4BDF-8307-A0D90F15D779}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{1AACB29B-570C-477C-AF1D-B81BAFB9944B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{30D6D0D6-77A1-4B1C-AEBD-466ADD19B9B5}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{34A8B042-ABCA-4B99-BE14-C8671B0DD5F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{35BA0674-E39A-4417-AF10-54BCC65CA018}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
    "{3D323497-F9E9-473B-BC80-943327F1B982}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4238F65D-36B6-4008-9298-69E3AD9B5DDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5C081EA7-9B73-4FA4-BD33-07DDFF1144E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{87BE97FE-464E-4E9D-BB34-54B3E7B05471}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{88376E9E-8626-4414-A6EF-9F26E00CFD4D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8938D908-EC37-4ABD-8A9B-D293DCE36293}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
    "{B65365D3-29BF-4082-A526-8D18585581C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{BC044067-C729-458A-9310-FFD69C4F4EE0}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{C15B81B7-12B3-4F2D-9C2B-FAD579E6CE42}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
    "{D55DA543-0D91-4038-BF5B-12B193E92B7C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{DC872797-1ED2-4174-A2E7-5E93095CCBD1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E4F9478C-3A76-4891-B64C-1E2CC7D3E4C0}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{E747C88D-9B4C-4840-94B0-801E22CEBEC3}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
    "{F0E32BF7-25E9-4FFE-A333-53DCD29A0096}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F193B83B-2AAF-4677-9F72-35A6898499A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F6DD6DE9-6BE6-4857-95E4-4694D1ABBEA3}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{FEF41E5D-E4BF-4774-9957-1D2E8D398C78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{289D263F-1526-945B-1E0D-7E51196337E4}" = ccc-utility64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
    "{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D1400EC-5703-3983-53B7-AEFB8BFD1CFA}" = AMD Catalyst Install Manager
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B1A6285F-C31A-4482-8EA0-9445E4C1DCEA}" = HP 3D DriveGuard
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F8E65951-694F-5F50-21C2-391B46B26653}" = AMD Accelerated Video Transcoding
    "{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}" = HP Security Assistant
    "{FEDED942-6D32-06D6-CBE4-02A95758B9E5}" = AMD Fuel
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{026573E8-3808-A622-54E7-41B0D01CC689}" = CCC Help Swedish
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C592E07-485F-B1C0-43C7-214B3782689E}" = CCC Help Czech
    "{0CF102B7-1BD1-868D-7ED6-FF6618615113}" = Catalyst Control Center InstallProxy
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{12F9E5E4-4C6A-8C07-03E9-1C4D8606C7CF}" = CCC Help Italian
    "{16652164-D80F-4EE6-90C6-2E8D5D06092A}" = HP Documentation
    "{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2691AB48-CB65-1326-6B16-C65F2D193498}" = CCC Help Russian
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{31BF9CD1-A904-43B5-A236-53E5E908AD0E}" = Catalyst Control Center - Branding
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
    "{3686BD56-4111-A355-F79B-8351DF00FFD0}" = Catalyst Control Center Graphics Previews Common
    "{36F19B06-7C5F-F7F0-4B03-C041F9AD0B81}" = CCC Help Hungarian
    "{36F55AE9-7C13-2DFD-2A16-13E9B1B591AD}" = CCC Help Turkish
    "{393BD31B-4806-2F8C-BFE3-CD3D832B1A07}" = CCC Help German
    "{3E2D6F53-FE1E-9685-3147-FE7D6CD241B3}" = CCC Help Greek
    "{43287DB3-9A3D-9113-F9EC-E3E2EA83FAD8}" = CCC Help Chinese Standard
    "{43837ADC-5558-9855-2258-C57DFE06473D}" = CCC Help Thai
    "{46A14B00-8CA7-66CA-773B-78255D9C09E4}" = CCC Help Finnish
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{550A8BE3-02DA-9A06-F7F7-782E0B7E16BC}" = CCC Help Danish
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59343305-C394-8581-67E9-192E52936174}" = CCC Help Korean
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6CFB80D8-0084-2AA0-5B10-CB528127B3D0}" = CCC Help Norwegian
    "{6DE80866-EF92-47C1-80F5-1EA83B7A0AA2}" = HP Software Framework
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74A8E1BE-D438-4C35-ABFF-3A1EAF17526E}" = Blio
    "{768A6276-5822-489C-8A2B-67190F745655}" = ESU for Microsoft Windows 7 SP1
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{97C9CD02-4F58-59DC-53E5-AB9B171CB537}" = CCC Help English
    "{98A80C9A-4362-2AEE-B547-6C2E47E8887E}" = CCC Help Polish
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A287F545-5139-0235-DCE8-D7598B2D312C}" = Catalyst Control Center Localization All
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B1475566-FA49-179A-86B3-C0C9E7122EA2}" = CCC Help French
    "{B409B895-940B-A184-478B-5FB129501060}" = AMD VISION Engine Control Center
    "{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}" = HP Connection Manager
    "{B99494A5-4B47-3923-9350-316B6A12EAAD}" = CCC Help Japanese
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C61FCEC2-3ED4-496E-B4B4-1CED423824B9}" = HP Quick Launch
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D29FEDBA-417D-4F74-81D5-4F5916215348}" = LG Verizon United Drivers
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7C45E0E-8963-DFD3-D35F-A4135BDC628E}" = CCC Help Chinese Traditional
    "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
    "{DA028428-3A16-D9CE-61AB-6422DFC40918}" = CCC Help Spanish
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE6BB53E-E91A-6F17-E518-BC4425AA9039}" = CCC Help Dutch
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E9ED3FC6-8813-61B6-97FB-F09F296A224F}" = CCC Help Portuguese
    "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "NIS" = Norton Internet Security
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "WildTangent hp Master Uninstall" = HP Games
    "WinALDL" = WinALDL
    "WinLiveSuite" = Windows Live Essentials
    "WTA-2a842c71-71a3-44a2-b51e-ebd478cd05b0" = Final Drive Fury
    "WTA-315f9377-2448-4432-be62-a4daf9ebce51" = Chuzzle Deluxe
    "WTA-3831c862-a731-47bd-a901-42ab6d60128e" = RollerCoaster Tycoon 3: Platinum
    "WTA-38d9aeca-7341-4273-aa69-08ad7effb055" = Blackhawk Striker 2
    "WTA-3cc3969f-f39f-4902-bc8a-3cbcfc9859bf" = Penguins!
    "WTA-4b79f137-96cb-4a65-a4d0-fdff70fa01ac" = Jewel Match 3
    "WTA-4d0cb297-86a6-4f98-b76f-73db06249604" = FATE
    "WTA-5322d311-53ad-4645-bbe9-a1969c8dd6ce" = Polar Bowler
    "WTA-55f7c99b-f8aa-4190-823c-13598194422e" = John Deere Drive Green
    "WTA-56955c04-8d40-4d79-b5bf-16877305c153" = Letters from Nowhere 2
    "WTA-5f70fc28-c9bf-43e0-b975-811bcc9a80f2" = Farm Frenzy
    "WTA-67de12a6-7aed-4087-aaf7-6ddfe8b33fc2" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    "WTA-98e4d6a7-c7d3-4531-80c8-13993d969345" = Dora's World Adventure
    "WTA-a4035c0e-33b8-4495-912b-6f9ddf2d763b" = Luxor HD
    "WTA-b006f34d-1b7e-44a1-9b86-f94550bcda0a" = Zuma's Revenge
    "WTA-b671e4d0-0bcc-4a76-8d33-53b64bb15c54" = Virtual Villagers 4 - The Tree of Life
    "WTA-c3bff5da-fa45-4182-a696-24b37b1dd101" = The Treasures of Mystery Island: The Ghost Ship
    "WTA-d3ca098f-eb9c-48ae-8ab7-1099303857ad" = Bejeweled 3
    "WTA-d564c9aa-6d51-47c4-86d2-042c0842905f" = Hoyle Card Games
    "WTA-d6e2f27b-eec7-4bdf-a080-41d46c880018" = Plants vs. Zombies - Game of the Year
    "WTA-da490889-8a17-4a44-8044-2a104594460f" = Poker Superstars III
    "WTA-e3a32780-24bd-4b68-9500-954010ff61fc" = Torchlight
    "WTA-e92dcafc-6b30-4dec-a712-65093a2cc10f" = Cradle of Rome 2
    "WTA-ef1ea45a-06f8-449a-8d06-5178a5c226d5" = Farmscapes
    "WTA-f1963df3-782e-4dc1-bd9b-617b4c468518" = Mah Jong Medley
    "WTA-fef1475e-8b4d-4947-9a66-365ab8002190" = Polar Golfer
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/22/2013 6:09:42 PM | Computer Name = HP-RRR | Source = WinMgmt | ID = 10
    Description =

    Error - 2/22/2013 6:19:44 PM | Computer Name = HP-RRR | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: The server name or address could not be resolved

    [ HP Connection Manager Events ]
    Error - 2/14/2013 12:25:22 PM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/14 08:25:22.287|000008C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 2/14/2013 12:26:22 PM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/14 08:26:22.285|000008C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 2/14/2013 12:27:22 PM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/14 08:27:22.282|000008C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 2/15/2013 4:08:17 AM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/15 00:08:17.927|00001B70|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 2/15/2013 4:08:29 AM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/15 00:08:29.967|00001B70|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 2/16/2013 4:22:11 AM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/16 00:22:11.190|0000109C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 2/17/2013 3:49:57 AM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/16 23:49:57.824|00000C2C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 2/18/2013 3:17:37 AM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/17 23:17:37.929|00000810|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 2/22/2013 3:37:11 PM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/22 11:37:11.738|00001458|Error |CWLANInternal::UpdateState|_wlanNative.get_State
    failed [hr:0x80004005]

    Error - 2/22/2013 6:08:23 PM | Computer Name = HP-Randy | Source = hpCMSrv | ID = 5
    Description = 2013/02/22 14:08:23.881|00001478|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    [ System Events ]
    Error - 2/22/2013 3:24:36 PM | Computer Name = HP-Randy | Source = DCOM | ID = 10010
    Description =

    Error - 2/22/2013 3:49:40 PM | Computer Name = HP-Randy | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 10.10.115.92. The computer with the IP address 10.10.112.202 did
    not allow the name to be claimed by this computer.


    < End of report >
  21. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    b2cnotiagent.exe
    sure seems suspicious, although the Korean alphebet explaination of the Product owner "B2C NotiAgent MFC 응용 프로그램" simply says Application (응용) program (프로그램), the last little bit is just pu ro cu ram the english written in the Korean Alphebet. Maybe not so bad, but no reason to boot every time the computer is booted.

    (I can still read and write Korean 45 years after serving as a peace corps volunteer there, amazing seeing how difficult it is for me to remember the name of a scanning program in the few seconds it takes me to unplug the usb drive from one computer, and put it in another computer. )
  22. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [] File not found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  23. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    I'm posting this otl log, it doesn't seem right.

    It seems like the computer rebooted too fast in the OTL process.

    Is it OK?
  24. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Files\Folders moved on Reboot...
    C:\Users\Randy\AppData\Local\Temp\CVHLauncher(20130222170211ED0).log moved successfully.
    C:\Users\Randy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  25. glhglh

    glhglh TS Maniac Topic Starter Posts: 438

    Checkup:

    Results of screen317's Security Check version 0.99.59
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    Google Chrome 24.0.1312.56
    Google Chrome 24.0.1312.57
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    SecurityCheck.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 20-02-2013
    Ran by Randy (administrator) on 22-02-2013 at 17:52:48
    Running from "F:\RRR Virus 2-19-2013"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
    There is no connection to network.
    Attempt to access Google IP returned error.
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error.
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    I'm having a problem getting it back on our network. So I need to to that before eset.
    \


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.