TechSpot

Help if any suspicion from HJT, Gmer logs remain! Suggestions welcomed.

By cpufox
May 27, 2012
  1. Background: This Win7 system was prior infected with VERY bad Rootkit, which I'm listing below, but the MBR / disks were completely recreated, restored with WHSv1.
    This system HAD the MBR rootkit (BADLY INFECTED), worked wth N360 over several days - finally gave up trying to clean; Destroyed MBR, Disks and Restored!

    The original Indications from N360 / MSE boh were extensive, so tenacious and with shared single passwords for many online services, I was suspecting "keylogger" as well, possible ID theft, and am vulnerable there due to unencypted files on the system compromised before the restore. This "may" not relate now since MBR, Disks restored to 2 months prior, but N360 was showing Trojan.FakeAV, Downloader, Downloader.Dromedan, Downloader.Dromedan!gen1, strangely while MSE was catching Worm:Win32/Gamarue.F, TrojanDownloader:Win32/Dofoil.O

    Worst part about it was they were all in large synced Windows Live mail caches on multiple computers! I removed from all Win7 the Live products, but have one box online hotmail left with years of past stored emails, and have not gone back to it for more selectively deleting, but the worst mail name I've totally deleted.

    Again, these tenacious monsters hopefully don't remain anywhere now, scanning regularly last few weeks with all "sorts" of tools. Offline Linux AVG boot cd, Norton's NPE, NBRT and MSE full scans. Avast on the Macs, but I do have several computers (PC and Mac) on the network. I have N360 and 3, MSE on others; found with NPE possible rootkit, on another, showed as rikvm_C6F09094.sys, but it was likely dormant. Nothing "active" showing there either (N360, MSE and ASC5), regular runs of AMB.

    Since the restore, minor nuisances, OneNote and GoogleTalk popping up randomly, but at this time I have no reason to suspect the MBR Worms/Rootkit I listed above,
    however I am VERY paranoid now, and don't ever want that again ... as you can imagine.

    IF ANY reason to worry from BELOW for this Win7 System, I would appreciate, besides active N360, MSE any Other suggestions on FULL scanning, on 2nd system Kaspersky Removal Tool and NPE have found some other worms/trojans ... other tracking cookies (Minor) have "removed" them.

    With this system, I am investigating below, again, I restored a while back. It has a C: SSD boot, but Linked folders, and "many" programs on Drive D, so GMER 2nd scan was with both drives, offline, deleting almost all processes in memory with TaskMgr.

    -MyName- global replace on my username witch is my FirstInitialLastname (hope that's ok)

    Note: AMB just cleaned PUP found below, and I reboot running GMER offline with pretty Clean cleared memory of most all processes

    [HJT log removed by Broni]

    +++

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.27.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    -MyName- :: BLAZE [administrator]

    5/27/2012 9:55:16 AM
    mbam-log-2012-05-27 (09-55-16).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 395621
    Time elapsed: 40 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    D:\-MyName-.\Downloads\7zip_setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

    (end)


    +++ Let MBAM remove above PUP and immediately rebooted, then ran GMER in memory, offline (no network), after "killing" Ending almost ALL processes I dared!!

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-05-27 14:42:48
    Windows 6.1.7601 Service Pack 1
    Running: efitx8zv.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\402cf40fa37b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\402cf40fa37b@002248e0ff5d 0xEA 0xFF 0x1A 0xCD ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf40fa37b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf40fa37b@002248e0ff5d 0x6D 0x59 0x43 0x2F ...
    Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\402cf40fa37b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\402cf40fa37b@002248e0ff5d 0x6D 0x59 0x43 0x2F ...

    ---- EOF - GMER 1.0.15 ----

    +++
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    Problems running DDS.scr on "desktop". Went offline, started once, #### across screen, but no Notepad popup. Ended up running two more times, with N360 and MSE real time protection turned OFF, but still no Popup log.... it looks like it starts (Dos screen clears, waited 10 min, but no popup Log to continue.

    Please advise.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ===================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  5. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`0c5bc000

    Size Device Name MBR Status
    --------------------------------------------
    119 GB \\.\PhysicalDrive1 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...

    +++ ugh - Running aswMBR Scan after avast vd download
     
  6. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-27 23:39:24
    -----------------------------
    23:39:24.911 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:39:24.911 Number of processors: 8 586 0x2A07
    23:39:24.913 ComputerName: BLAZE UserName:
    23:39:26.380 Initialize success
    23:40:15.136 AVAST engine defs: 12052800
    23:40:45.211 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:40:45.215 Disk 0 Vendor: Hitachi_ JF4O Size: 715404MB BusType: 3
    23:40:45.220 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    23:40:45.223 Disk 1 Vendor: SAMSUNG_ AXM1 Size: 122104MB BusType: 3
    23:40:45.229 Disk 1 MBR read successfully
    23:40:45.234 Disk 1 MBR scan
    23:40:45.241 Disk 1 Windows 7 default MBR code
    23:40:45.248 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 191 MB offset 2048
    23:40:45.292 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 121903 MB offset 404960
    23:40:45.376 Disk 1 scanning C:\Windows\system32\drivers
    23:40:59.740 Service scanning
    23:41:39.451 Modules scanning
    23:41:39.463 Disk 1 trace - called modules:
    23:41:39.801 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys hpdskflt.sys vsflt58.sys iaStor.sys hal.dll
    23:41:39.809 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009ac9060]
    23:41:39.816 3 CLASSPNP.SYS[fffff88001d3443f] -> nt!IofCallDriver -> [0xfffffa8009931b10]
    23:41:39.822 5 hpdskflt.sys[fffff880021f3189] -> nt!IofCallDriver -> [0xfffffa800992ca60]
    23:41:39.829 7 vsflt58.sys[fffff88000f830ed] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007f22050]
    23:41:40.547 AVAST engine scan C:\Windows
    23:41:42.542 AVAST engine scan C:\Windows\system32
    23:46:08.864 AVAST engine scan C:\Windows\system32\drivers
    23:46:31.847 AVAST engine scan C:\Users\jwestover
    23:50:43.750 AVAST engine scan C:\ProgramData
    23:57:10.820 Scan finished successfully
    23:57:28.137 Disk 1 MBR has been saved successfully to "D:\JWestover\Desktop\MBR.dat"
    23:57:28.224 The log file has been saved successfully to "D:\JWestover\Desktop\aswMBR.txt"
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  8. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    Larger than 50,000 chars, uploaded first scan, skip, Continue, REPORT record
     

    Attached Files:

  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please observe forum rules.
    Split the log between couple of replies.
     
  10. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    Larger than 50,000 chars, uploaded first scan, skip, Continue, REPORT record
    Seperated output here

    17:37:00.0991 4360TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
    17:37:01.0868 4360============================================================
    17:37:01.0868 4360Current date / time: 2012/05/28 17:37:01.0868
    17:37:01.0868 4360SystemInfo:
    17:37:01.0868 4360
    17:37:01.0869 4360OS Version: 6.1.7601 ServicePack: 1.0
    17:37:01.0869 4360Product type: Workstation
    17:37:01.0869 4360ComputerName: BLAZE
    17:37:01.0869 4360UserName: jwestover
    17:37:01.0869 4360Windows directory: C:\Windows
    17:37:01.0869 4360System windows directory: C:\Windows
    17:37:01.0869 4360Running under WOW64
    17:37:01.0869 4360Processor architecture: Intel x64
    17:37:01.0869 4360Number of processors: 8
    17:37:01.0869 4360Page size: 0x1000
    17:37:01.0869 4360Boot type: Normal boot
    17:37:01.0869 4360============================================================
    17:37:02.0140 4360Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:37:02.0141 4360Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:37:02.0148 4360============================================================
    17:37:02.0148 4360\Device\Harddisk0\DR0:
    17:37:02.0149 4360MBR partitions:
    17:37:02.0149 4360\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
    17:37:02.0149 4360\Device\Harddisk1\DR1:
    17:37:02.0149 4360MBR partitions:
    17:37:02.0149 4360\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5F800
    17:37:02.0149 4360\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x62DE0, BlocksNum 0xEE179F0
    17:37:02.0149 4360============================================================
    17:37:02.0152 4360C: <-> \Device\Harddisk1\DR1\Partition1
    17:37:02.0164 4360D: <-> \Device\Harddisk0\DR0\Partition0
    17:37:02.0164 4360============================================================
    17:37:02.0164 4360Initialize success
    17:37:02.0164 4360============================================================
    17:37:12.0233 6728============================================================
    17:37:12.0233 6728Scan started
    17:37:12.0233 6728Mode: Manual; SigCheck; TDLFS;
    17:37:12.0233 6728============================================================
    17:37:12.0372 67281394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:37:12.0422 67281394ohci - ok
    17:37:12.0431 6728AbsoluteNotifier (28d79aaa4e1c15577a86f930e8da5e50) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    17:37:12.0447 6728AbsoluteNotifier - ok
    17:37:12.0468 6728ac.sharedstore (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    17:37:12.0487 6728ac.sharedstore - ok
    17:37:12.0495 6728Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
    17:37:12.0523 6728Accelerometer - ok
    17:37:12.0540 6728ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:37:12.0563 6728ACPI - ok
    17:37:12.0566 6728AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:37:12.0593 6728AcpiPmi - ok
    17:37:12.0642 6728AcrSch2Svc (aed55f3c4524f26729bd655117f8d57c) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    17:37:12.0698 6728AcrSch2Svc - ok
    17:37:12.0717 6728AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    17:37:12.0759 6728AdobeActiveFileMonitor9.0 - ok
    17:37:12.0766 6728AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:37:12.0786 6728AdobeARMservice - ok
    17:37:12.0849 6728AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:37:12.0908 6728AdobeFlashPlayerUpdateSvc - ok
    17:37:12.0982 6728adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    17:37:13.0002 6728adp94xx - ok
    17:37:13.0018 6728adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    17:37:13.0034 6728adpahci - ok
    17:37:13.0045 6728adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    17:37:13.0060 6728adpu320 - ok
    17:37:13.0067 6728AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:37:13.0142 6728AeLookupSvc - ok
    17:37:13.0159 6728AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
    17:37:13.0207 6728AESTFilters - ok
    17:37:13.0227 6728afcdp (b794dd8acc5cc76177156463dab4bebb) C:\Windows\system32\DRIVERS\afcdp.sys
    17:37:13.0249 6728afcdp - ok
    17:37:13.0383 6728afcdpsrv (cbc0f24d76afd692d909cd7125bbd7c4) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    17:37:13.0472 6728afcdpsrv - ok
    17:37:13.0551 6728AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:37:13.0574 6728AFD - ok
    17:37:13.0580 6728agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:37:13.0593 6728agp440 - ok
    17:37:13.0599 6728ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:37:13.0622 6728ALG - ok
    17:37:13.0625 6728aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:37:13.0638 6728aliide - ok
    17:37:13.0650 6728AMD External Events Utility (6807d94e8148771263308521e8cade5e) C:\Windows\system32\atiesrxx.exe
    17:37:13.0720 6728AMD External Events Utility - ok
    17:37:13.0725 6728amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:37:13.0736 6728amdide - ok
    17:37:13.0742 6728AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:37:13.0757 6728AmdK8 - ok
    17:37:14.0145 6728amdkmdag (f784f9bf32e708c71a63220e89a58496) C:\Windows\system32\DRIVERS\atikmdag.sys
    17:37:14.0245 6728amdkmdag - ok
    17:37:14.0314 6728amdkmdap (43fd45c0dfe0a0ff2b8be0d4ac165e18) C:\Windows\system32\DRIVERS\atikmpag.sys
    17:37:14.0336 6728amdkmdap - ok
    17:37:14.0341 6728AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    17:37:14.0357 6728AmdPPM - ok
    17:37:14.0364 6728amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:37:14.0377 6728amdsata - ok
    17:37:14.0392 6728amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    17:37:14.0406 6728amdsbs - ok
    17:37:14.0410 6728amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:37:14.0422 6728amdxata - ok
    17:37:14.0436 6728AMPPAL (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\AMPPAL.sys
    17:37:14.0457 6728AMPPAL - ok
    17:37:14.0460 6728AMPPALP (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\amppal.sys
    17:37:14.0478 6728AMPPALP - ok
    17:37:14.0515 6728AMPPALR3 (fb70f8c1283c8cc6bfaa6f9971107e68) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    17:37:17.0917 6728AMPPALR3 - ok
    17:37:17.0924 6728AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:37:17.0956 6728AppID - ok
    17:37:17.0960 6728AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:37:17.0996 6728AppIDSvc - ok
    17:37:18.0003 6728Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:37:18.0040 6728Appinfo - ok
    17:37:18.0054 6728Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:37:18.0088 6728Apple Mobile Device - ok
    17:37:18.0099 6728AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    17:37:18.0126 6728AppMgmt - ok
    17:37:18.0132 6728arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    17:37:18.0145 6728arc - ok
    17:37:18.0152 6728arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    17:37:18.0165 6728arcsas - ok
    17:37:18.0185 6728arXfrSvc (9149ec69acd3efc97b01d5a1baeb3b57) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
    17:37:18.0201 6728arXfrSvc - ok
    17:37:18.0223 6728aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    17:37:18.0238 6728aspnet_state - ok
    17:37:18.0242 6728AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:37:18.0272 6728AsyncMac - ok
    17:37:18.0276 6728atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:37:18.0288 6728atapi - ok
    17:37:18.0317 6728AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:37:18.0359 6728AudioEndpointBuilder - ok
    17:37:18.0363 6728AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:37:18.0404 6728AudioSrv - ok
    17:37:18.0412 6728AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:37:18.0450 6728AxInstSV - ok
    17:37:18.0476 6728b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    17:37:18.0496 6728b06bdrv - ok
    17:37:18.0510 6728b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:37:18.0529 6728b57nd60a - ok
    17:37:18.0537 6728BackupReader (a8a70d355ebe700798cf53764507d621) C:\Windows\system32\DRIVERS\BackupReader.sys
    17:37:18.0549 6728BackupReader - ok
    17:37:18.0566 6728BBSvc (c68ef736cb6e92e885b9a085536b8c6f) C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe
    17:37:18.0600 6728BBSvc - ok
    17:37:18.0616 6728BBUpdate (d4b0ee780cf3c1918a8ff65865d3b91f) C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe
    17:37:18.0664 6728BBUpdate - ok
    17:37:18.0717 6728BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    17:37:18.0754 6728BCM43XX - ok
    17:37:18.0804 6728BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:37:18.0828 6728BDESVC - ok
    17:37:18.0843 6728Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:37:18.0872 6728Beep - ok
    17:37:18.0902 6728BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    17:37:18.0945 6728BFE - ok
    17:37:19.0000 6728BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120517.001\BHDrvx64.sys
    17:37:19.0027 6728BHDrvx64 - ok
    17:37:19.0038 6728BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    17:37:19.0070 6728BingDesktopUpdate - ok
    17:37:19.0159 6728BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    17:37:19.0202 6728BITS - ok
    17:37:19.0217 6728blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    17:37:19.0232 6728blbdrive - ok
    17:37:19.0253 6728Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    17:37:19.0292 6728Bonjour Service - ok
    17:37:19.0301 6728bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:37:19.0318 6728bowser - ok
    17:37:19.0321 6728BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    17:37:19.0338 6728BrFiltLo - ok
    17:37:19.0341 6728BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    17:37:19.0356 6728BrFiltUp - ok
    17:37:19.0365 6728BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    17:37:19.0396 6728BridgeMP - ok
    17:37:19.0405 6728Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:37:19.0443 6728Browser - ok
    17:37:19.0456 6728Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:37:19.0478 6728Brserid - ok
    17:37:19.0482 6728BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:37:19.0499 6728BrSerWdm - ok
    17:37:19.0502 6728BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:37:19.0518 6728BrUsbMdm - ok
    17:37:19.0521 6728BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:37:19.0536 6728BrUsbSer - ok
    17:37:19.0541 6728BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    17:37:19.0556 6728BthEnum - ok
    17:37:19.0563 6728BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    17:37:19.0580 6728BTHMODEM - ok
    17:37:19.0590 6728BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    17:37:19.0607 6728BthPan - ok
    17:37:19.0632 6728BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
    17:37:19.0654 6728BTHPORT - ok
    17:37:19.0661 6728bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:37:19.0701 6728bthserv - ok
    17:37:19.0712 6728BTHSSecurityMgr (fa2d081709a764f6bee16b7ffe03e36c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    17:37:19.0728 6728BTHSSecurityMgr - ok
    17:37:19.0734 6728BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
    17:37:19.0750 6728BTHUSB - ok
    17:37:19.0777 6728btwampfl (93f0e54c65ef7fcb56287fa685e4c4b7) C:\Windows\system32\drivers\btwampfl.sys
    17:37:19.0798 6728btwampfl - ok
    17:37:19.0808 6728btwaudio (d1f3c58892c621935947c0261baef3c0) C:\Windows\system32\drivers\btwaudio.sys
    17:37:19.0824 6728btwaudio - ok
    17:37:19.0836 6728btwavdt (9c7a3858d87f3a2574c1d326ca6c1461) C:\Windows\system32\DRIVERS\btwavdt.sys
    17:37:19.0853 6728btwavdt - ok
    17:37:19.0898 6728btwdins (ce6ad9e2874d19069569f03c819b558c) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    17:37:19.0986 6728btwdins - ok
    17:37:20.0055 6728btwl2cap (b1acfd00cdd13b48d86f46bfec153bf9) C:\Windows\system32\DRIVERS\btwl2cap.sys
    17:37:20.0067 6728btwl2cap - ok
    17:37:20.0072 6728btwrchid (bb892c59d453e127797f8c5b203678dc) C:\Windows\system32\DRIVERS\btwrchid.sys
    17:37:20.0084 6728btwrchid - ok
    17:37:20.0098 6728catchme - ok
    17:37:20.0112 6728ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
    17:37:20.0129 6728ccSet_N360 - ok
    17:37:20.0137 6728cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:37:20.0169 6728cdfs - ok
    17:37:20.0179 6728cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:37:20.0196 6728cdrom - ok
    17:37:20.0202 6728CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:37:20.0243 6728CertPropSvc - ok
    17:37:20.0248 6728circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    17:37:20.0265 6728circlass - ok
    17:37:20.0283 6728CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:37:20.0303 6728CLFS - ok
    17:37:20.0407 6728CLKMSVC10_B5212065 (524dc3807cb1746225f9d26add19c319) D:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10\NavFilter\kmsvc.exe
    17:37:20.0463 6728CLKMSVC10_B5212065 - ok
    17:37:20.0478 6728clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:37:20.0499 6728clr_optimization_v2.0.50727_32 - ok
    17:37:20.0512 6728clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:37:20.0527 6728clr_optimization_v2.0.50727_64 - ok
    17:37:20.0548 6728clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:37:20.0563 6728clr_optimization_v4.0.30319_32 - ok
    17:37:20.0584 6728clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:37:20.0600 6728clr_optimization_v4.0.30319_64 - ok
    17:37:20.0614 6728clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
    17:37:20.0629 6728clwvd - ok
    17:37:20.0633 6728CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    17:37:20.0647 6728CmBatt - ok
    17:37:20.0652 6728cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:37:20.0663 6728cmdide - ok
    17:37:20.0684 6728CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    17:37:20.0710 6728CNG - ok
    17:37:20.0714 6728Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    17:37:20.0726 6728Compbatt - ok
    17:37:20.0731 6728CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:37:20.0747 6728CompositeBus - ok
    17:37:20.0750 6728COMSysApp - ok
    17:37:20.0754 6728crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    17:37:20.0766 6728crcdisk - ok
    17:37:20.0777 6728CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    17:37:20.0814 6728CryptSvc - ok
    17:37:20.0840 6728CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    17:37:20.0862 6728CSC - ok
    17:37:20.0890 6728CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    17:37:20.0918 6728CscService - ok
    17:37:20.0942 6728DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:37:20.0986 6728DcomLaunch - ok
    17:37:20.0999 6728defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:37:21.0039 6728defragsvc - ok
    17:37:21.0055 6728DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:37:21.0086 6728DfsC - ok
    17:37:21.0104 6728Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:37:21.0143 6728Dhcp - ok
    17:37:21.0148 6728discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:37:21.0178 6728discache - ok
    17:37:21.0183 6728Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    17:37:21.0198 6728Disk - ok
    17:37:21.0203 6728dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
    17:37:21.0220 6728dmvsc - ok
    17:37:21.0230 6728Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:37:21.0256 6728Dnscache - ok
    17:37:21.0267 6728dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:37:21.0309 6728dot3svc - ok
    17:37:21.0317 6728Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    17:37:21.0335 6728Dot4 - ok
    17:37:21.0339 6728Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    17:37:21.0354 6728Dot4Print - ok
    17:37:21.0360 6728dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    17:37:21.0376 6728dot4usb - ok
    17:37:21.0385 6728DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:37:21.0421 6728DPS - ok
    17:37:21.0425 6728drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:37:21.0441 6728drmkaud - ok
    17:37:21.0480 6728DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:37:21.0508 6728DXGKrnl - ok
    17:37:21.0517 6728EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:37:21.0556 6728EapHost - ok
    17:37:21.0681 6728ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    17:37:21.0721 6728ebdrv - ok
    17:37:21.0747 6728eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    17:37:21.0771 6728eeCtrl - ok
    17:37:21.0818 6728EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    17:37:21.0837 6728EFS - ok
    17:37:21.0866 6728ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:37:21.0906 6728ehRecvr - ok
    17:37:21.0913 6728ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:37:21.0940 6728ehSched - ok
    17:37:21.0953 6728ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    17:37:21.0967 6728ElbyCDIO - ok
    17:37:21.0989 6728elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    17:37:22.0008 6728elxstor - ok
    17:37:22.0021 6728EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    17:37:22.0037 6728EraserUtilRebootDrv - ok
    17:37:22.0040 6728ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:37:22.0054 6728ErrDev - ok
    17:37:22.0065 6728esClient (94b3c06dcf580695eba5304f3c750256) C:\Program Files\Windows Home Server\esClient.exe
    17:37:22.0089 6728esClient - ok
    17:37:22.0110 6728EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:37:22.0152 6728EventSystem - ok
    17:37:22.0185 6728EvtEng (23d401a43daded10a153b9f3a7e66c91) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    17:37:22.0208 6728EvtEng - ok
    17:37:22.0227 6728exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:37:22.0260 6728exfat - ok
    17:37:22.0272 6728fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:37:22.0306 6728fastfat - ok
    17:37:22.0335 6728Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:37:22.0378 6728Fax - ok
    17:37:22.0383 6728fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    17:37:22.0398 6728fdc - ok
    17:37:22.0401 6728fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:37:22.0437 6728fdPHost - ok
    17:37:22.0442 6728FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:37:22.0478 6728FDResPub - ok
    17:37:22.0483 6728FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:37:22.0497 6728FileInfo - ok
    17:37:22.0501 6728Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:37:22.0531 6728Filetrace - ok
    17:37:22.0536 6728flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    17:37:22.0550 6728flpydisk - ok
    17:37:22.0568 6728FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:37:22.0587 6728FltMgr - ok
    17:37:22.0596 6728fltsrv (b8afe7a30d34c0e9fdba81632294547c) C:\Windows\system32\DRIVERS\fltsrv.sys
    17:37:22.0612 6728fltsrv - ok
    17:37:22.0657 6728FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    17:37:22.0693 6728FontCache - ok
    17:37:22.0702 6728FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:37:22.0715 6728FontCache3.0.0.0 - ok
    17:37:22.0730 6728FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:37:22.0743 6728FsDepends - ok
    17:37:22.0746 6728Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    17:37:22.0759 6728Fs_Rec - ok
    17:37:22.0771 6728fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:37:22.0789 6728fvevol - ok
    17:37:22.0795 6728gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    17:37:22.0809 6728gagp30kx - ok
    17:37:22.0814 6728GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:37:22.0826 6728GEARAspiWDM - ok
    17:37:23.0077 6728GJService (31b9b4005253b64f0684ba55d3ff1d81) D:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
    17:37:23.0639 6728GJService ( UnsignedFile.Multi.Generic ) - warning
    17:37:23.0639 6728GJService - detected UnsignedFile.Multi.Generic (1)
    17:37:23.0673 6728gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:37:23.0717 6728gpsvc - ok
    17:37:23.0729 6728gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:37:23.0758 6728gupdate - ok
    17:37:23.0761 6728gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:37:23.0789 6728gupdatem - ok
    17:37:23.0800 6728gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    17:37:23.0830 6728gusvc - ok
    17:37:23.0837 6728hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
    17:37:23.0850 6728hcmon - ok
    17:37:23.0854 6728hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:37:23.0871 6728hcw85cir - ok
    17:37:23.0889 6728HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:37:23.0910 6728HdAudAddService - ok
    17:37:23.0921 6728HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    17:37:23.0939 6728HDAudBus - ok
    17:37:23.0943 6728HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    17:37:23.0958 6728HidBatt - ok
    17:37:23.0967 6728HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:37:23.0984 6728HidBth - ok
    17:37:23.0990 6728HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    17:37:24.0005 6728HidIr - ok
    17:37:24.0010 6728hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    17:37:24.0047 6728hidserv - ok
    17:37:24.0051 6728HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:37:24.0065 6728HidUsb - ok
    17:37:24.0072 6728hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:37:24.0113 6728hkmsvc - ok
    17:37:24.0126 6728HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:37:24.0153 6728HomeGroupListener - ok
    17:37:24.0162 6728HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:37:24.0186 6728HomeGroupProvider - ok
    17:37:24.0197 6728HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    17:37:24.0214 6728HP Support Assistant Service - ok
    17:37:24.0218 6728hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
    17:37:24.0231 6728hpdskflt - ok
    17:37:24.0237 6728HPMSSConnectorSvc (4092496c2e1b1438665b086548512b13) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
    17:37:24.0251 6728HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - warning
    17:37:24.0251 6728HPMSSConnectorSvc - detected UnsignedFile.Multi.Generic (1)
    17:37:24.0293 6728hpqwmiex (e7c7829ba0395e48f8c8fe16b8832344) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    17:37:24.0514 6728hpqwmiex - ok
    17:37:24.0523 6728HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:37:24.0536 6728HpSAMD - ok
    17:37:24.0601 6728HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    17:37:24.0642 6728HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
    17:37:24.0642 6728HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
    17:37:24.0647 6728hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
    17:37:24.0666 6728hpsrv - ok
    17:37:24.0673 6728HPWMISVC (2bec76bdcd1bc080210325e7b5094834) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    17:37:24.0697 6728HPWMISVC - ok
    17:37:24.0739 6728HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:37:24.0779 6728HTTP - ok
    17:37:24.0782 6728hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:37:24.0794 6728hwpolicy - ok
    17:37:24.0804 6728i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:37:24.0819 6728i8042prt - ok
    17:37:24.0841 6728iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
    17:37:24.0862 6728iaStor - ok
    17:37:24.0870 6728IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    17:37:24.0884 6728IAStorDataMgrSvc - ok
    17:37:24.0903 6728iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:37:24.0922 6728iaStorV - ok
    17:37:24.0961 6728idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:37:24.0987 6728idsvc - ok
    17:37:25.0017 6728IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120525.001\IDSvia64.sys
    17:37:25.0039 6728IDSVia64 - ok
    17:37:25.0095 6728iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    17:37:25.0107 6728iirsp - ok
    17:37:25.0146 6728IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:37:25.0193 6728IKEEXT - ok
    17:37:25.0200 6728intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
    17:37:25.0213 6728intaud_WaveExtensible - ok
    17:37:25.0227 6728IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:37:25.0246 6728IntcDAud - ok
    17:37:25.0250 6728intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:37:25.0262 6728intelide - ok
    17:37:25.0717 6728intelkmd (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
    17:37:25.0833 6728intelkmd - ok
    17:37:25.0892 6728intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:37:25.0908 6728intelppm - ok
    17:37:25.0916 6728IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:37:25.0956 6728IPBusEnum - ok
    17:37:25.0962 6728IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:37:25.0994 6728IpFilterDriver - ok
    17:37:26.0018 6728iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    17:37:26.0062 6728iphlpsvc - ok
    17:37:26.0068 6728IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:37:26.0084 6728IPMIDRV - ok
    17:37:26.0092 6728IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:37:26.0126 6728IPNAT - ok
    17:37:26.0164 6728iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
    17:37:26.0215 6728iPod Service - ok
    17:37:26.0218 6728IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:37:26.0235 6728IRENUM - ok
    17:37:26.0239 6728isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:37:26.0251 6728isapnp - ok
    17:37:26.0265 6728iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:37:26.0283 6728iScsiPrt - ok
    17:37:26.0287 6728iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
    17:37:26.0299 6728iwdbus - ok
    17:37:26.0305 6728kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:37:26.0318 6728kbdclass - ok
    17:37:26.0322 6728kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:37:26.0338 6728kbdhid - ok
    17:37:26.0342 6728KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:37:26.0360 6728KeyIso - ok
    17:37:26.0366 6728KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    17:37:26.0381 6728KSecDD - ok
    17:37:26.0391 6728KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:37:26.0408 6728KSecPkg - ok
    17:37:26.0412 6728ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:37:26.0444 6728ksthunk - ok
    17:37:26.0463 6728KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:37:26.0504 6728KtmRm - ok
    17:37:26.0511 6728L1C (045fb70bc993b691517ce309045ff02d) C:\Windows\system32\DRIVERS\L1C62x64.sys
    17:37:26.0525 6728L1C - ok
    17:37:26.0538 6728LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    17:37:26.0579 6728LanmanServer - ok
    17:37:26.0587 6728LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:37:26.0626 6728LanmanWorkstation - ok
    17:37:26.0632 6728lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:37:26.0663 6728lltdio - ok
    17:37:26.0678 6728lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:37:26.0718 6728lltdsvc - ok
    17:37:26.0721 6728lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:37:26.0757 6728lmhosts - ok
    17:37:26.0783 6728LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    17:37:26.0817 6728LMIGuardianSvc - ok
    17:37:26.0820 6728LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
    17:37:26.0832 6728LMIInfo - ok
    17:37:26.0843 6728LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    17:37:26.0914 6728LMIMaint - ok
    17:37:26.0923 6728lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
    17:37:26.0936 6728lmimirr - ok
    17:37:26.0938 6728LMIRfsClientNP - ok
    17:37:26.0944 6728LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
    17:37:26.0958 6728LMIRfsDriver - ok
    17:37:26.0974 6728LMS (af7090488db99607d5aadea6298acc54) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    17:37:27.0027 6728LMS - ok
    17:37:27.0045 6728LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    17:37:27.0081 6728LogMeIn - ok
    17:37:27.0090 6728LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    17:37:27.0103 6728LSI_FC - ok
    17:37:27.0110 6728LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    17:37:27.0123 6728LSI_SAS - ok
    17:37:27.0129 6728LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    17:37:27.0142 6728LSI_SAS2 - ok
    17:37:27.0149 6728LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    17:37:27.0163 6728LSI_SCSI - ok
    17:37:27.0171 6728luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:37:27.0205 6728luafv - ok
    17:37:27.0210 6728Maplom (f2ae2c6b72f272ae696e22d6a9f1dafc) C:\Windows\system32\drivers\Maplom.sys
    17:37:27.0224 6728Maplom - ok
    17:37:27.0229 6728MaplomL (405460f392de8311c1fcc65da77ed4ab) C:\Windows\system32\drivers\MaplomL.sys
    17:37:27.0243 6728MaplomL - ok
    17:37:27.0250 6728Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:37:27.0273 6728Mcx2Svc - ok
    17:37:27.0282 6728MediaCollectorService (75e31d760ff9a57da66cb2e336c40316) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
    17:37:27.0297 6728MediaCollectorService ( UnsignedFile.Multi.Generic ) - warning
    17:37:27.0297 6728MediaCollectorService - detected UnsignedFile.Multi.Generic (1)
    17:37:27.0302 6728megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    17:37:27.0314 6728megasas - ok
    17:37:27.0329 6728MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    17:37:27.0348 6728MegaSR - ok
    17:37:27.0354 6728MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    17:37:27.0367 6728MEIx64 - ok
    17:37:27.0424 6728Microsoft SharePoint Workspace Audit Service - ok
    17:37:27.0434 6728MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:37:27.0471 6728MMCSS - ok
    17:37:27.0476 6728Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:37:27.0506 6728Modem - ok
    17:37:27.0510 6728monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:37:27.0527 6728monitor - ok
    17:37:27.0532 6728mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:37:27.0545 6728mouclass - ok
    17:37:27.0549 6728mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:37:27.0564 6728mouhid - ok
    17:37:27.0573 6728mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:37:27.0587 6728mountmgr - ok
    17:37:27.0601 6728MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    17:37:27.0619 6728MpFilter - ok
    17:37:27.0632 6728mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:37:27.0646 6728mpio - ok
    17:37:27.0653 6728mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:37:27.0684 6728mpsdrv - ok
    17:37:27.0720 6728MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    17:37:27.0766 6728MpsSvc - ok
    17:37:27.0775 6728MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:37:27.0794 6728MRxDAV - ok
    17:37:27.0805 6728mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:37:27.0823 6728mrxsmb - ok
    17:37:27.0841 6728mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:37:27.0858 6728mrxsmb10 - ok
    17:37:27.0866 6728mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:37:27.0883 6728mrxsmb20 - ok
    17:37:27.0887 6728msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:37:27.0899 6728msahci - ok
    17:37:27.0911 6728msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:37:27.0925 6728msdsm - ok
    17:37:27.0935 6728MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:37:27.0957 6728MSDTC - ok
    17:37:27.0964 6728Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:37:27.0993 6728Msfs - ok
    17:37:27.0996 6728mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:37:28.0025 6728mshidkmdf - ok
    17:37:28.0028 6728msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:37:28.0039 6728msisadrv - ok
    17:37:28.0052 6728MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:37:28.0091 6728MSiSCSI - ok
    17:37:28.0093 6728msiserver - ok
    17:37:28.0097 6728MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:37:28.0127 6728MSKSSRV - ok
    17:37:28.0134 6728MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    17:37:28.0147 6728MsMpSvc - ok
    17:37:28.0150 6728MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:37:28.0180 6728MSPCLOCK - ok
    17:37:28.0184 6728MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:37:28.0214 6728MSPQM - ok
    17:37:28.0229 6728MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:37:28.0248 6728MsRPC - ok
    17:37:28.0253 6728mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:37:28.0266 6728mssmbios - ok
    17:37:28.0270 6728MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:37:28.0299 6728MSTEE - ok
    17:37:28.0303 6728MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    17:37:28.0316 6728MTConfig - ok
    17:37:28.0322 6728Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:37:28.0335 6728Mup - ok
    17:37:28.0351 6728MyWiFiDHCPDNS (48c9ba25eda90e3db07adac8cd32f5f3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    17:37:28.0392 6728MyWiFiDHCPDNS - ok
    17:37:28.0411 6728N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
    17:37:28.0448 6728N360 - ok
    17:37:28.0471 6728napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    17:37:28.0511 6728napagent - ok
    17:37:28.0529 6728NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:37:28.0552 6728NativeWifiP - ok
    17:37:28.0568 6728NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120528.002\ENG64.SYS
    17:37:28.0581 6728NAVENG - ok
    17:37:28.0666 6728NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120528.002\EX64.SYS
    17:37:28.0702 6728NAVEX15 - ok
     
  11. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    You can erase last 2 posts, here's 2nd half

    17:37:28.0793 6728NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    17:37:28.0823 6728NDIS - ok
    17:37:28.0827 6728NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:37:28.0858 6728NdisCap - ok
    17:37:28.0862 6728NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:37:28.0892 6728NdisTapi - ok
    17:37:28.0897 6728Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:37:28.0929 6728Ndisuio - ok
    17:37:28.0936 6728NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:37:28.0972 6728NdisWan - ok
    17:37:28.0976 6728NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:37:29.0008 6728NDProxy - ok
    17:37:29.0012 6728Net Driver HPZ12 (2c723e42fc8d7b0209492828f921fb50) C:\Windows\system32\HPZinw12.dll
    17:37:29.0030 6728Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    17:37:29.0031 6728Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    17:37:29.0035 6728NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:37:29.0065 6728NetBIOS - ok
    17:37:29.0078 6728NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:37:29.0114 6728NetBT - ok
    17:37:29.0118 6728Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:37:29.0135 6728Netlogon - ok
    17:37:29.0151 6728Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:37:29.0190 6728Netman - ok
    17:37:29.0217 6728NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:37:29.0235 6728NetMsmqActivator - ok
    17:37:29.0240 6728NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:37:29.0258 6728NetPipeActivator - ok
    17:37:29.0279 6728netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:37:29.0321 6728netprofm - ok
    17:37:29.0325 6728NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:37:29.0344 6728NetTcpActivator - ok
    17:37:29.0346 6728NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:37:29.0365 6728NetTcpPortSharing - ok
    17:37:29.0816 6728NETwNs64 (fad6c5610d020534401966cd72a1c306) C:\Windows\system32\DRIVERS\Netwsw00.sys
    17:37:29.0919 6728NETwNs64 - ok
    17:37:29.0981 6728nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    17:37:29.0994 6728nfrd960 - ok
    17:37:30.0002 6728NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    17:37:30.0017 6728NisDrv - ok
    17:37:30.0036 6728NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
    17:37:30.0062 6728NisSrv - ok
    17:37:30.0077 6728NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    17:37:30.0117 6728NlaSvc - ok
    17:37:30.0122 6728Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:37:30.0152 6728Npfs - ok
    17:37:30.0156 6728nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:37:30.0193 6728nsi - ok
    17:37:30.0197 6728nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:37:30.0227 6728nsiproxy - ok
    17:37:30.0296 6728Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:37:30.0330 6728Ntfs - ok
    17:37:30.0389 6728ntiomin - ok
    17:37:30.0393 6728Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:37:30.0423 6728Null - ok
    17:37:30.0429 6728nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
    17:37:30.0444 6728nusb3hub - ok
    17:37:30.0454 6728nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    17:37:30.0469 6728nusb3xhc - ok
    17:37:30.0489 6728NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
    17:37:30.0510 6728NVENETFD - ok
    17:37:30.0519 6728nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:37:30.0534 6728nvraid - ok
    17:37:30.0544 6728nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:37:30.0558 6728nvstor - ok
    17:37:30.0568 6728nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:37:30.0584 6728nv_agp - ok
    17:37:30.0599 6728NWADI (6eeb54e34603dd417ece187c8402320a) C:\Windows\system32\DRIVERS\NWADIenum.sys
    17:37:30.0615 6728NWADI - ok
    17:37:30.0633 6728NWHelper (cfd6c86499ddcfa795a5f312102d05aa) C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe
    17:37:30.0667 6728NWHelper ( UnsignedFile.Multi.Generic ) - warning
    17:37:30.0667 6728NWHelper - detected UnsignedFile.Multi.Generic (1)
    17:37:30.0684 6728NWRmNet_022 (264123e0d43bf7be249218db087876eb) C:\Windows\system32\DRIVERS\NWRmNet_022.sys
    17:37:30.0702 6728NWRmNet_022 - ok
    17:37:30.0706 6728NWUSBCDFIL64 (d944d4341429093f55cb7f0ec87c86b3) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
    17:37:30.0720 6728NWUSBCDFIL64 - ok
    17:37:30.0731 6728NWUSBModem_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbmdm_000.sys
    17:37:30.0751 6728NWUSBModem_000 - ok
    17:37:30.0762 6728NWUSBModem_022 (a66e23d2684af82930486749584491e3) C:\Windows\system32\DRIVERS\nwusbmdm_022.sys
    17:37:30.0780 6728NWUSBModem_022 - ok
    17:37:30.0793 6728NWUSBPort2_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser2_000.sys
    17:37:30.0811 6728NWUSBPort2_000 - ok
    17:37:30.0827 6728NWUSBPort2_022 (a66e23d2684af82930486749584491e3) C:\Windows\system32\DRIVERS\nwusbser2_022.sys
    17:37:30.0843 6728NWUSBPort2_022 - ok
    17:37:30.0855 6728NWUSBPort_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser_000.sys
    17:37:30.0872 6728NWUSBPort_000 - ok
    17:37:30.0888 6728NWUSBPort_022 (a66e23d2684af82930486749584491e3) C:\Windows\system32\DRIVERS\nwusbser_022.sys
    17:37:30.0904 6728NWUSBPort_022 - ok
    17:37:30.0922 6728NWVZHelper (6f67805ebe1c879de008ed21bfcf2f02) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
    17:37:30.0955 6728NWVZHelper ( UnsignedFile.Multi.Generic ) - warning
    17:37:30.0955 6728NWVZHelper - detected UnsignedFile.Multi.Generic (1)
    17:37:30.0962 6728ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:37:30.0978 6728ohci1394 - ok
    17:37:30.0994 6728ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:37:31.0025 6728ose64 - ok
    17:37:31.0211 6728osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:37:31.0371 6728osppsvc - ok
    17:37:31.0431 6728p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:37:31.0458 6728p2pimsvc - ok
    17:37:31.0478 6728p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:37:31.0504 6728p2psvc - ok
    17:37:31.0519 6728Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    17:37:31.0535 6728Parport - ok
    17:37:31.0541 6728partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    17:37:31.0556 6728partmgr - ok
    17:37:31.0567 6728PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:37:31.0597 6728PcaSvc - ok
    17:37:31.0607 6728pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:37:31.0624 6728pci - ok
    17:37:31.0627 6728pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:37:31.0639 6728pciide - ok
    17:37:31.0652 6728pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    17:37:31.0668 6728pcmcia - ok
    17:37:31.0674 6728pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:37:31.0687 6728pcw - ok
    17:37:31.0713 6728PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:37:31.0749 6728PEAUTH - ok
    17:37:31.0804 6728PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    17:37:31.0837 6728PeerDistSvc - ok
    17:37:31.0890 6728PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:37:31.0911 6728PerfHost - ok
    17:37:32.0001 6728pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    17:37:32.0052 6728pla - ok
    17:37:32.0113 6728PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    17:37:32.0139 6728PlugPlay - ok
    17:37:32.0145 6728Pml Driver HPZ12 (171e6d91a20aac8d02172a64e82ce90b) C:\Windows\system32\HPZipm12.dll
    17:37:32.0162 6728Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    17:37:32.0162 6728Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    17:37:32.0166 6728PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:37:32.0189 6728PNRPAutoReg - ok
    17:37:32.0210 6728PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:37:32.0236 6728PNRPsvc - ok
    17:37:32.0259 6728PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    17:37:32.0299 6728PolicyAgent - ok
    17:37:32.0312 6728Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:37:32.0352 6728Power - ok
    17:37:32.0371 6728PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:37:32.0403 6728PptpMiniport - ok
    17:37:32.0408 6728Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    17:37:32.0424 6728Processor - ok
    17:37:32.0436 6728ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    17:37:32.0475 6728ProfSvc - ok
    17:37:32.0480 6728ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:37:32.0496 6728ProtectedStorage - ok
    17:37:32.0509 6728Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:37:32.0541 6728Psched - ok
    17:37:32.0546 6728PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    17:37:32.0561 6728PxHlpa64 - ok
    17:37:32.0565 6728qicflt (a73512132ecb2cd721e163abceac359f) C:\Windows\system32\DRIVERS\qicflt.sys
    17:37:32.0578 6728qicflt - ok
    17:37:32.0640 6728ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    17:37:32.0670 6728ql2300 - ok
    17:37:32.0737 6728ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    17:37:32.0751 6728ql40xx - ok
    17:37:32.0768 6728QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:37:32.0797 6728QWAVE - ok
    17:37:32.0802 6728QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:37:32.0820 6728QWAVEdrv - ok
    17:37:32.0824 6728RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:37:32.0854 6728RasAcd - ok
    17:37:32.0860 6728RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:37:32.0889 6728RasAgileVpn - ok
    17:37:32.0897 6728RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:37:32.0935 6728RasAuto - ok
    17:37:32.0945 6728Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:37:32.0975 6728Rasl2tp - ok
    17:37:32.0992 6728RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    17:37:33.0034 6728RasMan - ok
    17:37:33.0040 6728RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:37:33.0072 6728RasPppoe - ok
    17:37:33.0077 6728RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:37:33.0109 6728RasSstp - ok
    17:37:33.0125 6728rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:37:33.0160 6728rdbss - ok
    17:37:33.0164 6728rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:37:33.0181 6728rdpbus - ok
    17:37:33.0184 6728RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:37:33.0214 6728RDPCDD - ok
    17:37:33.0224 6728RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    17:37:33.0242 6728RDPDR - ok
    17:37:33.0245 6728RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:37:33.0274 6728RDPENCDD - ok
    17:37:33.0278 6728RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:37:33.0306 6728RDPREFMP - ok
    17:37:33.0317 6728RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    17:37:33.0337 6728RDPWD - ok
    17:37:33.0354 6728rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:37:33.0371 6728rdyboost - ok
    17:37:33.0383 6728RegSrvc (0c2b4c3b10d183be116a38353e937f62) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    17:37:33.0400 6728RegSrvc - ok
    17:37:33.0408 6728RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:37:33.0445 6728RemoteAccess - ok
    17:37:33.0455 6728RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:37:33.0495 6728RemoteRegistry - ok
    17:37:33.0508 6728RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    17:37:33.0525 6728RFCOMM - ok
    17:37:33.0545 6728RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    17:37:33.0814 6728RoxioNow Service - ok
    17:37:33.0822 6728RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:37:33.0859 6728RpcEptMapper - ok
    17:37:33.0873 6728rpcld (b1574dcb4ae3efacc24aa87b4ae6fc55) C:\ProgramData\Rpcnet\Bin\rpcld.exe
    17:37:33.0873 6728Suspicious file (NoAccess): C:\ProgramData\Rpcnet\Bin\rpcld.exe. md5: b1574dcb4ae3efacc24aa87b4ae6fc55
    17:37:33.0874 6728rpcld ( LockedFile.Multi.Generic ) - warning
    17:37:33.0874 6728rpcld - detected LockedFile.Multi.Generic (1)
    17:37:33.0878 6728RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:37:33.0895 6728RpcLocator - ok
    17:37:33.0938 6728rpcnet (6684437f3628ef237c354f77d33426d1) C:\Windows\SysWOW64\rpcnet.exe
    17:37:33.0946 6728rpcnet - ok
    17:37:33.0968 6728RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:37:34.0011 6728RpcSs - ok
    17:37:34.0028 6728rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:37:34.0060 6728rspndr - ok
    17:37:34.0076 6728RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
    17:37:34.0091 6728RSUSBSTOR - ok
    17:37:34.0095 6728s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    17:37:34.0108 6728s3cap - ok
    17:37:34.0112 6728SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:37:34.0129 6728SamSs - ok
    17:37:34.0137 6728sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:37:34.0152 6728sbp2port - ok
    17:37:34.0164 6728SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:37:34.0204 6728SCardSvr - ok
    17:37:34.0208 6728scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:37:34.0238 6728scfilter - ok
    17:37:34.0279 6728Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    17:37:34.0330 6728Schedule - ok
    17:37:34.0337 6728SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:37:34.0374 6728SCPolicySvc - ok
    17:37:34.0390 6728sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
    17:37:34.0407 6728sdbus - ok
    17:37:34.0418 6728SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    17:37:34.0444 6728SDRSVC - ok
    17:37:34.0449 6728secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:37:34.0480 6728secdrv - ok
    17:37:34.0485 6728seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    17:37:34.0520 6728seclogon - ok
    17:37:34.0527 6728SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    17:37:34.0565 6728SENS - ok
    17:37:34.0569 6728SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:37:34.0592 6728SensrSvc - ok
    17:37:34.0596 6728Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    17:37:34.0610 6728Serenum - ok
    17:37:34.0618 6728Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    17:37:34.0633 6728Serial - ok
    17:37:34.0638 6728sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    17:37:34.0652 6728sermouse - ok
    17:37:34.0663 6728SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    17:37:34.0701 6728SessionEnv - ok
    17:37:34.0706 6728sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:37:34.0722 6728sffdisk - ok
    17:37:34.0725 6728sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:37:34.0742 6728sffp_mmc - ok
    17:37:34.0747 6728sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:37:34.0764 6728sffp_sd - ok
    17:37:34.0768 6728sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    17:37:34.0781 6728sfloppy - ok
    17:37:34.0802 6728SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:37:34.0843 6728SharedAccess - ok
    17:37:34.0865 6728ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    17:37:34.0906 6728ShellHWDetection - ok
    17:37:34.0912 6728SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    17:37:34.0925 6728SiSRaid2 - ok
    17:37:34.0931 6728SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    17:37:34.0945 6728SiSRaid4 - ok
    17:37:34.0951 6728SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
    17:37:34.0964 6728SmartDefragDriver - ok
    17:37:34.0972 6728Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:37:35.0003 6728Smb - ok
    17:37:35.0029 6728snapman (ed46ec5dc276570908fc4d9de0628c71) C:\Windows\system32\DRIVERS\snapman.sys
    17:37:35.0049 6728snapman - ok
    17:37:35.0053 6728SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:37:35.0074 6728SNMPTRAP - ok
    17:37:35.0077 6728spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:37:35.0089 6728spldr - ok
    17:37:35.0115 6728Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    17:37:35.0187 6728Spooler - ok
    17:37:35.0319 6728sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    17:37:35.0381 6728sppsvc - ok
    17:37:35.0430 6728sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:37:35.0468 6728sppuinotify - ok
    17:37:35.0510 6728SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
    17:37:35.0534 6728SRTSP - ok
    17:37:35.0541 6728SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
    17:37:35.0553 6728SRTSPX - ok
    17:37:35.0573 6728srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:37:35.0596 6728srv - ok
    17:37:35.0616 6728srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:37:35.0636 6728srv2 - ok
    17:37:35.0651 6728SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    17:37:35.0670 6728SrvHsfHDA - ok
    17:37:35.0728 6728SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    17:37:35.0754 6728SrvHsfV92 - ok
    17:37:35.0840 6728SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    17:37:35.0862 6728SrvHsfWinac - ok
    17:37:35.0872 6728srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:37:35.0889 6728srvnet - ok
    17:37:35.0902 6728SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:37:35.0941 6728SSDPSRV - ok
    17:37:35.0950 6728SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:37:35.0985 6728SstpSvc - ok
    17:37:36.0012 6728STacSV (e82994866a370a480607637f28b82835) C:\Program Files\IDT\WDM\STacSV64.exe
    17:37:36.0046 6728STacSV - ok
    17:37:36.0054 6728Steam Client Service - ok
    17:37:36.0059 6728stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    17:37:36.0071 6728stexstor - ok
    17:37:36.0094 6728STHDA (3ad0ed8b19cd76d2254de5fb298e3c26) C:\Windows\system32\DRIVERS\stwrt64.sys
    17:37:36.0115 6728STHDA - ok
    17:37:36.0119 6728StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    17:37:36.0135 6728StillCam - ok
    17:37:36.0164 6728stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    17:37:36.0195 6728stisvc - ok
    17:37:36.0200 6728storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    17:37:36.0213 6728storflt - ok
    17:37:36.0218 6728StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    17:37:36.0240 6728StorSvc - ok
    17:37:36.0245 6728storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    17:37:36.0258 6728storvsc - ok
    17:37:36.0261 6728swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:37:36.0275 6728swenum - ok
    17:37:36.0307 6728swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:37:36.0348 6728swprv - ok
    17:37:36.0371 6728SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
    17:37:36.0390 6728SymDS - ok
    17:37:36.0436 6728SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
    17:37:36.0462 6728SymEFA - ok
    17:37:36.0474 6728SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    17:37:36.0502 6728SymEvent - ok
    17:37:36.0509 6728SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys
    17:37:36.0526 6728SymIM - ok
    17:37:36.0579 6728SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
    17:37:36.0599 6728SymIRON - ok
    17:37:36.0651 6728SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
    17:37:36.0677 6728SymNetS - ok
    17:37:36.0907 6728syncagentsrv (4975d8b0b0d95a8bafc53681195af86f) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    17:37:37.0018 6728syncagentsrv - ok
    17:37:37.0099 6728SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
    17:37:37.0123 6728SynTP - ok
    17:37:37.0186 6728SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    17:37:37.0227 6728SysMain - ok
    17:37:37.0284 6728TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    17:37:37.0310 6728TabletInputService - ok
    17:37:37.0337 6728TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    17:37:37.0378 6728TapiSrv - ok
    17:37:37.0384 6728TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:37:37.0422 6728TBS - ok
    17:37:37.0510 6728Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    17:37:37.0549 6728Tcpip - ok
    17:37:37.0695 6728TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:37:37.0734 6728TCPIP6 - ok
    17:37:37.0799 6728tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:37:37.0828 6728tcpipreg - ok
    17:37:37.0833 6728TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:37:37.0846 6728TDPIPE - ok
    17:37:37.0901 6728tdrpman (969bad6a9a5b6de983a8b2b84276ceb0) C:\Windows\system32\DRIVERS\tdrpman.sys
    17:37:37.0927 6728tdrpman - ok
    17:37:37.0986 6728TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    17:37:38.0000 6728TDTCP - ok
    17:37:38.0009 6728tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:37:38.0040 6728tdx - ok
    17:37:38.0320 6728TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) D:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    17:37:38.0366 6728TeamViewer7 - ok
    17:37:38.0373 6728TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:37:38.0386 6728TermDD - ok
    17:37:38.0417 6728TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    17:37:38.0461 6728TermService - ok
    17:37:38.0466 6728Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:37:38.0492 6728Themes - ok
    17:37:38.0499 6728THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:37:38.0533 6728THREADORDER - ok
    17:37:38.0576 6728timounter (990447334615a0db84f620e1426dcfe0) C:\Windows\system32\DRIVERS\timntr.sys
    17:37:38.0599 6728timounter - ok
    17:37:38.0606 6728TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:37:38.0643 6728TrkWks - ok
    17:37:38.0656 6728TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    17:37:38.0696 6728TrustedInstaller - ok
    17:37:38.0713 6728tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:37:38.0742 6728tssecsrv - ok
    17:37:38.0747 6728TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:37:38.0763 6728TsUsbFlt - ok
    17:37:38.0768 6728TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    17:37:38.0782 6728TsUsbGD - ok
    17:37:38.0792 6728tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:37:38.0823 6728tunnel - ok
    17:37:38.0830 6728uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    17:37:38.0844 6728uagp35 - ok
    17:37:38.0869 6728udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:37:38.0902 6728udfs - ok
    17:37:38.0909 6728UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:37:38.0929 6728UI0Detect - ok
    17:37:38.0935 6728uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:37:38.0948 6728uliagpkx - ok
    17:37:38.0953 6728umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    17:37:38.0967 6728umbus - ok
    17:37:38.0971 6728UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    17:37:38.0985 6728UmPass - ok
    17:37:38.0998 6728UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    17:37:39.0022 6728UmRdpService - ok
    17:37:39.0135 6728UNS (4ce819aff4608198957b375b3456751a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    17:37:39.0277 6728UNS - ok
    17:37:39.0347 6728upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:37:39.0388 6728upnphost - ok
    17:37:39.0405 6728usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:37:39.0421 6728usbccgp - ok
    17:37:39.0429 6728usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:37:39.0446 6728usbcir - ok
    17:37:39.0450 6728usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    17:37:39.0464 6728usbehci - ok
    17:37:39.0482 6728usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:37:39.0501 6728usbhub - ok
    17:37:39.0506 6728usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    17:37:39.0519 6728usbohci - ok
    17:37:39.0524 6728usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:37:39.0540 6728usbprint - ok
    17:37:39.0545 6728usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    17:37:39.0561 6728usbscan - ok
    17:37:39.0568 6728USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:37:39.0586 6728USBSTOR - ok
    17:37:39.0591 6728usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    17:37:39.0606 6728usbuhci - ok
    17:37:39.0618 6728usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    17:37:39.0636 6728usbvideo - ok
    17:37:39.0641 6728UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:37:39.0680 6728UxSms - ok
    17:37:39.0684 6728VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:37:39.0701 6728VaultSvc - ok
    17:37:39.0706 6728VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
    17:37:39.0720 6728VClone - ok
    17:37:39.0725 6728vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:37:39.0740 6728vdrvroot - ok
    17:37:39.0767 6728vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    17:37:39.0806 6728vds - ok
    17:37:39.0811 6728vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:37:39.0826 6728vga - ok
    17:37:39.0831 6728VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:37:39.0861 6728VgaSave - ok
    17:37:39.0876 6728vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:37:39.0892 6728vhdmp - ok
    17:37:39.0897 6728viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:37:39.0910 6728viaide - ok
    17:37:39.0925 6728vididr (4065ec01ae001c4db4a9a85cc1767d99) C:\Windows\system32\DRIVERS\vididr.sys
    17:37:39.0943 6728vididr - ok
    17:37:39.0953 6728vidsflt58 (6dc5d9a5bba6a858d06b7abefba1a1e6) C:\Windows\system32\DRIVERS\vsflt58.sys
    17:37:39.0970 6728vidsflt58 - ok
    17:37:39.0989 6728VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    17:37:40.0007 6728VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
    17:37:40.0007 6728VMAuthdService - detected UnsignedFile.Multi.Generic (1)
    17:37:40.0024 6728vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    17:37:40.0040 6728vmbus - ok
    17:37:40.0045 6728VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    17:37:40.0060 6728VMBusHID - ok
    17:37:40.0070 6728vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
    17:37:40.0086 6728vmci - ok
    17:37:40.0357 6728VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
    17:37:40.0371 6728VMnetAdapter - ok
    17:37:40.0378 6728VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
    17:37:40.0946 6728VMnetBridge - ok
    17:37:40.0952 6728VMnetDHCP - ok
    17:37:40.0957 6728VMnetuserif (1e74142ded099de7ada258042f891a8d) C:\Windows\system32\drivers\vmnetuserif.sys
    17:37:40.0969 6728VMnetuserif - ok
    17:37:41.0010 6728VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    17:37:41.0034 6728VMUSBArbService - ok
    17:37:41.0039 6728VMware NAT Service - ok
    17:37:41.0489 6728VMwareHostd (f95c4defcc06a1c9e3e1699c845980f1) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    17:37:41.0622 6728VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
    17:37:41.0622 6728VMwareHostd - detected UnsignedFile.Multi.Generic (1)
    17:37:41.0688 6728vmx86 (18a28eda522b6c0560e59d5be638d076) C:\Windows\system32\drivers\vmx86.sys
    17:37:41.0700 6728vmx86 - ok
    17:37:41.0706 6728volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:37:41.0719 6728volmgr - ok
    17:37:41.0738 6728volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:37:41.0756 6728volmgrx - ok
    17:37:41.0772 6728volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:37:41.0789 6728volsnap - ok
    17:37:41.0802 6728vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
    17:37:41.0819 6728vpcbus - ok
    17:37:41.0825 6728vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
    17:37:41.0843 6728vpcnfltr - ok
    17:37:41.0850 6728vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
    17:37:41.0866 6728vpcusb - ok
    17:37:41.0882 6728vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
    17:37:41.0902 6728vpcvmm - ok
    17:37:41.0911 6728vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    17:37:41.0925 6728vsmraid - ok
    17:37:41.0988 6728VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    17:37:42.0037 6728VSS - ok
    17:37:42.0083 6728vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
    17:37:42.0095 6728vstor2-mntapi10-shared - ok
    17:37:42.0150 6728vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:37:42.0166 6728vwifibus - ok
    17:37:42.0172 6728vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:37:42.0190 6728vwififlt - ok
    17:37:42.0194 6728vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    17:37:42.0212 6728vwifimp - ok
    17:37:42.0227 6728VZWConfigService (16c746cc481e9d1d77df3ca3aedf78cd) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
    17:37:42.0256 6728VZWConfigService ( UnsignedFile.Multi.Generic ) - warning
    17:37:42.0256 6728VZWConfigService - detected UnsignedFile.Multi.Generic (1)
    17:37:42.0273 6728W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:37:42.0314 6728W32Time - ok
    17:37:42.0320 6728WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    17:37:42.0334 6728WacomPen - ok
    17:37:42.0341 6728WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:37:42.0372 6728WANARP - ok
    17:37:42.0375 6728Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:37:42.0406 6728Wanarpv6 - ok
    17:37:42.0456 6728WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    17:37:42.0626 6728WatAdminSvc - ok
    17:37:42.0690 6728wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    17:37:42.0739 6728wbengine - ok
    17:37:42.0800 6728WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:37:42.0826 6728WbioSrvc - ok
    17:37:42.0846 6728wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    17:37:42.0874 6728wcncsvc - ok
    17:37:42.0880 6728WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:37:42.0902 6728WcsPlugInService - ok
    17:37:42.0917 6728Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    17:37:42.0929 6728Wd - ok
    17:37:42.0934 6728WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    17:37:42.0947 6728WDC_SAM - ok
    17:37:42.0974 6728Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:37:42.0994 6728Wdf01000 - ok
    17:37:43.0001 6728WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:37:43.0050 6728WdiServiceHost - ok
    17:37:43.0052 6728WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:37:43.0078 6728WdiSystemHost - ok
    17:37:43.0082 6728wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\Windows\system32\DRIVERS\WDKMD.sys
    17:37:43.0095 6728wdkmd - ok
    17:37:43.0108 6728WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    17:37:43.0135 6728WebClient - ok
    17:37:43.0147 6728Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:37:43.0188 6728Wecsvc - ok
    17:37:43.0195 6728wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:37:43.0234 6728wercplsupport - ok
    17:37:43.0241 6728WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:37:43.0280 6728WerSvc - ok
    17:37:43.0285 6728WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:37:43.0313 6728WfpLwf - ok
    17:37:43.0342 6728WHSConnector (1ef54b3220ebf3794439eb072b350f3e) C:\Program Files\Windows Home Server\WHSConnector.exe
    17:37:43.0372 6728WHSConnector - ok
    17:37:43.0377 6728WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:37:43.0390 6728WIMMount - ok
    17:37:43.0395 6728WinDefend - ok
    17:37:43.0399 6728WinHttpAutoProxySvc - ok
    17:37:43.0421 6728Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:37:43.0460 6728Winmgmt - ok
    17:37:43.0536 6728WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    17:37:43.0591 6728WinRM - ok
    17:37:43.0659 6728WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
    17:37:43.0676 6728WinUsb - ok
    17:37:43.0716 6728Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:37:43.0750 6728Wlansvc - ok
    17:37:43.0845 6728wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:37:43.0922 6728wlidsvc - ok
    17:37:43.0987 6728WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:37:44.0000 6728WmiAcpi - ok
    17:37:44.0018 6728wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:37:44.0040 6728wmiApSrv - ok
    17:37:44.0048 6728WMPNetworkSvc - ok
    17:37:44.0053 6728WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:37:44.0074 6728WPCSvc - ok
    17:37:44.0082 6728WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    17:37:44.0107 6728WPDBusEnum - ok
    17:37:44.0111 6728ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:37:44.0140 6728ws2ifsl - ok
    17:37:44.0149 6728wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    17:37:44.0175 6728wscsvc - ok
    17:37:44.0180 6728WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    17:37:44.0197 6728WSDPrintDevice - ok
    17:37:44.0199 6728WSearch - ok
    17:37:44.0295 6728wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    17:37:44.0354 6728wuauserv - ok
    17:37:44.0421 6728WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:37:44.0453 6728WudfPf - ok
    17:37:44.0465 6728WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:37:44.0498 6728WUDFRd - ok
    17:37:44.0505 6728wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    17:37:44.0542 6728wudfsvc - ok
    17:37:44.0554 6728WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:37:44.0581 6728WwanSvc - ok
    17:37:44.0616 6728YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    17:37:44.0727 6728YahooAUService - ok
    17:37:44.0830 6728ZeroConfigService (d2fe4103450e52cb248d842501f84b90) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    17:37:44.0891 6728ZeroConfigService - ok
    17:37:44.0936 6728MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:37:45.0027 6728\Device\Harddisk0\DR0 - ok
    17:37:45.0030 6728MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    17:37:45.0194 6728\Device\Harddisk1\DR1 - ok
    17:37:45.0196 6728Boot (0x1200) (258a9f4372cf5e94dec144502a583555) \Device\Harddisk0\DR0\Partition0
    17:37:45.0197 6728\Device\Harddisk0\DR0\Partition0 - ok
    17:37:45.0199 6728Boot (0x1200) (0df22ce98cc60ff59b72b3deb42eb0be) \Device\Harddisk1\DR1\Partition0
    17:37:45.0201 6728\Device\Harddisk1\DR1\Partition0 - ok
    17:37:45.0202 6728Boot (0x1200) (6743a5c9946eebd7bf01d18f2743f6f0) \Device\Harddisk1\DR1\Partition1
    17:37:45.0204 6728\Device\Harddisk1\DR1\Partition1 - ok
    17:37:45.0205 6728============================================================
    17:37:45.0205 6728Scan finished
    17:37:45.0205 6728============================================================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  13. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    I would like to take this reply process private, can we do that? I need to know more about where you're taking this, please.
    There is searchable information already in this thread I would like removed.
    You're asking for run of the removal tool for
    Boot.Tidserv
    Need to be sure we're on the right track as offline AVG syslinux and NBRT offline failed to show Boot.Tidserv and FixTDSS originally a Norton removal tool. I have a good relationship with Norton and a consumer and would like to consult them. The download you provided is verified Symantec and their tool, which I appreciate.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Bootkit Remover indicated rootkit activity:
    so we're running some tools to establish what's going on.

    If you're concern about some privacy issues you can always consider taking your computer to a shop.
    Keep in mind that thousands of logs like yours are posted on the internet every day.
    Let me know what you want to do.
     
  15. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    TDSS Fix Tool 2.1.3
    No infections found
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  17. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    Could BootKit Remover have false positive if both MSE/N360 are actively protecting?

    ComboFix 12-06-01.03 - -myname- 06/01/2012 16:46:12.2.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.4799 [GMT -7:00]
    Running from: d:\-myname-\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\programdata\Roaming
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-01 23:50 . 2012-06-01 23:50--------d-----w-c:\users\-myname-\AppData\Local\temp
    2012-06-01 23:50 . 2012-06-01 23:50--------d-----w-c:\users\Default\AppData\Local\temp
    2012-06-01 23:44 . 2012-06-01 23:4469000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{179FB063-712B-42A2-BB4D-91C3C90B97C3}\offreg.dll
    2012-06-01 02:15 . 2012-05-08 17:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{179FB063-712B-42A2-BB4D-91C3C90B97C3}\mpengine.dll
    2012-05-30 00:39 . 2012-05-08 17:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-05-29 05:04 . 2012-05-29 05:04--------d-----w-C:\NBRT
    2012-05-29 03:36 . 2009-05-18 08:4734152----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-05-29 03:36 . 2012-05-29 03:36--------d-----w-c:\windows\system32\drivers\NBRTWizardx64
    2012-05-29 03:36 . 2012-05-29 03:36--------d-----w-c:\program files (x86)\Norton Bootable Recovery Tool Wizard
    2012-05-29 02:13 . 2010-11-20 13:24777728----a-w-c:\windows\system32\autochk_swift.exe
    2012-05-29 01:38 . 2012-05-29 01:38--------d-----w-c:\users\Administrator
    2012-05-29 00:35 . 2012-05-29 00:35--------d-----w-C:\TDSSKiller_Quarantine
    2012-05-28 18:38 . 2012-05-28 18:3972----a-w-c:\users\-myname-\sfccheck.bat
    2012-05-27 16:37 . 2012-05-27 16:37--------d-----w-c:\program files (x86)\AV
    2012-05-27 06:36 . 2012-05-27 06:36--------d-----w-c:\users\-myname-\AppData\Local\Broadcom
    2012-05-27 05:46 . 2012-02-02 02:0739976----a-w-c:\windows\system32\drivers\btwl2cap.sys
    2012-05-27 05:46 . 2012-02-02 02:0721544----a-w-c:\windows\system32\drivers\btwrchid.sys
    2012-05-27 05:46 . 2012-02-02 02:07211496----a-w-c:\windows\system32\drivers\btwavdt.sys
    2012-05-27 05:46 . 2012-02-02 02:07184360----a-w-c:\windows\system32\drivers\btwaudio.sys
    2012-05-27 03:48 . 2012-05-29 00:32--------d-----w-c:\users\-myname-\AppData\Local\CrashDumps
    2012-05-20 16:26 . 2012-05-20 16:26927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D313A4E2-741E-4E86-8270-4009B1F0F6CA}\gapaengine.dll
    2012-05-20 16:25 . 2012-05-20 16:25--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-05-20 16:25 . 2012-05-20 16:25--------d-----w-c:\program files\Microsoft Security Client
    2012-05-20 15:45 . 2012-05-29 03:33--------d-----w-c:\users\-myname-\AppData\Local\NPE
    2012-05-19 01:04 . 2012-05-19 04:40--------d-----w-c:\windows\system32\drivers\N360x64\0602010.005
    2012-05-19 00:43 . 2012-05-08 17:028955792----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F51F9AC-AACF-421B-B68C-807E15AB413B}\mpengine.dll
    2012-05-18 06:34 . 2012-05-18 06:34--------d-----w-c:\windows\SysWow64\xlive
    2012-05-18 06:34 . 2012-05-18 06:34--------d-----w-c:\program files (x86)\Microsoft Games for Windows - LIVE
    2012-05-18 00:26 . 2012-05-18 00:41--------d-----w-c:\program files (x86)\Common Files\Blizzard Entertainment
    2012-05-16 03:30 . 2012-05-16 03:30--------d-----w-c:\program files (x86)\Windows Home Server
    2012-05-16 03:19 . 2012-05-16 03:19--------d-----w-C:\Logs
    2012-05-16 03:19 . 2011-09-06 09:2859512----a-w-c:\windows\system32\drivers\maploml.sys
    2012-05-16 03:19 . 2011-09-06 09:2834936----a-w-c:\windows\system32\drivers\maplom.sys
    2012-05-16 03:15 . 2012-05-16 03:15--------d-----w-c:\users\-myname-\dwhelper
    2012-05-14 17:07 . 2012-05-14 18:53--------d-----w-c:\users\-myname-\AppData\Local\LogMeIn Rescue Applet
    2012-05-14 07:47 . 2012-05-14 07:47--------d-----w-c:\program files\CCleaner
    2012-05-13 21:01 . 2012-01-17 22:4643640----a-r-c:\windows\system32\drivers\SymIMV.sys
    2012-05-13 19:02 . 2012-05-13 20:38--------d-s---w-c:\users\-myname-\Google Drive
    2012-05-11 13:59 . 2012-05-12 21:08--------d-----w-c:\program files\AVAST Software
    2012-05-11 13:41 . 2012-05-11 13:41--------d-----w-c:\windows\SysWow64\N360_BACKUP
    2012-05-11 13:32 . 2012-05-11 13:32--------d-----w-c:\program files (x86)\SP55671
    2012-05-11 12:20 . 2012-05-11 12:20--------d--h--w-c:\windows\system32\WLANProfiles
    2012-05-11 12:20 . 2012-05-11 12:20--------d-----w-c:\programdata\Intel
    2012-05-11 06:09 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
    2012-05-11 06:09 . 2012-03-06 23:15201352----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-05-11 06:09 . 2012-05-12 21:08--------d-----w-c:\programdata\AVAST Software
    2012-05-11 04:21 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-05-11 04:21 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
    2012-05-11 04:21 . 2012-03-01 06:38220672----a-w-c:\windows\system32\wintrust.dll
    2012-05-11 04:21 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
    2012-05-11 04:21 . 2012-03-01 05:37172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-05-11 04:21 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
    2012-05-11 04:21 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
    2012-05-10 15:45 . 2012-05-10 15:45--------d-----w-c:\program files (x86)\Common Files\Symantec Shared
    2012-05-10 15:24 . 2012-03-31 06:055559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-05-10 15:24 . 2012-03-31 04:393968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-10 15:24 . 2012-03-31 04:393913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-05-10 15:24 . 2012-03-31 03:103146240----a-w-c:\windows\system32\win32k.sys
    2012-05-10 15:24 . 2012-03-03 06:351544704----a-w-c:\windows\system32\DWrite.dll
    2012-05-10 15:24 . 2012-03-03 05:311077248----a-w-c:\windows\SysWow64\DWrite.dll
    2012-05-10 15:24 . 2012-03-17 07:5875120----a-w-c:\windows\system32\drivers\partmgr.sys
    2012-05-10 15:23 . 2012-03-30 11:351918320----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-05-10 15:23 . 2012-03-31 05:401367552----a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 15:23 . 2012-03-31 04:29936960----a-w-c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 06:53 . 2012-05-10 06:53--------d-----w-c:\windows\Microsoft Antimalware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-01 14:58 . 2011-08-24 05:3917920----a-w-c:\windows\system32\rpcnetp.exe
    2012-06-01 14:58 . 2011-08-23 03:3158288----a-w-c:\windows\SysWow64\rpcnet.dll
    2012-05-19 02:54 . 2011-08-20 10:4087456----a-w-c:\windows\system32\LMIRfsClientNP.dll
    2012-05-19 02:54 . 2011-08-20 10:4080768----a-w-c:\windows\system32\LMIinit.dll
    2012-05-19 02:54 . 2011-08-20 10:4034688----a-w-c:\windows\system32\LMIport.dll
    2012-05-18 06:35 . 2009-08-18 19:49564632----a-w-c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2012-05-18 06:35 . 2009-08-18 18:2419736----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-05-11 12:27 . 2011-08-24 05:4113160----a-w-c:\windows\SysWow64\Upgrd.exe
    2012-05-11 12:27 . 2011-08-23 03:3158288------w-c:\windows\SysWow64\rpcnet.exe
    2012-05-11 11:55 . 2011-08-24 05:3917920----a-w-c:\windows\SysWow64\rpcnetp.dll
    2012-05-11 11:55 . 2011-08-24 05:3917920----a-w-c:\windows\SysWow64\rpcnetp.exe
    2012-05-10 17:04 . 2012-03-31 02:06419488----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-10 17:04 . 2011-08-20 08:2070304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-10 17:04 . 2012-03-31 05:088744608----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-04 22:56 . 2011-10-02 05:1024904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-04-01 16:48 . 2012-04-01 16:48175736----a-w-c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-03-21 16:09 . 2010-08-20 19:2269552----a-w-c:\windows\SysWow64\CmpTrWmi.dll
    2012-03-21 03:44 . 2012-03-21 03:4498688----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-21 03:44 . 2012-03-21 03:44203888----a-w-c:\windows\system32\drivers\MpFilter.sys
    2012-03-19 19:40 . 2010-08-20 19:2231232----a-w-c:\windows\SysWow64\inttdt.dll
    2012-03-05 20:38 . 2012-03-05 20:38421200----a-w-c:\windows\SysWow64\msvcp100.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1794208----a-w-c:\users\-myname-\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1794208----a-w-c:\users\-myname-\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1794208----a-w-c:\users\-myname-\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "envyTouchPad"="d:\-myname-\Documents\homepc\trackpad\envyTouchPad_pre.exe" [2011-08-23 402944]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "RoboForm"="d:\program files (x86)\Siber Systems\AI Roboform\RoboTaskBarIcon.exe" [2012-05-29 109336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-13 336384]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-01-18 103536]
    "iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
    "QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-1 1380128]
    Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-5-15 666992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk /p \??\d:\0autocheck autochk /p \??\c:\0autocheck autochk *\0SmartDefragBootTime.exe
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification PackagesREG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
    @="Service"
    .
    R1 ntiomin;ntiomin; [x]
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe [2012-01-21 192792]
    R2 CLKMSVC10_B5212065;CyberLink Product - 2011/10/14 21:36;d:\program files (x86)\CyberLink\PowerDVD10\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176]
    R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
    R2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-08-21 5729328]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\microsoft office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_022.sys [x]
    R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
    R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
    R3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_022.sys [x]
    R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
    R3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_022.sys [x]
    R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
    R3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_022.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R4 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-01-18 11839488]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [x]
    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
    S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [x]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-05-08 1160824]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120531.003\IDSvia64.sys [2012-05-09 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
    S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-26 3409872]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
    S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
    S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
    S2 GJService;Game Jackal Server;d:\program files (x86)\SlySoft\Game Jackal v4\Server.exe [2011-09-06 3547648]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-19 375176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-12 15928]
    S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
    S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-06-03 270336]
    S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S2 TeamViewer7;TeamViewer 7;d:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-14 2656280]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S2 VZWConfigService;VZWConfigService;c:\program files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-02-11 169472]
    S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
    S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe [2012-01-21 240408]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MaplomL;MaplomL; [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_B5212065
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:04]
    .
    2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 06:04]
    .
    2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 06:04]
    .
    2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1661793286-1334532520-4282233208-1001Core.job
    - c:\users\-myname-\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 07:04]
    .
    2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1661793286-1334532520-4282233208-1001UA.job
    - c:\users\-myname-\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 07:04]
    .
    2012-06-01 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2012-02-26 08:13]
    .
    2012-05-14 c:\windows\Tasks\HPCeeScheduleForBLAZE$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-06-01 c:\windows\Tasks\HPCeeScheduleFor-myname-.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1797792----a-w-c:\users\-myname-\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1797792----a-w-c:\users\-myname-\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1797792----a-w-c:\users\-myname-\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1797792----a-w-c:\users\-myname-\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-05-17 00:53754712----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-05-17 00:53754712----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-05-17 00:53754712----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-05-17 00:53754712----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
    "acevents"="d:\program files\ActivClient\acevents.exe" [2009-06-04 196648]
    "accrdsub"="d:\program files\ActivClient\accrdsub.exe" [2009-06-04 483880]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-12 57928]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Evernote 4.0 - d:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Fill Forms - file://d:\program files (x86)\Siber Systems\AI Roboform\RoboFormComFillForms.html
    IE: Logoff - file://d:\program files (x86)\Siber Systems\AI Roboform\RoboFormComLogoff.html
    IE: RoboForm Editor - file://d:\program files (x86)\Siber Systems\AI Roboform\RoboFormComEditIdent.html
    LSP: %SystemRoot%\system32\vsocklib.dll
    Trusted Zone: hp.com\na.webaccess
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{EC0144D4-9810-4102-A77E-B552B65D521E}: NameServer = 66.174.92.14 69.78.96.14
    FF - ProfilePath - c:\users\-myname-\AppData\Roaming\Mozilla\Firefox\Profiles\2ufbzawo.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\-myname-\AppData\Local\Akamai\netsession_win.exe
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    HKLM-Run-(Default) - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Picasa 3 - d:\program files (x86)\Google\Picasa3\Uninstall.exe
    AddRemove-Smart Defrag 2_is1 - d:\program files (x86)\IObit\Smart Defrag 2\unins000.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-01 16:52:17
    ComboFix-quarantined-files.txt 2012-06-01 23:52
    .
    Pre-Run: 80,785,977,344 bytes free
    Post-Run: 80,763,379,712 bytes free
    .
    - - End Of File - - BC6066AC3CF2EFEB4C59BAB07258AEB0
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    It looks like Bootkit Remover gave a false reading.

    Combofix log is clean.

    You're running two AV programs, MSE and Norton.
    One of them has to go.
    If Norton use this tool to uninstall it: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    Then...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    OTL logfile created on: 6/2/2012 6:07:43 PM - Run 1
    OTL by OldTimer - Version 3.2.45.0 Folder = D:\-myname-\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.95 Gb Total Physical Memory | 4.68 Gb Available Physical Memory | 58.91% Memory free
    16.87 Gb Paging File | 13.30 Gb Available in Paging File | 78.84% Paging File free
    Paging file location(s): c:\pagefile.sys 1000 1000d:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119.05 Gb Total Space | 75.25 Gb Free Space | 63.21% Space Free | Partition Type: NTFS
    Drive D: | 698.63 Gb Total Space | 607.18 Gb Free Space | 86.91% Space Free | Partition Type: NTFS

    Computer Name: BLAZE | User Name: -myname- | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/06/02 18:05:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\-myname-\Downloads\OTL.exe
    PRC - [2012/05/28 18:45:09 | 000,109,336 | ---- | M] (Siber Systems) -- D:\Program Files (x86)\Siber Systems\AI Roboform\robotaskbaricon.exe
    PRC - [2012/05/11 05:27:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
    PRC - [2012/05/09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- D:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2012/05/09 09:38:18 | 010,923,360 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- D:\Program Files (x86)\Evernote\Evernote\Evernote.exe
    PRC - [2012/05/09 09:38:18 | 000,391,008 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- D:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
    PRC - [2012/03/30 14:41:46 | 001,858,152 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
    PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccsvchst.exe
    PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/23 03:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- D:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\-myname-\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/01/21 01:39:12 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.EXE
    PRC - [2012/01/18 16:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2012/01/18 16:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2012/01/18 16:47:10 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    PRC - [2012/01/18 14:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/18 13:48:14 | 000,065,536 | ---- | M] (Blizzard North) -- D:\Games\Diablo II\Game.exe
    PRC - [2011/09/25 23:09:50 | 003,409,872 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2011/09/06 02:33:56 | 003,547,648 | ---- | M] () -- D:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
    PRC - [2011/08/26 15:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    PRC - [2011/08/23 00:06:32 | 000,402,944 | ---- | M] () -- D:\-myname-\Documents\homepc\trackpad\envyTouchPad_pre.exe
    PRC - [2011/06/13 16:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/05/10 13:37:32 | 000,010,920 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    PRC - [2011/05/10 13:37:30 | 000,085,672 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
    PRC - [2011/03/22 11:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
    PRC - [2011/01/14 10:01:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/01/14 10:01:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/01/12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/01/12 17:55:32 | 003,514,368 | ---- | M] (Helios Software Solutions) -- D:\Util\TextPad 5\TextPad.exe
    PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/11/17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/27 18:54:48 | 001,594,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\653eb4011af75f449bc8c92cbc28b9b1\System.Drawing.ni.dll
    MOD - [2012/05/27 10:20:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
    MOD - [2012/05/27 10:16:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/05/26 23:56:39 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
    MOD - [2012/05/26 23:56:33 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
    MOD - [2012/05/26 23:54:55 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
    MOD - [2012/05/26 23:54:50 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
    MOD - [2012/05/26 23:54:46 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2012/05/22 18:56:50 | 000,441,880 | ---- | M] () -- C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
    MOD - [2012/05/22 18:56:49 | 003,922,456 | ---- | M] () -- C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
    MOD - [2012/05/22 18:55:35 | 000,553,496 | ---- | M] () -- C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
    MOD - [2012/05/22 18:55:33 | 000,117,784 | ---- | M] () -- C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
    MOD - [2012/05/22 18:55:24 | 000,134,696 | ---- | M] () -- C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
    MOD - [2012/05/22 18:55:23 | 000,250,408 | ---- | M] () -- C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
    MOD - [2012/05/22 18:55:21 | 002,375,720 | ---- | M] () -- C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
    MOD - [2012/05/22 18:06:23 | 008,743,584 | ---- | M] () -- C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- D:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- D:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    MOD - [2012/03/16 15:40:06 | 017,664,512 | ---- | M] () -- D:\Program Files (x86)\Evernote\Evernote\libcef.dll
    MOD - [2012/03/16 15:40:02 | 000,160,782 | ---- | M] () -- D:\Program Files (x86)\Evernote\Evernote\avformat-52.dll
    MOD - [2012/03/16 15:39:42 | 001,305,102 | ---- | M] () -- D:\Program Files (x86)\Evernote\Evernote\avcodec-52.dll
    MOD - [2012/03/16 15:39:42 | 000,096,782 | ---- | M] () -- D:\Program Files (x86)\Evernote\Evernote\avutil-50.dll
    MOD - [2012/02/10 16:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    MOD - [2012/01/03 19:51:04 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/01/03 19:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2011/08/23 00:06:32 | 000,402,944 | ---- | M] () -- D:\-myname-\Documents\homepc\trackpad\envyTouchPad_pre.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/11/20 20:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010/11/20 20:24:08 | 000,839,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    MOD - [2010/11/20 20:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/11/20 20:23:48 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/06/10 14:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) Intel(R)
    SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV:64bit: - [2012/02/01 18:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
    SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/08/18 02:12:52 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2011/05/03 22:19:28 | 000,591,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch)
    SRV:64bit: - [2011/03/17 04:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/01/10 13:21:02 | 000,231,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
    SRV:64bit: - [2011/01/10 13:20:18 | 000,109,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
    SRV:64bit: - [2011/01/10 13:19:58 | 000,489,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
    SRV:64bit: - [2010/11/20 20:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
    SRV:64bit: - [2009/10/05 11:14:50 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe -- (MediaCollectorService)
    SRV:64bit: - [2009/10/05 11:14:50 | 000,020,992 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe -- (HPMSSConnectorSvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/06/03 17:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
    SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/05/18 19:54:39 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
    SRV - [2012/05/18 19:54:33 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/05/11 05:27:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
    SRV - [2012/05/10 10:04:18 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
    SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
    SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2012/02/23 03:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/01/21 01:39:12 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/01/21 01:39:12 | 000,192,792 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/01/18 16:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2012/01/18 16:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2012/01/18 16:04:52 | 011,839,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
    SRV - [2012/01/18 14:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/12 20:13:34 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/09/25 23:09:50 | 003,409,872 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/09/06 02:33:56 | 003,547,648 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe -- (GJService)
    SRV - [2011/08/29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
    SRV - [2011/08/20 21:35:10 | 005,729,328 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
    SRV - [2011/08/20 21:34:28 | 001,121,536 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2011/06/12 12:43:28 | 051,740,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/05/10 13:37:32 | 000,010,920 | ---- | M] (Absolute Software) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
    SRV - [2011/05/03 21:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
    SRV - [2011/02/11 16:45:12 | 000,169,472 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)
    SRV - [2011/01/25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- D:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_B5212065)
    SRV - [2011/01/14 10:01:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2011/01/14 10:01:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2011/01/11 19:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
    SRV - [2010/06/14 12:00:48 | 000,270,848 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
    SRV - [2010/06/03 14:50:04 | 000,270,336 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe -- (NWHelper)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/13 18:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/18 19:54:33 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2012/04/01 09:48:59 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/03/28 23:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/03/28 23:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2012/02/01 19:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2012/02/01 19:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2012/02/01 19:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2012/02/01 19:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2012/02/01 19:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2012/01/18 16:47:44 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2012/01/18 16:46:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2012/01/18 14:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2012/01/18 14:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2012/01/17 15:46:01 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/01/17 15:46:00 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
    DRV:64bit: - [2012/01/17 15:45:57 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/01/17 15:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys -- (SymDS)
    DRV:64bit: - [2012/01/17 15:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/11/29 15:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/09/25 23:09:51 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
    DRV:64bit: - [2011/09/25 23:09:48 | 001,284,192 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
    DRV:64bit: - [2011/09/25 23:09:48 | 000,986,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2011/09/25 23:09:45 | 000,210,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
    DRV:64bit: - [2011/09/25 23:09:45 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
    DRV:64bit: - [2011/09/25 23:09:42 | 000,310,368 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2011/09/25 23:09:42 | 000,132,704 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
    DRV:64bit: - [2011/09/06 02:28:48 | 000,059,512 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\maploml.sys -- (MaplomL)
    DRV:64bit: - [2011/09/06 02:28:32 | 000,034,936 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\maplom.sys -- (Maplom)
    DRV:64bit: - [2011/08/29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2011/08/18 05:40:56 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/08/18 01:34:48 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/08/09 12:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2011/08/08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2011/08/05 12:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2011/08/05 12:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/04/26 11:04:24 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2011/04/07 17:22:12 | 000,029,800 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
    DRV:64bit: - [2011/03/17 04:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/01 14:44:26 | 000,217,856 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2_022.sys -- (NWUSBPort2_022)
    DRV:64bit: - [2011/03/01 14:44:26 | 000,217,856 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser_022.sys -- (NWUSBPort_022)
    DRV:64bit: - [2011/03/01 14:44:26 | 000,217,856 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm_022.sys -- (NWUSBModem_022)
    DRV:64bit: - [2011/03/01 14:44:24 | 000,295,424 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWRmNet_022.sys -- (NWRmNet_022)
    DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/02/09 12:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/01/11 19:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2011/01/11 19:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2011/01/10 14:20:44 | 000,053,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader)
    DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
    DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/07/08 11:52:32 | 000,256,512 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
    DRV:64bit: - [2010/07/08 11:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
    DRV:64bit: - [2010/07/08 11:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
    DRV:64bit: - [2010/07/08 11:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
    DRV:64bit: - [2010/07/08 11:52:32 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 16:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
    DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 01:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2012/06/02 11:43:52 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120601.034\ex64.sys -- (NAVEX15)
    DRV - [2012/06/02 11:43:52 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120601.034\eng64.sys -- (NAVENG)
    DRV - [2012/05/30 19:34:52 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/05/30 19:34:52 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/05/09 15:41:30 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120601.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/05/07 19:28:52 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120517.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/01/11 19:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
  20. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\SearchScopes,DefaultScope = {6FBA260F-E3EB-42EF-A6D0-70FCFC219527}
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\SearchScopes\{143FE9D2-DF5F-4471-8FF3-17311681A8C7}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&...202069F0B4797B3CC23C2815D1CBC&q={searchTerms}
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\SearchScopes\{6FBA260F-E3EB-42EF-A6D0-70FCFC219527}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\SearchScopes\{A217F1AF-B5CD-4081-9006-6AD4FBF502B1}: "URL" = http://search.brandthunder.com/?q={searchTerms}&tid={tid?}
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-syn&type=SYN1E4F
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\-myname-\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\-myname-\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/04/01 09:49:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/06/02 11:23:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: D:\Program Files (x86)\Siber Systems\AI Roboform\Firefox [2012/05/28 18:46:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/06/01 21:23:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/01 21:23:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: D:\Program Files (x86)\Siber Systems\AI Roboform\Firefox [2012/05/28 18:46:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/06/01 21:23:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/01 21:23:45 | 000,000,000 | ---D | M]

    [2011/10/23 21:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-myname-\AppData\Roaming\Mozilla\Extensions
    [2012/05/31 19:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-myname-\AppData\Roaming\Mozilla\Firefox\Profiles\2ufbzawo.default\extensions
    [2012/05/13 23:13:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\-myname-\AppData\Roaming\Mozilla\Firefox\Profiles\2ufbzawo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/05/13 23:13:06 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\-myname-\AppData\Roaming\Mozilla\Firefox\Profiles\2ufbzawo.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
    [2012/05/26 18:11:41 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\-myname-\AppData\Roaming\Mozilla\Firefox\Profiles\2ufbzawo.default\extensions\LogMeInClient@logmein.com
    [2012/06/02 11:23:29 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\COFFPLGN
    [2012/04/01 09:49:44 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPLGN
    [2011/11/24 23:57:10 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\-myname-\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2UFBZAWO.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
    [2012/01/07 22:41:54 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\-myname-\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2UFBZAWO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/05/20 10:17:42 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\-myname-\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2UFBZAWO.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    [2011/11/24 23:57:10 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\-myname-\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2UFBZAWO.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\-myname-\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = D:\Program Files (x86)\Siber Systems\AI Roboform\Chrome\plugin/rf-np-plugin.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = D:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - Extension: Google Docs = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.4_0\
    CHR - Extension: YouTube = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Rampage = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0\
    CHR - Extension: Google Search = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Finance = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
    CHR - Extension: Norton Identity Protection = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
    CHR - Extension: Evernote Web Clipper = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.4_1\
    CHR - Extension: Gmail = C:\Users\-myname-\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/05/28 10:54:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform-x64.dll (Siber Systems Inc.)
    O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform.dll (Siber Systems Inc.)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform-x64.dll (Siber Systems Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O3:64bit: - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform.dll (Siber Systems Inc.)
    O4:64bit: - HKLM..\Run: [accrdsub] D:\Program Files\ActivClient\accrdsub.exe (ActivIdentity)
    O4:64bit: - HKLM..\Run: [acevents] D:\Program Files\ActivClient\acevents.exe (ActivIdentity)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
    O4 - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001..\Run: [envyTouchPad] D:\-myname-\Documents\homepc\trackpad\envyTouchPad_pre.exe ()
    O4 - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001..\Run: [RoboForm] D:\Program Files (x86)\Siber Systems\AI Roboform\RoboTaskBarIcon.exe (Siber Systems)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Evernote 4.0 - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8:64bit: - Extra context menu item: Fill Forms - D:\Program Files (x86)\Siber Systems\AI Roboform\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: Logoff - D:\Program Files (x86)\Siber Systems\AI Roboform\RoboFormComLogoff.html ()
    O8:64bit: - Extra context menu item: RoboForm Editor - D:\Program Files (x86)\Siber Systems\AI Roboform\RoboFormComEditIdent.html ()
    O8 - Extra context menu item: Add to Evernote 4.0 - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Fill Forms - D:\Program Files (x86)\Siber Systems\AI Roboform\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Logoff - D:\Program Files (x86)\Siber Systems\AI Roboform\RoboFormComLogoff.html ()
    O8 - Extra context menu item: RoboForm Editor - D:\Program Files (x86)\Siber Systems\AI Roboform\RoboFormComEditIdent.html ()
    O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI Roboform\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: @D:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @D:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O15 - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..Trusted Domains: hp.com ([na.webaccess] https in Trusted sites)
    O15 - HKU\S-1-5-21-1661793286-1334532520-4282233208-1001\..Trusted Ranges: Range1 ([https] in Trusted sites)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
    O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28BAECC0-B30A-4024-A8C0-77E4B8348B0A}: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95DE569E-BCAF-4952-AB2B-799F352FB3FC}: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC0144D4-9810-4102-A77E-B552B65D521E}: NameServer = 66.174.92.14 69.78.96.14
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/11/20 06:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) - D:\autochk.exe -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk /p \??\D:)
    O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - ff_vfw.dll File not found
    Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/02 11:22:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/01 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/06/01 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/06/01 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/06/01 21:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/06/01 16:52:19 | 000,000,000 | ---D | C] -- C:\Users\-myname-\AppData\Local\temp
    [2012/06/01 16:45:27 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/05/28 22:04:07 | 000,000,000 | ---D | C] -- C:\NBRT
    [2012/05/28 20:36:46 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
    [2012/05/28 20:36:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
    [2012/05/28 20:36:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0405000.022
    [2012/05/28 20:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
    [2012/05/28 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
    [2012/05/28 19:13:11 | 000,777,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk_swift.exe
    [2012/05/28 18:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
    [2012/05/28 17:35:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/05/28 10:40:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/05/28 10:40:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/05/28 10:40:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/05/28 10:40:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/28 10:37:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/27 15:42:58 | 000,607,260 | R--- | C] (Swearware) -- D:\-myname-\Desktop\dds.scr
    [2012/05/27 09:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AV
    [2012/05/27 09:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2012/05/26 23:36:05 | 000,000,000 | ---D | C] -- C:\Users\-myname-\AppData\Local\Broadcom
    [2012/05/26 22:46:28 | 000,211,496 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
    [2012/05/26 22:46:28 | 000,184,360 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
    [2012/05/26 22:46:28 | 000,039,976 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
    [2012/05/26 22:46:28 | 000,021,544 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
    [2012/05/26 20:48:22 | 000,000,000 | ---D | C] -- C:\Users\-myname-\AppData\Local\CrashDumps
    [2012/05/25 17:36:04 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- D:\-myname-\Desktop\TDSSKiller.exe
    [2012/05/20 08:45:36 | 000,000,000 | ---D | C] -- C:\Users\-myname-\AppData\Local\NPE
    [2012/05/19 14:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
    [2012/05/19 11:30:29 | 000,000,000 | ---D | C] -- D:\-myname-\Desktop\Diablo
    [2012/05/17 23:35:06 | 000,000,000 | ---D | C] -- D:\-myname-\Documents\Games for Windows - LIVE Demos
    [2012/05/17 23:34:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
    [2012/05/17 23:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    [2012/05/17 23:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    [2012/05/17 17:46:53 | 000,000,000 | ---D | C] -- C:\Users\-myname-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012/05/17 17:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2012/05/15 20:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Home Server
    [2012/05/15 20:19:39 | 000,000,000 | ---D | C] -- C:\Logs
    [2012/05/15 20:19:37 | 000,059,512 | ---- | C] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maploml.sys
    [2012/05/15 20:19:37 | 000,034,936 | ---- | C] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maplom.sys
    [2012/05/15 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\-myname-\dwhelper
    [2012/05/14 10:07:15 | 000,000,000 | ---D | C] -- C:\Users\-myname-\AppData\Local\LogMeIn Rescue Applet
    [2012/05/14 00:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/05/14 00:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/05/13 23:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
    [2012/05/13 14:01:55 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
    [2012/05/13 12:02:02 | 000,000,000 | --SD | C] -- C:\Users\-myname-\Google Drive
    [2012/05/13 11:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    [2012/05/11 06:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/05/11 06:41:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\N360_BACKUP
    [2012/05/11 06:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SP55671
    [2012/05/11 05:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    [2012/05/11 05:20:56 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\WLANProfiles
    [2012/05/11 05:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
    [2012/05/11 05:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/05/10 23:09:57 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/05/10 23:09:56 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/05/10 23:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/05/10 21:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
    [2012/05/10 21:26:49 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/05/10 21:26:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/05/10 21:26:48 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/05/10 21:26:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/05/10 21:26:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/05/10 21:26:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/05/10 21:26:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/05/10 21:26:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/05/10 21:26:46 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/05/10 21:26:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/05/10 21:26:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/05/10 21:21:25 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
    [2012/05/10 21:21:25 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
    [2012/05/10 21:21:24 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/05/10 08:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2012/05/10 08:24:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/05/10 08:24:14 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/05/10 08:24:14 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/05/10 08:24:14 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2012/05/09 23:53:02 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
     
  21. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    ========== Files - Modified Within 30 Days ==========

    [2012/06/02 18:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/02 18:01:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/02 18:00:58 | 000,679,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/02 18:00:58 | 000,128,298 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/02 17:36:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
    [2012/06/02 17:33:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1661793286-1334532520-4282233208-1001UA.job
    [2012/06/02 17:19:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/02 11:29:57 | 000,035,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/02 11:29:57 | 000,035,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/02 11:29:10 | 000,806,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/02 11:22:50 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2012/06/02 11:22:46 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
    [2012/06/02 11:22:43 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/02 11:22:41 | 000,000,044 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2012/06/02 11:22:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/02 11:22:28 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/01 21:25:53 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/01 19:33:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1661793286-1334532520-4282233208-1001Core.job
    [2012/05/31 19:03:15 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor-myname-.job
    [2012/05/28 20:36:46 | 001,732,597 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Cat.DB
    [2012/05/28 20:36:45 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
    [2012/05/28 20:34:47 | 000,001,209 | ---- | M] () -- D:\-myname-\Desktop\Norton Installation Files.lnk
    [2012/05/28 17:34:09 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- D:\-myname-\Desktop\TDSSKiller.exe
    [2012/05/28 11:39:52 | 000,000,072 | ---- | M] () -- C:\Users\-myname-\sfccheck.bat
    [2012/05/28 11:14:44 | 000,007,627 | ---- | M] () -- C:\Users\-myname-\AppData\Local\Resmon.ResmonCfg
    [2012/05/28 10:54:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/05/27 23:57:28 | 000,000,512 | ---- | M] () -- D:\-myname-\Desktop\MBR.dat
    [2012/05/27 15:42:45 | 000,607,260 | R--- | M] (Swearware) -- D:\-myname-\Desktop\dds.scr
    [2012/05/27 09:54:50 | 000,000,789 | ---- | M] () -- C:\Users\-myname-\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/05/26 23:57:17 | 000,803,158 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/05/26 23:07:03 | 000,000,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2012/05/23 21:33:57 | 000,002,314 | ---- | M] () -- D:\-myname-\Desktop\Google Chrome.lnk
    [2012/05/18 21:40:41 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\VT20120410.034
    [2012/05/18 19:54:33 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
    [2012/05/18 19:54:33 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
    [2012/05/18 19:54:33 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
    [2012/05/15 20:43:48 | 000,000,563 | ---- | M] () -- D:\-myname-\Desktop\Box Net.website
    [2012/05/15 20:30:28 | 000,002,529 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
    [2012/05/14 23:52:14 | 000,000,963 | ---- | M] () -- D:\-myname-\Desktop\Install Virtual CloneDrive.lnk
    [2012/05/13 23:02:08 | 000,001,310 | ---- | M] () -- D:\-myname-\Desktop\firefox new Profile.lnk
    [2012/05/13 21:53:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLAZE$.job
    [2012/05/13 12:02:02 | 000,001,672 | ---- | M] () -- D:\-myname-\Desktop\Google Drive.lnk
    [2012/05/13 00:45:26 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\isolate.ini
    [2012/05/12 14:07:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/05/11 07:36:38 | 000,001,415 | ---- | M] () -- D:\-myname-\Desktop\20120511_1435_2063068802 - Shortcut.lnk
    [2012/05/11 06:55:59 | 000,001,308 | ---- | M] () -- D:\-myname-\Desktop\aswclear - Shortcut.lnk
    [2012/05/11 05:27:42 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
    [2012/05/11 05:27:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
    [2012/05/11 05:21:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
    [2012/05/11 04:55:49 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2012/05/11 04:55:14 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2012/05/11 04:46:39 | 000,420,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/05/10 10:04:18 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/05/10 10:04:18 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/05/10 10:04:05 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

    ========== Files Created - No Company Name ==========

    [2012/06/01 21:25:53 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/05/28 20:36:45 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
    [2012/05/28 20:36:25 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0405000.022\isolate.ini
    [2012/05/28 18:38:59 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/05/28 11:38:55 | 000,000,072 | ---- | C] () -- C:\Users\-myname-\sfccheck.bat
    [2012/05/28 10:40:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/05/28 10:40:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/05/28 10:40:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/05/28 10:40:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/05/28 10:40:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/27 23:57:28 | 000,000,512 | ---- | C] () -- D:\-myname-\Desktop\MBR.dat
    [2012/05/27 09:54:50 | 000,000,789 | ---- | C] () -- C:\Users\-myname-\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/05/26 22:46:19 | 000,000,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2012/05/17 23:34:41 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
    [2012/05/15 20:30:28 | 000,002,745 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center Connector.lnk
    [2012/05/15 20:30:28 | 000,002,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Home Server Console.lnk
    [2012/05/15 20:30:28 | 000,002,529 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
    [2012/05/15 20:30:14 | 000,002,206 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP MediaSmart Server.lnk
    [2012/05/15 20:19:41 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2012/05/14 23:52:14 | 000,000,963 | ---- | C] () -- D:\-myname-\Desktop\Install Virtual CloneDrive.lnk
    [2012/05/13 23:01:54 | 000,001,310 | ---- | C] () -- D:\-myname-\Desktop\firefox new Profile.lnk
    [2012/05/13 13:43:57 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBLAZE$.job
    [2012/05/13 12:02:02 | 000,001,672 | ---- | C] () -- D:\-myname-\Desktop\Google Drive.lnk
    [2012/05/11 07:36:38 | 000,001,415 | ---- | C] () -- D:\-myname-\Desktop\20120511_1435_2063068802 - Shortcut.lnk
    [2012/05/11 06:55:59 | 000,001,308 | ---- | C] () -- D:\-myname-\Desktop\aswclear - Shortcut.lnk
    [2012/05/11 05:38:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/05/11 05:21:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
    [2012/05/10 23:10:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/05/10 08:19:40 | 2106,478,591 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/06 01:07:31 | 000,121,856 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/10 00:57:18 | 000,171,817 | ---- | C] () -- C:\Windows\hpoins52.dat
    [2011/09/10 00:57:18 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat
    [2011/09/10 00:29:01 | 000,189,227 | ---- | C] () -- C:\Windows\hpwins23.dat
    [2011/09/10 00:29:01 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat
    [2011/09/05 12:25:48 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
    [2011/08/29 22:09:48 | 000,173,056 | ---- | C] () -- C:\Windows\hpoins46.dat
    [2011/08/29 22:09:48 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
    [2011/08/23 22:39:32 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2011/08/23 22:39:12 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2011/08/20 03:16:11 | 000,007,627 | ---- | C] () -- C:\Users\-myname-\AppData\Local\Resmon.ResmonCfg
    [2011/08/14 16:25:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/08/14 16:20:09 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2011/08/09 12:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/08/09 12:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/08/09 11:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/05/18 19:17:42 | 000,803,158 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/03/25 19:16:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/03/25 19:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2011/08/20 03:40:38 | 000,001,024 | -H-- | M] () -- C:\.rnd
    [2012/05/19 14:03:06 | 000,000,000 | ---- | M] () -- C:\BnetLog.txt
    [2012/05/27 23:56:11 | 000,079,995 | ---- | M] () -- C:\bootkit_remover_debug_log.txt
    [2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2012/06/01 16:52:17 | 000,036,042 | ---- | M] () -- C:\ComboFix.txt
    [2011/10/23 16:45:44 | 009,608,495 | ---- | M] () -- C:\D2DV_IX86_1xx_113d.mpq
    [2011/08/27 18:29:59 | 000,000,482 | ---- | M] () -- C:\Go to Drv D.lnk
    [2012/06/02 11:22:28 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/02 11:22:29 | 1048,576,000 | -HS- | M] () -- C:\pagefile.sys
    [2012/05/28 17:36:41 | 000,170,882 | ---- | M] () -- C:\TDSSKiller.2.7.38.0_28.05.2012_17.34.27_log.txt
    [2012/05/28 18:00:43 | 000,343,588 | ---- | M] () -- C:\TDSSKiller.2.7.38.0_28.05.2012_17.37.00_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 16:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/08/20 03:38:13 | 000,000,221 | -HS- | M] () -- C:\Users\-myname-\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/02 18:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/02 11:22:43 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/02 17:19:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/01 19:33:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1661793286-1334532520-4282233208-1001Core.job
    [2012/06/02 17:33:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1661793286-1334532520-4282233208-1001UA.job
    [2012/06/02 17:36:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
    [2012/05/13 21:53:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLAZE$.job
    [2012/05/31 19:03:15 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor-myname-.job
    [2012/06/02 11:22:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/05/12 14:08:37 | 000,032,578 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/05/28 20:35:01 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/05/28 20:35:01 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/10/01 22:41:16 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/10/01 22:41:16 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012/05/28 20:35:01 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/06/02 11:22:41 | 000,000,044 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2011/05/10 13:37:22 | 000,000,003 | ---- | M] () -- C:\ProgramData\AbsoluteNotifier.txt
    [2012/01/18 03:20:25 | 000,007,626 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >
    File Renamer - Basic Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:57B374AB
    < End of report >
     
  22. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    I did remove MSE, kept N360 licensed
    Oops, that was the FULL SCAN above, from the clipboard, not going to the separate files
     
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OTL log is clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Still with me?
     
  25. cpufox

    cpufox TS Rookie Topic Starter Posts: 17

    really do appreciate your help, you've been outstanding in your follow-up!

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    HijackThis 2.0.2
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````
    ++++
    FSS.txt
    Farbar Service Scanner Version: 05-06-2012
    Ran by jwestover (administrator) on 07-06-2012 at 20:50:04
    Running from "\\MINIME\Software\Download\Antivirus"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...