TechSpot

Multiple iexplore.exe instances spawning without IE running

Solved
By DigTheDoug
Apr 23, 2012
  1. Hi,

    Thanks in advance to anyone who can help me. I don't notice anything out of the ordinary in the way the computer is acting aside from multiple instances of iexplore.exe spawning in the processes list. Microsoft Security Essentials notified me of a possible Trojan threat which tipped me off. I'll post all my logs below.

    The MSE file entry was:
    Trojan:JS/Redirector.JK
    [Items]
    file:C:\Users\Doug\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JEHMPJO\hautetalk_com[1].htm->(SCRIPT0000)

    -------------------------------------

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.23.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Doug :: OFFICE [administrator]

    4/23/2012 1:18:31 PM
    mbam-log-2012-04-23 (13-18-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 252443
    Time elapsed: 5 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\System32\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Doug\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully.

    (end)

    -------------------------------

    (GMER log was empty)

    -------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Doug at 18:24:06 on 2012-04-23
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8154.5058 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\erlsrv.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\erl.exe
    C:\Windows\system32\conhost.exe
    C:\PROGRA~2\APACHE~1\CouchDB\ERTS-5~1.4\bin\epmd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\lxcccoms.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\TortoiseHg\TortoiseHgOverlayServer.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
    uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [BitTorrent] RunDLL32.exe C:\Users\Doug\AppData\Local\BitTorrent\sgncirdd.dll,CreateTzanShell
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [TortoiseHgOverlayIconServer] C:\Program Files (x86)\TortoiseHg\TortoiseHgOverlayServer.exe
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
    DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{A8B5FDAB-0B57-4FAC-B099-25819234B758} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{B3E08FAC-BE4F-4B3E-8A29-EFDB690780C5} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO-X64: AMD SteadyVideo BHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [TortoiseHgOverlayIconServer] C:\Program Files (x86)\TortoiseHg\TortoiseHgOverlayServer.exe
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
    Hosts: 23.21.243.9 build.visiblegainsdev.com
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ebvejd9z.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4\plugins\npdeployJava1.dll
    FF - plugin: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-9 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
    R2 Apache CouchDB01cc6ef5a400cae0;Apache CouchDB;C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\erlsrv.exe [2011-9-9 158208]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2010-12-26 25832]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-7 8704]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 253088]
    S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-4-6 14216]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-4-6 8456]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-23 22:23:05 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA3D0462-1C1E-4BF7-B98A-6BBC08B087C4}\mpengine.dll
    2012-04-23 17:18:05 -------- d-----w- C:\Users\Doug\AppData\Roaming\Malwarebytes
    2012-04-23 17:17:54 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-23 17:17:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-23 17:17:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-23 14:42:54 -------- d-----w- C:\Users\Doug\AppData\Local\BitTorrent
    2012-04-22 09:21:56 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2012-04-22 02:06:45 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2012-04-22 01:30:56 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
    2012-04-21 22:40:35 -------- d-----w- C:\Fraps
    2012-04-21 13:18:01 389608 ----a-w- C:\Windows\System32\drivers\asmtxhci.sys
    2012-04-21 13:17:25 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2012-04-20 21:00:02 -------- d-----w- C:\Program Files (x86)\Diablo III Beta
    2012-04-20 20:58:06 -------- d-----w- C:\ProgramData\Battle.net
    2012-04-20 18:08:13 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2012-04-20 02:26:54 -------- d-----w- C:\Users\Doug\AppData\Local\Redlynx
    2012-04-19 02:56:03 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-19 02:22:16 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-10 23:47:22 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-10 23:47:22 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-10 23:47:21 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-10 23:44:54 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-10 23:44:54 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-10 23:44:54 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-10 23:44:53 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-10 23:44:53 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-10 23:44:53 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-10 23:44:53 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-06 22:16:17 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
    2012-04-06 22:16:17 15360 ----a-w- C:\Windows\System32\drivers\pneteth.sys
    2012-04-06 22:16:17 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
    2012-04-06 22:16:17 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
    2012-04-06 22:05:40 -------- d-----w- C:\android-sdk-windows
    2012-04-05 01:13:00 -------- d-----w- C:\Users\Doug\AppData\Roaming\Trine2
    2012-03-31 17:43:47 -------- d-----w- C:\Users\Doug\AppData\Roaming\Intuit
    2012-03-31 17:42:22 -------- d-----w- C:\Users\Doug\AppData\Local\IsolatedStorage
    2012-03-31 17:42:19 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
    2012-03-31 17:41:40 -------- d-----w- C:\Program Files (x86)\TurboTax
    2012-03-31 17:41:16 -------- d-----w- C:\ProgramData\Intuit
    2012-03-29 01:54:07 -------- d-----w- C:\Users\Doug\AppData\Roaming\GOG.com
    2012-03-27 03:25:20 -------- d-----w- C:\Program Files (x86)\Stardock
    .
    ==================== Find3M ====================
    .
    2012-04-21 16:26:57 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2012-04-19 02:56:26 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-27 02:50:59 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-03-27 02:50:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-03-27 02:50:59 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-03-27 02:50:59 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-03-23 21:32:46 1127712 ----a-w- C:\ProgramData\SPL8B55.tmp
    2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-15 02:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-02-15 02:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-02-15 02:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-02-15 02:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-02-15 02:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-02-15 02:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-02-15 02:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-02-15 02:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-31 11:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2012-01-31 11:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 18:24:50.88 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/30/2009 9:22:28 PM
    System Uptime: 4/23/2012 1:31:26 PM (5 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | M5A97
    Processor: AMD Phenom(tm) II X4 965 Processor | AM3r2 | 3400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 409.838 GiB free.
    L: is FIXED (NTFS) - 233 GiB total, 73.853 GiB free.
    N: is FIXED (NTFS) - 596 GiB total, 216.75 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    @BIOS Ver.2.07
    µTorrent
    7-Zip 9.20
    Add-in Express 2010 for Microsoft Office and .NET, Standard
    Add or Remove Adobe Creative Suite 3 Web Premium
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Web Premium
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash CS3
    Adobe Flex Builder 3
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AIDA64 Extreme Edition v1.80
    Air Video Server 2.4.3
    Alan Wake
    Alien Swarm
    Alien Swarm - SDK
    All Zombies Must Die!
    Alpha Protocol
    Amazon Kindle
    Amazon MP3 Downloader 1.0.15
    Amazon MP3 Uploader
    AMD VISION Engine Control Center
    And Yet It Moves
    Apache CouchDB 1.1.0
    Apple Application Support
    Apple Software Update
    Aptana Studio 2.0
    Arcanum Of Steamworks and Magick Obscura
    Asmedia ASM104x USB 3.0 Host Controller Driver
    ATI Catalyst Registration
    Atom Zombie Smasher
    Audiosurf
    AutoHotkey 1.1.05.04
    Baldur's Gate
    Baldur's Gate II
    Baldur's Gate Tutu
    Bastion
    Battlefield: Bad Company 2
    Beneath a Steel Sky
    Beyond Good & Evil
    BioShock
    BIT.TRIP RUNNER
    BookSmart® 3.1.0 3.1.0
    Borderlands
    Braid
    Broken Sword - The Shadow of the Templars
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chime
    Cogs
    Commandos: Beyond the Call of Duty
    Company of Heroes
    Crayon Physics Deluxe
    Crysis
    Crystal Reports Basic for Visual Studio 2008
    Crystal Reports for Visual Studio
    Cthulhu Saves the World
    Darwinia
    Data Lifeguard Diagnostic for Windows 1.22
    Dead Rising 2
    Defense Grid: The Awakening
    Deus Ex - HDTP
    Deus Ex: Game of the Year Edition
    Deus Ex: Human Revolution
    Diablo III Beta
    DiRT 2
    Dotfuscator Software Services - Community Edition
    Dragon Age: Origins - Ultimate Edition
    Dropbox
    Dual-Core Optimizer
    Dungeon Defenders
    DVD Profiler Version 3.7.2
    DVDStyler v1.8.1
    EASEUS Partition Master 8.0.1 Home Edition
    eReg
    Everyday Shooter
    Evil Genius
    Fallout Tactics
    Fallout: New Vegas
    Far Cry 2
    Fiddler2
    FileZilla Client 3.5.0
    FLV Player 2.0 (build 25)
    foobar2000 v0.9.6.9
    Foxit Reader
    Fraps
    Freedom Force vs. the 3rd Reich
    Frets On Fire
    Full Pipe
    Galactic Civilizations II Demo
    Garry's Mod
    Ghost Master
    Git version 1.7.9-preview20120201
    GOG.com Downloader version 3.0.25
    Google App Engine
    Google Chrome
    Greed Corp
    Guardians of Graxia
    Hammerfight
    Hi-Rez Studios Authenticate and Update Service
    Hitman: Blood Money
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2522890)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973)
    Hotfix for Microsoft Windows Phone Developer Tools - ENU (KB2635973)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HP Deskjet 1000 J110 series Help
    HydraVision
    Indiana Jones and the Fate of Atlantis
    Indiana Jones and the Last Crusade
    IrfanView (remove only)
    Jamestown
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 6 Update 29
    JetBrains PyCharm 1.0.1
    JetBrains PyCharm 1.1.1
    JetBrains PyCharm 1.5.4
    JetBrains PyCharm 2.0.1
    JetBrains PyCharm 2.0.2
    JetBrains PyCharm 2.5
    JMicron JMB36X Driver
    Just Cause 2
    Killing Floor
    Lara Croft and the Guardian of Light
    Last.fm 1.5.4.27091
    Lead and Gold - Gangs of the Wild West
    Left 4 Dead
    Left 4 Dead 2
    Left 4 Dead 2 Add-on Support
    Left 4 Dead 2 Authoring Tools
    LIMBO
    Logitech Harmony Remote Software 7
    Loom
    Magicka
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mass Effect
    Mass Effect 2
    Master of Orion 1 and 2
    Memoir '44 Online
    Metro 2033
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 1.0
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Document Explorer 2008
    Microsoft Expression Blend 3 SDK
    Microsoft Expression Blend 4
    Microsoft Expression Blend 4 Add-in for Adobe FXG Import
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Expression Blend SDK for Windows Phone 7
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight Tools for Visual Studio 2010
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express for Windows Phone - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Ultimate - ENU
    Microsoft Visual Studio Macro Tools
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows Phone 7 Developer Resources
    Microsoft Windows Phone Developer Tools - ENU
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Microsoft XNA Game Studio 4.0
    Microsoft XNA Game Studio 4.0 (ARP entry)
    Microsoft XNA Game Studio 4.0 (Redists)
    Microsoft XNA Game Studio 4.0 (Shared Components)
    Microsoft XNA Game Studio 4.0 (Visual Studio)
    Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
    Microsoft XNA Game Studio 4.0 Documentation
    Microsoft XNA Game Studio 4.0 Windows Phone Extensions
    Microsoft XNA Game Studio Platform Tools
    Monday Night Combat
    MongoExplorer
    Monkey Island 2: Special Edition
    Mozilla Firefox (3.6.15)
    Mozilla Firefox 11.0 (x86 en-US)
    Mp3tag v2.45a
    Mr. Robot
    Neighbours From Hell Compilation
    NVIDIA PhysX
    Oddworld: Abe's Oddysee
    On the Rain-Slick Precipice of Darkness, Episode Two
    OpenAL
    OpenOffice.org 3.2
    OpenSSL 1.0.0g (32-bit)
    Opera 11.62
    Orcs Must Die!
    Osmos
    PdaNet for Android 3.50
    PDF Settings
    Plants Vs Zombies
    Portal
    Psychonauts
    PunkBuster Services
    Puzzle Agent 2
    Python 2.6 pygame-1.9.1
    Python 2.6.1
    Python 2.7
    Python 2.7 M2Crypto-0.21.1
    Python 2.7 PIL-1.1.7
    Python 2.7 pycrypto-2.1.0
    Python 2.7 pycrypto-2.3
    Python 2.7 pywin32-214
    Python 2.7 setuptools-0.6c11
    QuickTime
    Race for the Galaxy 0.7.4
    Rapture3D 2.3.26 Game
    Realtek High Definition Audio Driver
    Remote Control USB Driver
    Revenge of the Titans
    Rock of Ages
    Safari
    Safecracker: The Ultimate Puzzle Adventure
    Saints Row 2
    Saints Row: The Third
    Samorost 2
    Sanctum
    ScummVM 1.1.1
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Sequence
    Shadowgrounds
    Shatter
    Sid Meier's Civilization IV
    Sid Meier's Civilization IV: Beyond the Sword
    Sid Meier's Civilization IV: Warlords
    Sid Meier's Civilization V
    Sid Meier's Civilization V SDK
    Skype™ 4.1
    Space Pirates and Zombies
    SpaceChem
    SpeedFan (remove only)
    STALKER: Shadow of Chernobyl
    Star Ruler - Demo
    Steam
    Sublime Text 1.4
    Super Meat Boy
    Super MNC Invitational
    Swords and Soldiers HD
    Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
    Team Fortress 2
    Tex Murphy 1 and 2
    The Binding Of Isaac
    The Dig
    The Elder Scrolls V: Skyrim
    The Lord of the Rings FREE Trial
    The Misadventures of P.B. Winterbottom
    The Secret of Monkey Island: Special Edition
    The Witcher 2
    The Witcher: Enhanced Edition
    Titan Quest: Immortal Throne
    To the Moon
    Tom Clancy's Splinter Cell
    Tom Clancy's Splinter Cell: Double Agent
    Torchlight
    Torchlight Editor
    TortoiseSVN 1.6.6.17493 (32 bit)
    Treasure Adventure Game
    Trials 2: Second Edition
    Tribes Ascend Closed Beta
    Trine
    Trine 2
    Tropico 3 - Steam Special Edition
    Tropico 3: Absolute Power
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wmaiper
    TurboTax 2011 wnhiper
    TurboTax 2011 wrapper
    Under a Killing Moon
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
    Uplink
    VC Runtimes MSI
    VirtualCloneDrive
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Visual Studio Tools for the Office system 3.0 Runtime
    VisualSVN 1.7.8
    Viva Piñata®
    VLC media player 1.1.1
    VVVVVV
    WCF RIA Services V1.0 SP1
    Windows Live Sync
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Windows Phone 7 Add-in for Visual Studio 2010 - ENU
    Worms Reloaded
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    X-COM: Terror from the Deep
    X-COM: UFO Defense
    XBMC
    Zen Bound® 2
    Zombie Driver
    Zombie Shooter 2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/23/2012 2:12:10 PM, Error: Service Control Manager [7034] - The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
    4/23/2012 1:39:54 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    4/23/2012 1:35:48 PM, Error: Service Control Manager [7034] - The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly. It has done this 1 time(s).
    4/23/2012 1:35:41 PM, Error: Service Control Manager [7034] - The Dragon Age: Origins - Content Updater service terminated unexpectedly. It has done this 1 time(s).
    4/23/2012 1:34:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    4/23/2012 1:34:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.
    4/23/2012 1:34:31 PM, Error: Service Control Manager [7000] - The Net.Pipe Listener Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/23/2012 1:33:59 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    4/23/2012 1:33:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
    4/23/2012 1:33:48 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/22/2012 5:37:22 AM, Error: Service Control Manager [7043] - The AMD FUEL Service service did not shut down properly after receiving a preshutdown control.
    4/22/2012 5:36:49 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    4/22/2012 5:15:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
    4/22/2012 5:15:24 AM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/22/2012 1:36:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    4/21/2012 9:25:57 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    4/21/2012 12:41:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.146.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    4/21/2012 12:32:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dragon Age: Origins - Content Updater service to connect.
    4/21/2012 12:31:21 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
    4/21/2012 12:16:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.146.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    4/17/2012 12:03:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =========================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    Thanks for the help!

    I'm running the aswmbr scan now and it seems to be hanging on something, but I'm not sure if that's expected. It's completed the first 4 directories
    \windows
    \windows\system32
    \windows\system32\drivers
    \Users\Doug
    in 7 minutes total according to the time codes, but it has been on this one last object now for over 40 minutes
    C:\Users\Doug\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Network_ (here it gets cut off by the window and I can't extend it)

    Also in the time that it's been doing this, the iexplore.exe processes have multiplied from 6 to 26.
     
  4. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Proceed with Bootkit Remover.
     
  5. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    Thanks, here's the log results of the unfinished aswMBR just in case:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-23 20:03:41
    -----------------------------
    20:03:41.457 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:03:41.457 Number of processors: 4 586 0x403
    20:03:41.457 ComputerName: OFFICE UserName: Doug
    20:03:42.520 Initialize success
    20:04:26.961 AVAST engine defs: 12042301
    20:04:37.876 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:04:37.879 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
    20:04:37.879 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
    20:04:37.881 Disk 1 Vendor: WDC_WD6400AAKS-65A7B0 01.03B01 Size: 610480MB BusType: 3
    20:04:37.884 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
    20:04:37.884 Disk 2 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238471MB BusType: 3
    20:04:37.904 Disk 0 MBR read successfully
    20:04:37.906 Disk 0 MBR scan
    20:04:37.911 Disk 0 Windows 7 default MBR code
    20:04:37.914 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63
    20:04:37.976 Disk 0 scanning C:\Windows\system32\drivers
    20:04:53.810 Service scanning
    20:05:27.067 Modules scanning
    20:05:27.072 Disk 0 trace - called modules:
    20:05:27.094 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    20:05:27.097 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007deb060]
    20:05:27.102 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800774d520]
    20:05:27.104 5 ACPI.sys[fffff88000efc7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007763060]
    20:05:28.057 AVAST engine scan C:\Windows
    20:05:32.104 AVAST engine scan C:\Windows\system32
    20:11:53.245 AVAST engine scan C:\Windows\system32\drivers
    20:12:12.444 AVAST engine scan C:\Users\Doug
    21:12:44.935 Disk 0 MBR has been saved successfully to "C:\Users\Doug\Desktop\MBR.dat"
    21:12:44.982 The log file has been saved successfully to "C:\Users\Doug\Desktop\aswMBR.txt"
     
  6. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    You posted Attach.txt part of DDS instead of Bootkit Remover log.
     
  7. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    Sorry, it seems the Ctrl+C off that command window wasn't working for me. Here's the correct info:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  8. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    21:27:30.0021 1316 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
    21:27:30.0246 1316 ============================================================
    21:27:30.0246 1316 Current date / time: 2012/04/23 21:27:30.0246
    21:27:30.0246 1316 SystemInfo:
    21:27:30.0246 1316
    21:27:30.0246 1316 OS Version: 6.1.7601 ServicePack: 1.0
    21:27:30.0246 1316 Product type: Workstation
    21:27:30.0246 1316 ComputerName: OFFICE
    21:27:30.0246 1316 UserName: Doug
    21:27:30.0246 1316 Windows directory: C:\Windows
    21:27:30.0246 1316 System windows directory: C:\Windows
    21:27:30.0246 1316 Running under WOW64
    21:27:30.0246 1316 Processor architecture: Intel x64
    21:27:30.0246 1316 Number of processors: 4
    21:27:30.0246 1316 Page size: 0x1000
    21:27:30.0246 1316 Boot type: Normal boot
    21:27:30.0246 1316 ============================================================
    21:27:31.0844 1316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:27:31.0859 1316 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:27:31.0859 1316 Drive \Device\Harddisk2\DR2 - Size: 0x3A38725E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:27:31.0864 1316 ============================================================
    21:27:31.0864 1316 \Device\Harddisk0\DR0:
    21:27:31.0864 1316 MBR partitions:
    21:27:31.0864 1316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
    21:27:31.0864 1316 \Device\Harddisk1\DR1:
    21:27:31.0864 1316 MBR partitions:
    21:27:31.0864 1316 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
    21:27:31.0864 1316 \Device\Harddisk2\DR2:
    21:27:31.0864 1316 MBR partitions:
    21:27:31.0864 1316 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C38F1
    21:27:31.0864 1316 ============================================================
    21:27:31.0911 1316 N: <-> \Device\Harddisk1\DR1\Partition0
    21:27:31.0941 1316 L: <-> \Device\Harddisk2\DR2\Partition0
    21:27:32.0004 1316 C: <-> \Device\Harddisk0\DR0\Partition0
    21:27:32.0024 1316 ============================================================
    21:27:32.0024 1316 Initialize success
    21:27:32.0024 1316 ============================================================
    21:27:44.0922 4084 ============================================================
    21:27:44.0922 4084 Scan started
    21:27:44.0922 4084 Mode: Manual;
    21:27:44.0922 4084 ============================================================
    21:27:46.0052 4084 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    21:27:46.0055 4084 1394ohci - ok
    21:27:46.0200 4084 ACDaemon - ok
    21:27:46.0285 4084 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    21:27:46.0290 4084 ACPI - ok
    21:27:46.0325 4084 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    21:27:46.0325 4084 AcpiPmi - ok
    21:27:46.0465 4084 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:27:46.0467 4084 AdobeFlashPlayerUpdateSvc - ok
    21:27:46.0530 4084 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:27:46.0535 4084 adp94xx - ok
    21:27:46.0582 4084 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    21:27:46.0587 4084 adpahci - ok
    21:27:46.0600 4084 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    21:27:46.0602 4084 adpu320 - ok
    21:27:46.0637 4084 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    21:27:46.0637 4084 AeLookupSvc - ok
    21:27:46.0692 4084 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
    21:27:46.0692 4084 Afc - ok
    21:27:46.0777 4084 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    21:27:46.0782 4084 AFD - ok
    21:27:46.0812 4084 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    21:27:46.0812 4084 agp440 - ok
    21:27:46.0855 4084 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    21:27:46.0855 4084 ALG - ok
    21:27:46.0892 4084 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    21:27:46.0895 4084 aliide - ok
    21:27:47.0012 4084 ALSysIO - ok
    21:27:47.0070 4084 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe
    21:27:47.0072 4084 AMD External Events Utility - ok
    21:27:47.0190 4084 AMD FUEL Service - ok
    21:27:47.0270 4084 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    21:27:47.0270 4084 amdide - ok
    21:27:47.0308 4084 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    21:27:47.0323 4084 amdiox64 - ok
    21:27:47.0393 4084 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    21:27:47.0395 4084 AmdK8 - ok
    21:27:47.0778 4084 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:27:47.0873 4084 amdkmdag - ok
    21:27:47.0985 4084 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys
    21:27:47.0988 4084 amdkmdap - ok
    21:27:48.0010 4084 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    21:27:48.0010 4084 AmdPPM - ok
    21:27:48.0088 4084 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    21:27:48.0090 4084 amdsata - ok
    21:27:48.0118 4084 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:27:48.0118 4084 amdsbs - ok
    21:27:48.0133 4084 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    21:27:48.0135 4084 amdxata - ok
    21:27:48.0215 4084 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    21:27:48.0215 4084 AODDriver4.01 - ok
    21:27:48.0405 4084 Apache CouchDB01cc6ef5a400cae0 (74bd879335bb251ba16ef299467eba8c) C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\erlsrv.exe
    21:27:48.0405 4084 Apache CouchDB01cc6ef5a400cae0 - ok
    21:27:48.0535 4084 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
    21:27:48.0535 4084 AppHostSvc - ok
    21:27:48.0625 4084 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    21:27:48.0625 4084 AppID - ok
    21:27:48.0648 4084 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    21:27:48.0648 4084 AppIDSvc - ok
    21:27:48.0728 4084 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    21:27:48.0728 4084 Appinfo - ok
    21:27:48.0878 4084 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:27:48.0878 4084 Apple Mobile Device - ok
    21:27:48.0915 4084 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    21:27:48.0918 4084 AppMgmt - ok
    21:27:48.0953 4084 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    21:27:48.0953 4084 arc - ok
    21:27:48.0970 4084 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    21:27:48.0973 4084 arcsas - ok
    21:27:49.0050 4084 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
    21:27:49.0050 4084 asmthub3 - ok
    21:27:49.0133 4084 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
    21:27:49.0135 4084 asmtxhci - ok
    21:27:49.0275 4084 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:27:49.0275 4084 aspnet_state - ok
    21:27:49.0293 4084 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:27:49.0293 4084 AsyncMac - ok
    21:27:49.0330 4084 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    21:27:49.0333 4084 atapi - ok
    21:27:49.0410 4084 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
    21:27:49.0410 4084 AtiHDAudioService - ok
    21:27:49.0455 4084 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
    21:27:49.0458 4084 AtiHdmiService - ok
    21:27:49.0715 4084 atikmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:27:49.0758 4084 atikmdag - ok
    21:27:49.0895 4084 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:27:49.0903 4084 AudioEndpointBuilder - ok
    21:27:49.0908 4084 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:27:49.0910 4084 AudioSrv - ok
    21:27:49.0970 4084 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    21:27:49.0973 4084 AxInstSV - ok
    21:27:50.0050 4084 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    21:27:50.0055 4084 b06bdrv - ok
    21:27:50.0088 4084 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:27:50.0093 4084 b57nd60a - ok
    21:27:50.0145 4084 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    21:27:50.0148 4084 BDESVC - ok
    21:27:50.0188 4084 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    21:27:50.0188 4084 Beep - ok
    21:27:50.0260 4084 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    21:27:50.0268 4084 BFE - ok
    21:27:50.0290 4084 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    21:27:50.0298 4084 BITS - ok
    21:27:50.0328 4084 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:27:50.0328 4084 blbdrive - ok
    21:27:50.0453 4084 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    21:27:50.0458 4084 Bonjour Service - ok
    21:27:50.0498 4084 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    21:27:50.0500 4084 bowser - ok
    21:27:50.0503 4084 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:27:50.0503 4084 BrFiltLo - ok
    21:27:50.0505 4084 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:27:50.0505 4084 BrFiltUp - ok
    21:27:50.0553 4084 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    21:27:50.0555 4084 Browser - ok
    21:27:50.0563 4084 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    21:27:50.0568 4084 Brserid - ok
    21:27:50.0593 4084 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:27:50.0593 4084 BrSerWdm - ok
    21:27:50.0595 4084 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:27:50.0598 4084 BrUsbMdm - ok
    21:27:50.0600 4084 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:27:50.0600 4084 BrUsbSer - ok
    21:27:50.0605 4084 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:27:50.0605 4084 BTHMODEM - ok
    21:27:50.0633 4084 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    21:27:50.0633 4084 bthserv - ok
    21:27:50.0655 4084 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:27:50.0658 4084 cdfs - ok
    21:27:50.0695 4084 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    21:27:50.0698 4084 cdrom - ok
    21:27:50.0733 4084 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:27:50.0735 4084 CertPropSvc - ok
    21:27:50.0748 4084 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    21:27:50.0748 4084 circlass - ok
    21:27:50.0788 4084 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    21:27:50.0793 4084 CLFS - ok
    21:27:50.0885 4084 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:27:50.0885 4084 clr_optimization_v2.0.50727_32 - ok
    21:27:50.0943 4084 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:27:50.0945 4084 clr_optimization_v2.0.50727_64 - ok
    21:27:51.0045 4084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:27:51.0048 4084 clr_optimization_v4.0.30319_32 - ok
    21:27:51.0113 4084 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:27:51.0113 4084 clr_optimization_v4.0.30319_64 - ok
    21:27:51.0133 4084 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:27:51.0133 4084 CmBatt - ok
    21:27:51.0178 4084 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    21:27:51.0178 4084 cmdide - ok
    21:27:51.0258 4084 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    21:27:51.0263 4084 CNG - ok
    21:27:51.0278 4084 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    21:27:51.0280 4084 Compbatt - ok
    21:27:51.0350 4084 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    21:27:51.0350 4084 CompositeBus - ok
    21:27:51.0368 4084 COMSysApp - ok
    21:27:51.0485 4084 cpuz130 - ok
    21:27:51.0505 4084 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:27:51.0505 4084 crcdisk - ok
    21:27:51.0555 4084 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    21:27:51.0558 4084 CryptSvc - ok
    21:27:51.0610 4084 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    21:27:51.0615 4084 CSC - ok
    21:27:51.0648 4084 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    21:27:51.0653 4084 CscService - ok
    21:27:51.0905 4084 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
    21:27:51.0905 4084 DAUpdaterSvc - ok
    21:27:51.0988 4084 dc3d (15c2afd86d8a58354fc100434c78b621) C:\Windows\system32\DRIVERS\dc3d.sys
    21:27:51.0988 4084 dc3d - ok
    21:27:52.0045 4084 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    21:27:52.0050 4084 DcomLaunch - ok
    21:27:52.0088 4084 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    21:27:52.0090 4084 defragsvc - ok
    21:27:52.0123 4084 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    21:27:52.0123 4084 DfsC - ok
    21:27:52.0155 4084 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    21:27:52.0158 4084 Dhcp - ok
    21:27:52.0180 4084 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    21:27:52.0180 4084 discache - ok
    21:27:52.0213 4084 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    21:27:52.0213 4084 Disk - ok
    21:27:52.0253 4084 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    21:27:52.0255 4084 Dnscache - ok
    21:27:52.0320 4084 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    21:27:52.0323 4084 dot3svc - ok
    21:27:52.0365 4084 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    21:27:52.0368 4084 DPS - ok
    21:27:52.0423 4084 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    21:27:52.0425 4084 drmkaud - ok
    21:27:52.0460 4084 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    21:27:52.0468 4084 DXGKrnl - ok
    21:27:52.0498 4084 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    21:27:52.0500 4084 EapHost - ok
    21:27:52.0588 4084 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    21:27:52.0618 4084 ebdrv - ok
    21:27:52.0738 4084 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    21:27:52.0738 4084 EFS - ok
    21:27:52.0825 4084 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    21:27:52.0833 4084 ehRecvr - ok
    21:27:52.0880 4084 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    21:27:52.0883 4084 ehSched - ok
    21:27:52.0958 4084 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
    21:27:52.0960 4084 ElbyCDIO - ok
    21:27:52.0985 4084 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    21:27:52.0990 4084 elxstor - ok
    21:27:53.0035 4084 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
    21:27:53.0035 4084 ENTECH64 - ok
    21:27:53.0093 4084 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
    21:27:53.0093 4084 epmntdrv - ok
    21:27:53.0133 4084 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    21:27:53.0135 4084 ErrDev - ok
    21:27:53.0158 4084 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
    21:27:53.0160 4084 EuGdiDrv - ok
    21:27:53.0195 4084 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    21:27:53.0203 4084 EventSystem - ok
    21:27:53.0233 4084 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    21:27:53.0235 4084 exfat - ok
    21:27:53.0263 4084 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    21:27:53.0265 4084 fastfat - ok
    21:27:53.0365 4084 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    21:27:53.0373 4084 Fax - ok
    21:27:53.0393 4084 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    21:27:53.0393 4084 fdc - ok
    21:27:53.0410 4084 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    21:27:53.0410 4084 fdPHost - ok
    21:27:53.0425 4084 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    21:27:53.0425 4084 FDResPub - ok
    21:27:53.0438 4084 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    21:27:53.0440 4084 FileInfo - ok
    21:27:53.0463 4084 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    21:27:53.0465 4084 Filetrace - ok
    21:27:53.0550 4084 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    21:27:53.0558 4084 FLEXnet Licensing Service - ok
    21:27:53.0560 4084 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:27:53.0563 4084 flpydisk - ok
    21:27:53.0633 4084 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    21:27:53.0638 4084 FltMgr - ok
    21:27:53.0703 4084 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    21:27:53.0713 4084 FontCache - ok
    21:27:53.0790 4084 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:27:53.0793 4084 FontCache3.0.0.0 - ok
    21:27:53.0855 4084 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    21:27:53.0855 4084 FsDepends - ok
    21:27:53.0895 4084 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    21:27:53.0895 4084 Fs_Rec - ok
    21:27:53.0938 4084 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    21:27:53.0940 4084 fvevol - ok
    21:27:54.0005 4084 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:27:54.0008 4084 gagp30kx - ok
    21:27:54.0058 4084 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
    21:27:54.0060 4084 gdrv - ok
    21:27:54.0118 4084 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:27:54.0118 4084 GEARAspiWDM - ok
    21:27:54.0168 4084 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    21:27:54.0175 4084 gpsvc - ok
    21:27:54.0190 4084 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    21:27:54.0190 4084 hcw85cir - ok
    21:27:54.0258 4084 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    21:27:54.0263 4084 HdAudAddService - ok
    21:27:54.0345 4084 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:27:54.0348 4084 HDAudBus - ok
    21:27:54.0350 4084 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:27:54.0353 4084 HidBatt - ok
    21:27:54.0368 4084 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    21:27:54.0370 4084 HidBth - ok
    21:27:54.0373 4084 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    21:27:54.0375 4084 HidIr - ok
    21:27:54.0403 4084 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    21:27:54.0403 4084 hidserv - ok
    21:27:54.0483 4084 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    21:27:54.0483 4084 HidUsb - ok
    21:27:54.0610 4084 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    21:27:54.0620 4084 HiPatchService - ok
    21:27:54.0650 4084 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    21:27:54.0650 4084 hkmsvc - ok
    21:27:54.0718 4084 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    21:27:54.0720 4084 HomeGroupListener - ok
    21:27:54.0738 4084 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    21:27:54.0740 4084 HomeGroupProvider - ok
    21:27:54.0775 4084 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    21:27:54.0778 4084 HpSAMD - ok
    21:27:54.0870 4084 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    21:27:54.0875 4084 HTTP - ok
    21:27:54.0938 4084 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    21:27:54.0938 4084 hwpolicy - ok
    21:27:54.0995 4084 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    21:27:54.0998 4084 i8042prt - ok
    21:27:55.0043 4084 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    21:27:55.0048 4084 iaStorV - ok
    21:27:55.0208 4084 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:27:55.0215 4084 idsvc - ok
    21:27:55.0325 4084 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    21:27:55.0325 4084 iirsp - ok
    21:27:55.0400 4084 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    21:27:55.0408 4084 IKEEXT - ok
    21:27:55.0518 4084 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
    21:27:55.0540 4084 IntcAzAudAddService - ok
    21:27:55.0643 4084 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    21:27:55.0643 4084 intelide - ok
    21:27:55.0685 4084 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    21:27:55.0688 4084 intelppm - ok
    21:27:55.0823 4084 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    21:27:55.0823 4084 IntuitUpdateServiceV4 - ok
    21:27:55.0870 4084 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    21:27:55.0870 4084 IPBusEnum - ok
    21:27:55.0908 4084 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:27:55.0908 4084 IpFilterDriver - ok
    21:27:55.0963 4084 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    21:27:55.0968 4084 iphlpsvc - ok
    21:27:56.0010 4084 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    21:27:56.0010 4084 IPMIDRV - ok
    21:27:56.0015 4084 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    21:27:56.0018 4084 IPNAT - ok
    21:27:56.0123 4084 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
    21:27:56.0133 4084 iPod Service - ok
    21:27:56.0165 4084 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    21:27:56.0165 4084 IRENUM - ok
    21:27:56.0200 4084 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    21:27:56.0200 4084 isapnp - ok
    21:27:56.0223 4084 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    21:27:56.0225 4084 iScsiPrt - ok
    21:27:56.0288 4084 JRAID (c2f9be83db87b30da2b52eeb1daee1ce) C:\Windows\system32\DRIVERS\jraid.sys
    21:27:56.0290 4084 JRAID - ok
    21:27:56.0345 4084 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:27:56.0345 4084 kbdclass - ok
    21:27:56.0395 4084 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:27:56.0395 4084 kbdhid - ok
    21:27:56.0463 4084 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:27:56.0463 4084 KeyIso - ok
    21:27:56.0475 4084 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    21:27:56.0478 4084 KSecDD - ok
    21:27:56.0485 4084 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    21:27:56.0488 4084 KSecPkg - ok
    21:27:56.0505 4084 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    21:27:56.0505 4084 ksthunk - ok
    21:27:56.0533 4084 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    21:27:56.0538 4084 KtmRm - ok
    21:27:56.0563 4084 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    21:27:56.0565 4084 LanmanServer - ok
    21:27:56.0633 4084 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    21:27:56.0635 4084 LanmanWorkstation - ok
    21:27:56.0795 4084 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    21:27:56.0798 4084 LBTServ - ok
    21:27:56.0828 4084 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    21:27:56.0828 4084 LHidFilt - ok
    21:27:56.0868 4084 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    21:27:56.0868 4084 lltdio - ok
    21:27:56.0898 4084 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    21:27:56.0900 4084 lltdsvc - ok
    21:27:56.0915 4084 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    21:27:56.0918 4084 lmhosts - ok
    21:27:56.0983 4084 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    21:27:56.0983 4084 LMouFilt - ok
    21:27:57.0013 4084 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:27:57.0013 4084 LSI_FC - ok
    21:27:57.0050 4084 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:27:57.0050 4084 LSI_SAS - ok
    21:27:57.0065 4084 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:27:57.0068 4084 LSI_SAS2 - ok
    21:27:57.0090 4084 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:27:57.0090 4084 LSI_SCSI - ok
    21:27:57.0125 4084 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    21:27:57.0128 4084 luafv - ok
    21:27:57.0178 4084 LUsbFilt (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
    21:27:57.0180 4084 LUsbFilt - ok
    21:27:57.0223 4084 lxcc_device - ok
    21:27:57.0253 4084 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    21:27:57.0255 4084 Mcx2Svc - ok
    21:27:57.0275 4084 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    21:27:57.0278 4084 megasas - ok
    21:27:57.0298 4084 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:27:57.0300 4084 MegaSR - ok
    21:27:57.0388 4084 Microsoft SharePoint Workspace Audit Service - ok
    21:27:57.0410 4084 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:27:57.0410 4084 MMCSS - ok
    21:27:57.0433 4084 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    21:27:57.0433 4084 Modem - ok
    21:27:57.0480 4084 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    21:27:57.0483 4084 monitor - ok
    21:27:57.0515 4084 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    21:27:57.0518 4084 mouclass - ok
    21:27:57.0540 4084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    21:27:57.0540 4084 mouhid - ok
    21:27:57.0583 4084 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    21:27:57.0585 4084 mountmgr - ok
    21:27:57.0650 4084 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    21:27:57.0653 4084 MpFilter - ok
    21:27:57.0725 4084 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    21:27:57.0728 4084 mpio - ok
    21:27:57.0778 4084 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    21:27:57.0780 4084 MpNWMon - ok
    21:27:57.0795 4084 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    21:27:57.0795 4084 mpsdrv - ok
    21:27:57.0845 4084 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    21:27:57.0855 4084 MpsSvc - ok
    21:27:57.0903 4084 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    21:27:57.0903 4084 MRxDAV - ok
    21:27:57.0943 4084 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:27:57.0945 4084 mrxsmb - ok
    21:27:57.0993 4084 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:27:57.0998 4084 mrxsmb10 - ok
    21:27:58.0043 4084 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:27:58.0043 4084 mrxsmb20 - ok
    21:27:58.0078 4084 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    21:27:58.0078 4084 msahci - ok
    21:27:58.0098 4084 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    21:27:58.0100 4084 msdsm - ok
    21:27:58.0140 4084 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    21:27:58.0143 4084 MSDTC - ok
    21:27:58.0185 4084 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    21:27:58.0185 4084 Msfs - ok
    21:27:58.0198 4084 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    21:27:58.0198 4084 mshidkmdf - ok
    21:27:58.0265 4084 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    21:27:58.0265 4084 msisadrv - ok
    21:27:58.0310 4084 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    21:27:58.0313 4084 MSiSCSI - ok
    21:27:58.0315 4084 msiserver - ok
    21:27:58.0363 4084 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    21:27:58.0363 4084 MSKSSRV - ok
    21:27:58.0473 4084 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    21:27:58.0473 4084 MsMpSvc - ok
    21:27:58.0500 4084 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:27:58.0503 4084 MSPCLOCK - ok
    21:27:58.0520 4084 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    21:27:58.0520 4084 MSPQM - ok
    21:27:58.0575 4084 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    21:27:58.0578 4084 MsRPC - ok
    21:27:58.0625 4084 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    21:27:58.0625 4084 mssmbios - ok
    21:27:58.0803 4084 MSSQL$SQLEXPRESS - ok
    21:27:58.0888 4084 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    21:27:58.0888 4084 MSSQLServerADHelper - ok
    21:27:58.0895 4084 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    21:27:58.0898 4084 MSTEE - ok
    21:27:59.0115 4084 msvsmon90 (0f4dd44765a7d23e0cd9965ee900558f) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
    21:27:59.0158 4084 msvsmon90 - ok
    21:27:59.0250 4084 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:27:59.0250 4084 MTConfig - ok
    21:27:59.0285 4084 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    21:27:59.0288 4084 Mup - ok
    21:27:59.0338 4084 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    21:27:59.0343 4084 napagent - ok
    21:27:59.0390 4084 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    21:27:59.0395 4084 NativeWifiP - ok
    21:27:59.0435 4084 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    21:27:59.0445 4084 NDIS - ok
    21:27:59.0475 4084 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:27:59.0478 4084 NdisCap - ok
    21:27:59.0520 4084 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:27:59.0520 4084 NdisTapi - ok
    21:27:59.0550 4084 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:27:59.0550 4084 Ndisuio - ok
    21:27:59.0590 4084 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:27:59.0590 4084 NdisWan - ok
    21:27:59.0623 4084 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    21:27:59.0623 4084 NDProxy - ok
    21:27:59.0638 4084 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    21:27:59.0640 4084 NetBIOS - ok
    21:27:59.0660 4084 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    21:27:59.0663 4084 NetBT - ok
    21:27:59.0708 4084 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:27:59.0710 4084 Netlogon - ok
    21:27:59.0783 4084 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    21:27:59.0785 4084 Netman - ok
    21:27:59.0935 4084 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:27:59.0935 4084 NetMsmqActivator - ok
    21:27:59.0950 4084 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:27:59.0953 4084 NetPipeActivator - ok
    21:27:59.0975 4084 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    21:27:59.0980 4084 netprofm - ok
    21:27:59.0983 4084 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:27:59.0983 4084 NetTcpActivator - ok
    21:27:59.0985 4084 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:27:59.0988 4084 NetTcpPortSharing - ok
    21:28:00.0025 4084 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:28:00.0025 4084 nfrd960 - ok
    21:28:00.0083 4084 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    21:28:00.0083 4084 NisDrv - ok
    21:28:00.0213 4084 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    21:28:00.0215 4084 NisSrv - ok
    21:28:00.0263 4084 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    21:28:00.0268 4084 NlaSvc - ok
    21:28:00.0273 4084 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    21:28:00.0275 4084 Npfs - ok
    21:28:00.0308 4084 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    21:28:00.0308 4084 nsi - ok
    21:28:00.0333 4084 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    21:28:00.0333 4084 nsiproxy - ok
    21:28:00.0408 4084 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    21:28:00.0423 4084 Ntfs - ok
    21:28:00.0508 4084 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    21:28:00.0510 4084 Null - ok
    21:28:00.0583 4084 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    21:28:00.0585 4084 nvraid - ok
    21:28:00.0600 4084 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    21:28:00.0603 4084 nvstor - ok
    21:28:00.0673 4084 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    21:28:00.0675 4084 nv_agp - ok
    21:28:00.0710 4084 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    21:28:00.0713 4084 ohci1394 - ok
    21:28:00.0823 4084 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:28:00.0823 4084 ose - ok
    21:28:00.0888 4084 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:28:00.0890 4084 ose64 - ok
    21:28:01.0070 4084 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    21:28:01.0115 4084 osppsvc - ok
    21:28:01.0205 4084 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
     
  10. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    21:28:01.0208 4084 p2pimsvc - ok
    21:28:01.0245 4084 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    21:28:01.0250 4084 p2psvc - ok
    21:28:01.0288 4084 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    21:28:01.0290 4084 Parport - ok
    21:28:01.0323 4084 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    21:28:01.0325 4084 partmgr - ok
    21:28:01.0340 4084 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    21:28:01.0343 4084 PcaSvc - ok
    21:28:01.0400 4084 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    21:28:01.0403 4084 pci - ok
    21:28:01.0450 4084 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    21:28:01.0453 4084 pciide - ok
    21:28:01.0483 4084 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:28:01.0485 4084 pcmcia - ok
    21:28:01.0510 4084 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    21:28:01.0513 4084 pcw - ok
    21:28:01.0550 4084 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    21:28:01.0555 4084 PEAUTH - ok
    21:28:01.0613 4084 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    21:28:01.0625 4084 PeerDistSvc - ok
    21:28:01.0703 4084 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    21:28:01.0703 4084 PerfHost - ok
    21:28:01.0818 4084 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    21:28:01.0830 4084 pla - ok
    21:28:01.0930 4084 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    21:28:01.0935 4084 PlugPlay - ok
    21:28:01.0985 4084 pneteth (a010f13d27c1033a8be09d5fa9bf348b) C:\Windows\system32\DRIVERS\pneteth.sys
    21:28:01.0985 4084 pneteth - ok
    21:28:01.0993 4084 PnkBstrA - ok
    21:28:02.0060 4084 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    21:28:02.0060 4084 PNRPAutoReg - ok
    21:28:02.0070 4084 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:28:02.0073 4084 PNRPsvc - ok
    21:28:02.0120 4084 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    21:28:02.0125 4084 PolicyAgent - ok
    21:28:02.0155 4084 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    21:28:02.0158 4084 Power - ok
    21:28:02.0213 4084 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    21:28:02.0215 4084 PptpMiniport - ok
    21:28:02.0235 4084 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    21:28:02.0238 4084 Processor - ok
    21:28:02.0290 4084 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    21:28:02.0293 4084 ProfSvc - ok
    21:28:02.0333 4084 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:28:02.0333 4084 ProtectedStorage - ok
    21:28:02.0408 4084 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    21:28:02.0410 4084 Psched - ok
    21:28:02.0465 4084 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    21:28:02.0478 4084 ql2300 - ok
    21:28:02.0505 4084 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:28:02.0505 4084 ql40xx - ok
    21:28:02.0533 4084 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    21:28:02.0535 4084 QWAVE - ok
    21:28:02.0558 4084 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    21:28:02.0560 4084 QWAVEdrv - ok
    21:28:02.0575 4084 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    21:28:02.0575 4084 RasAcd - ok
    21:28:02.0618 4084 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:28:02.0618 4084 RasAgileVpn - ok
    21:28:02.0640 4084 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    21:28:02.0640 4084 RasAuto - ok
    21:28:02.0685 4084 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:28:02.0688 4084 Rasl2tp - ok
    21:28:02.0763 4084 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    21:28:02.0768 4084 RasMan - ok
    21:28:02.0785 4084 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:28:02.0788 4084 RasPppoe - ok
    21:28:02.0795 4084 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    21:28:02.0798 4084 RasSstp - ok
    21:28:02.0820 4084 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    21:28:02.0825 4084 rdbss - ok
    21:28:02.0848 4084 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:28:02.0850 4084 rdpbus - ok
    21:28:02.0868 4084 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:28:02.0868 4084 RDPCDD - ok
    21:28:02.0915 4084 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    21:28:02.0918 4084 RDPDR - ok
    21:28:02.0923 4084 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    21:28:02.0923 4084 RDPENCDD - ok
    21:28:02.0955 4084 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    21:28:02.0955 4084 RDPREFMP - ok
    21:28:02.0993 4084 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    21:28:02.0995 4084 RDPWD - ok
    21:28:03.0058 4084 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    21:28:03.0058 4084 rdyboost - ok
    21:28:03.0115 4084 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    21:28:03.0115 4084 RemoteAccess - ok
    21:28:03.0148 4084 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    21:28:03.0150 4084 RemoteRegistry - ok
    21:28:03.0170 4084 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    21:28:03.0173 4084 RpcEptMapper - ok
    21:28:03.0198 4084 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    21:28:03.0200 4084 RpcLocator - ok
    21:28:03.0280 4084 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    21:28:03.0283 4084 RpcSs - ok
    21:28:03.0305 4084 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    21:28:03.0305 4084 rspndr - ok
    21:28:03.0398 4084 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:28:03.0403 4084 RTL8167 - ok
    21:28:03.0443 4084 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    21:28:03.0443 4084 s3cap - ok
    21:28:03.0508 4084 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:28:03.0510 4084 SamSs - ok
    21:28:03.0528 4084 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    21:28:03.0530 4084 sbp2port - ok
    21:28:03.0563 4084 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    21:28:03.0568 4084 SCardSvr - ok
    21:28:03.0630 4084 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    21:28:03.0633 4084 scfilter - ok
    21:28:03.0693 4084 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    21:28:03.0703 4084 Schedule - ok
    21:28:03.0765 4084 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:28:03.0768 4084 SCPolicySvc - ok
    21:28:03.0798 4084 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    21:28:03.0800 4084 SDRSVC - ok
    21:28:03.0878 4084 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    21:28:03.0880 4084 secdrv - ok
    21:28:03.0913 4084 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    21:28:03.0915 4084 seclogon - ok
    21:28:03.0935 4084 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    21:28:03.0938 4084 SENS - ok
    21:28:03.0960 4084 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    21:28:03.0960 4084 SensrSvc - ok
    21:28:03.0970 4084 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    21:28:03.0970 4084 Serenum - ok
    21:28:04.0035 4084 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    21:28:04.0035 4084 Serial - ok
    21:28:04.0075 4084 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    21:28:04.0078 4084 sermouse - ok
    21:28:04.0163 4084 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    21:28:04.0165 4084 SessionEnv - ok
    21:28:04.0193 4084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    21:28:04.0193 4084 sffdisk - ok
    21:28:04.0205 4084 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    21:28:04.0205 4084 sffp_mmc - ok
    21:28:04.0215 4084 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    21:28:04.0215 4084 sffp_sd - ok
    21:28:04.0235 4084 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:28:04.0238 4084 sfloppy - ok
    21:28:04.0288 4084 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    21:28:04.0293 4084 SharedAccess - ok
    21:28:04.0340 4084 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    21:28:04.0345 4084 ShellHWDetection - ok
    21:28:04.0385 4084 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:28:04.0385 4084 SiSRaid2 - ok
    21:28:04.0398 4084 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:28:04.0400 4084 SiSRaid4 - ok
    21:28:04.0433 4084 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    21:28:04.0435 4084 Smb - ok
    21:28:04.0453 4084 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    21:28:04.0455 4084 SNMPTRAP - ok
    21:28:04.0573 4084 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
    21:28:04.0573 4084 speedfan - ok
    21:28:04.0585 4084 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    21:28:04.0588 4084 spldr - ok
    21:28:04.0610 4084 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    21:28:04.0618 4084 Spooler - ok
    21:28:04.0740 4084 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    21:28:04.0773 4084 sppsvc - ok
    21:28:04.0898 4084 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    21:28:04.0900 4084 sppuinotify - ok
    21:28:05.0020 4084 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    21:28:05.0023 4084 SQLBrowser - ok
    21:28:05.0158 4084 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    21:28:05.0160 4084 SQLWriter - ok
    21:28:05.0233 4084 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    21:28:05.0240 4084 srv - ok
    21:28:05.0318 4084 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    21:28:05.0323 4084 srv2 - ok
    21:28:05.0335 4084 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    21:28:05.0338 4084 srvnet - ok
    21:28:05.0390 4084 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    21:28:05.0393 4084 SSDPSRV - ok
    21:28:05.0448 4084 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    21:28:05.0448 4084 SstpSvc - ok
    21:28:05.0478 4084 Steam Client Service - ok
    21:28:05.0493 4084 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    21:28:05.0495 4084 stexstor - ok
    21:28:05.0583 4084 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    21:28:05.0590 4084 stisvc - ok
    21:28:05.0638 4084 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    21:28:05.0638 4084 storflt - ok
    21:28:05.0688 4084 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    21:28:05.0688 4084 StorSvc - ok
    21:28:05.0730 4084 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    21:28:05.0733 4084 storvsc - ok
    21:28:05.0775 4084 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    21:28:05.0775 4084 swenum - ok
    21:28:05.0803 4084 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    21:28:05.0810 4084 swprv - ok
    21:28:05.0935 4084 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    21:28:05.0953 4084 SysMain - ok
    21:28:06.0096 4084 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    21:28:06.0099 4084 TabletInputService - ok
    21:28:06.0139 4084 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    21:28:06.0144 4084 TapiSrv - ok
    21:28:06.0166 4084 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    21:28:06.0169 4084 TBS - ok
    21:28:06.0271 4084 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    21:28:06.0289 4084 Tcpip - ok
    21:28:06.0349 4084 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    21:28:06.0356 4084 TCPIP6 - ok
    21:28:06.0411 4084 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    21:28:06.0414 4084 tcpipreg - ok
    21:28:06.0429 4084 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    21:28:06.0429 4084 TDPIPE - ok
    21:28:06.0471 4084 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    21:28:06.0471 4084 TDTCP - ok
    21:28:06.0519 4084 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    21:28:06.0521 4084 tdx - ok
    21:28:06.0551 4084 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    21:28:06.0554 4084 TermDD - ok
    21:28:06.0601 4084 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    21:28:06.0609 4084 TermService - ok
    21:28:06.0639 4084 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    21:28:06.0641 4084 Themes - ok
    21:28:06.0674 4084 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:28:06.0676 4084 THREADORDER - ok
    21:28:06.0684 4084 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    21:28:06.0686 4084 TrkWks - ok
    21:28:06.0741 4084 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    21:28:06.0741 4084 TrustedInstaller - ok
    21:28:06.0786 4084 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:28:06.0789 4084 tssecsrv - ok
    21:28:06.0821 4084 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    21:28:06.0821 4084 TsUsbFlt - ok
    21:28:06.0946 4084 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    21:28:06.0946 4084 tunnel - ok
    21:28:06.0964 4084 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    21:28:06.0966 4084 uagp35 - ok
    21:28:07.0011 4084 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    21:28:07.0014 4084 udfs - ok
    21:28:07.0036 4084 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    21:28:07.0039 4084 UI0Detect - ok
    21:28:07.0059 4084 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    21:28:07.0061 4084 uliagpkx - ok
    21:28:07.0111 4084 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    21:28:07.0114 4084 umbus - ok
    21:28:07.0124 4084 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    21:28:07.0126 4084 UmPass - ok
    21:28:07.0156 4084 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    21:28:07.0159 4084 UmRdpService - ok
    21:28:07.0179 4084 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    21:28:07.0184 4084 upnphost - ok
    21:28:07.0239 4084 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    21:28:07.0239 4084 USBAAPL64 - ok
    21:28:07.0301 4084 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    21:28:07.0304 4084 usbaudio - ok
    21:28:07.0339 4084 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:28:07.0339 4084 usbccgp - ok
    21:28:07.0396 4084 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    21:28:07.0399 4084 usbcir - ok
    21:28:07.0439 4084 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:28:07.0439 4084 usbehci - ok
    21:28:07.0466 4084 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    21:28:07.0469 4084 usbhub - ok
    21:28:07.0484 4084 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    21:28:07.0484 4084 usbohci - ok
    21:28:07.0529 4084 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    21:28:07.0529 4084 usbprint - ok
    21:28:07.0564 4084 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    21:28:07.0564 4084 usbscan - ok
    21:28:07.0581 4084 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:28:07.0584 4084 USBSTOR - ok
    21:28:07.0601 4084 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    21:28:07.0601 4084 usbuhci - ok
    21:28:07.0629 4084 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    21:28:07.0631 4084 UxSms - ok
    21:28:07.0666 4084 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:28:07.0666 4084 VaultSvc - ok
    21:28:07.0726 4084 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
    21:28:07.0726 4084 VClone - ok
    21:28:07.0771 4084 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    21:28:07.0771 4084 vdrvroot - ok
    21:28:07.0819 4084 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    21:28:07.0826 4084 vds - ok
    21:28:07.0859 4084 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:28:07.0859 4084 vga - ok
    21:28:07.0864 4084 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    21:28:07.0864 4084 VgaSave - ok
    21:28:07.0906 4084 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    21:28:07.0909 4084 vhdmp - ok
    21:28:07.0946 4084 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    21:28:07.0949 4084 viaide - ok
    21:28:07.0991 4084 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    21:28:07.0994 4084 vmbus - ok
    21:28:08.0016 4084 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    21:28:08.0019 4084 VMBusHID - ok
    21:28:08.0106 4084 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
    21:28:08.0109 4084 vmm - ok
    21:28:08.0151 4084 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    21:28:08.0154 4084 volmgr - ok
    21:28:08.0199 4084 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    21:28:08.0201 4084 volmgrx - ok
    21:28:08.0214 4084 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    21:28:08.0219 4084 volsnap - ok
    21:28:08.0246 4084 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:28:08.0249 4084 vsmraid - ok
    21:28:08.0436 4084 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
    21:28:08.0439 4084 VSPerfDrv100 - ok
    21:28:08.0514 4084 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    21:28:08.0531 4084 VSS - ok
    21:28:08.0639 4084 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    21:28:08.0639 4084 vwifibus - ok
    21:28:08.0676 4084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    21:28:08.0681 4084 W32Time - ok
    21:28:08.0754 4084 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
    21:28:08.0759 4084 W3SVC - ok
    21:28:08.0786 4084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    21:28:08.0789 4084 WacomPen - ok
    21:28:08.0829 4084 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:28:08.0829 4084 WANARP - ok
    21:28:08.0831 4084 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:28:08.0831 4084 Wanarpv6 - ok
    21:28:08.0851 4084 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
    21:28:08.0851 4084 WAS - ok
    21:28:08.0949 4084 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    21:28:08.0959 4084 WatAdminSvc - ok
    21:28:09.0039 4084 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    21:28:09.0054 4084 wbengine - ok
    21:28:09.0091 4084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    21:28:09.0094 4084 WbioSrvc - ok
    21:28:09.0139 4084 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    21:28:09.0144 4084 wcncsvc - ok
    21:28:09.0149 4084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    21:28:09.0149 4084 WcsPlugInService - ok
    21:28:09.0169 4084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    21:28:09.0169 4084 Wd - ok
    21:28:09.0209 4084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    21:28:09.0216 4084 Wdf01000 - ok
    21:28:09.0231 4084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:28:09.0246 4084 WdiServiceHost - ok
    21:28:09.0249 4084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:28:09.0251 4084 WdiSystemHost - ok
    21:28:09.0314 4084 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    21:28:09.0316 4084 WebClient - ok
    21:28:09.0339 4084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    21:28:09.0344 4084 Wecsvc - ok
    21:28:09.0389 4084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    21:28:09.0391 4084 wercplsupport - ok
    21:28:09.0414 4084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    21:28:09.0416 4084 WerSvc - ok
    21:28:09.0439 4084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:28:09.0441 4084 WfpLwf - ok
    21:28:09.0456 4084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    21:28:09.0456 4084 WIMMount - ok
    21:28:09.0486 4084 WinDefend - ok
    21:28:09.0499 4084 WinHttpAutoProxySvc - ok
    21:28:09.0566 4084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    21:28:09.0569 4084 Winmgmt - ok
    21:28:09.0636 4084 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    21:28:09.0656 4084 WinRM - ok
    21:28:09.0741 4084 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    21:28:09.0744 4084 WinUsb - ok
    21:28:09.0769 4084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    21:28:09.0779 4084 Wlansvc - ok
    21:28:09.0971 4084 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:28:09.0994 4084 wlidsvc - ok
    21:28:10.0044 4084 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
    21:28:10.0046 4084 WmBEnum - ok
    21:28:10.0086 4084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    21:28:10.0086 4084 WmiAcpi - ok
    21:28:10.0121 4084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    21:28:10.0124 4084 wmiApSrv - ok
    21:28:10.0176 4084 WMPNetworkSvc - ok
    21:28:10.0211 4084 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
    21:28:10.0211 4084 WmVirHid - ok
    21:28:10.0239 4084 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
    21:28:10.0241 4084 WmXlCore - ok
    21:28:10.0274 4084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    21:28:10.0276 4084 WPCSvc - ok
    21:28:10.0309 4084 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    21:28:10.0311 4084 WPDBusEnum - ok
    21:28:10.0344 4084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    21:28:10.0344 4084 ws2ifsl - ok
    21:28:10.0391 4084 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    21:28:10.0394 4084 wscsvc - ok
    21:28:10.0396 4084 WSearch - ok
    21:28:10.0484 4084 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    21:28:10.0506 4084 wuauserv - ok
    21:28:10.0556 4084 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    21:28:10.0556 4084 WudfPf - ok
    21:28:10.0594 4084 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:28:10.0596 4084 WUDFRd - ok
    21:28:10.0634 4084 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    21:28:10.0634 4084 wudfsvc - ok
    21:28:10.0664 4084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    21:28:10.0669 4084 WwanSvc - ok
    21:28:10.0724 4084 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
    21:28:10.0731 4084 xnacc - ok
    21:28:10.0796 4084 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
    21:28:10.0796 4084 xusb21 - ok
    21:28:10.0841 4084 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:28:10.0866 4084 \Device\Harddisk0\DR0 - ok
    21:28:10.0886 4084 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    21:28:10.0886 4084 \Device\Harddisk1\DR1 - ok
    21:28:10.0889 4084 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    21:28:10.0891 4084 \Device\Harddisk2\DR2 - ok
    21:28:10.0894 4084 Boot (0x1200) (d02b2c5212457f6a21bd51a5146c1db9) \Device\Harddisk0\DR0\Partition0
    21:28:10.0894 4084 \Device\Harddisk0\DR0\Partition0 - ok
    21:28:10.0896 4084 Boot (0x1200) (4e3e3f0d0e044fe78cac218a88651880) \Device\Harddisk1\DR1\Partition0
    21:28:10.0896 4084 \Device\Harddisk1\DR1\Partition0 - ok
    21:28:10.0899 4084 Boot (0x1200) (bc7fffadc59228e9509d25cc2a186604) \Device\Harddisk2\DR2\Partition0
    21:28:10.0901 4084 \Device\Harddisk2\DR2\Partition0 - ok
    21:28:10.0901 4084 ============================================================
    21:28:10.0901 4084 Scan finished
    21:28:10.0901 4084 ============================================================
    21:28:10.0909 4036 Detected object count: 0
    21:28:10.0909 4036 Actual detected object count: 0
     
  11. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
     
  12. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    ComboFix 12-04-23.03 - Doug 04/23/2012 21:38:05.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8154.5569 [GMT -4:00]
    Running from: c:\users\Doug\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
    c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
    c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
    c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
    c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
    c:\programdata\SPL12B6.tmp
    c:\programdata\SPL200C.tmp
    c:\programdata\SPL3E78.tmp
    c:\programdata\SPL5301.tmp
    c:\programdata\SPL6283.tmp
    c:\programdata\SPL7538.tmp
    c:\programdata\SPL8B55.tmp
    c:\programdata\SPL963F.tmp
    c:\programdata\SPLA128.tmp
    c:\programdata\SPLB01.tmp
    c:\programdata\SPLB03D.tmp
    c:\programdata\SPLDDF9.tmp
    c:\programdata\SPLDE18.tmp
    c:\programdata\SPLDFF4.tmp
    c:\programdata\SPLEE19.tmp
    c:\programdata\SPLFB58.tmp
    c:\users\Doug\AppData\Local\assembly\tmp
    c:\windows\SysWow64\urttemp
    c:\windows\SysWow64\urttemp\regtlib.exe
    N:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-24 01:47 . 2012-04-24 01:47 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-04-23 22:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA3D0462-1C1E-4BF7-B98A-6BBC08B087C4}\mpengine.dll
    2012-04-23 17:18 . 2012-04-23 17:18 -------- d-----w- c:\users\Doug\AppData\Roaming\Malwarebytes
    2012-04-23 17:17 . 2012-04-23 17:17 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-23 17:17 . 2012-04-23 17:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-23 17:17 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-23 14:42 . 2012-04-23 14:42 -------- d-----w- c:\users\Doug\AppData\Local\BitTorrent
    2012-04-22 09:26 . 2012-04-22 09:26 -------- d-----w- c:\programdata\ATI
    2012-04-22 09:21 . 2012-04-22 09:21 -------- d-----w- c:\program files (x86)\AMD AVT
    2012-04-22 02:06 . 2012-04-22 02:06 -------- d-----w- c:\programdata\Blizzard Entertainment
    2012-04-22 01:30 . 2012-04-22 01:30 -------- d-----w- c:\program files (x86)\ASM104xUSB3
    2012-04-21 22:40 . 2012-04-21 22:40 -------- d-----w- C:\Fraps
    2012-04-21 13:18 . 2011-02-24 02:30 389608 ----a-w- c:\windows\system32\drivers\asmtxhci.sys
    2012-04-21 13:17 . 2011-06-10 10:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2012-04-20 21:00 . 2012-04-22 02:06 -------- d-----w- c:\program files (x86)\Diablo III Beta
    2012-04-20 20:58 . 2012-04-20 20:58 -------- d-----w- c:\programdata\Battle.net
    2012-04-20 18:08 . 2012-04-20 21:00 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
    2012-04-20 02:26 . 2012-04-20 02:26 -------- d-----w- c:\users\Doug\AppData\Local\Redlynx
    2012-04-19 02:56 . 2012-04-19 02:56 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-19 02:22 . 2012-04-19 02:56 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-10 23:47 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-10 23:44 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-10 23:44 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-10 23:44 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-10 23:44 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-10 23:44 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-06 22:16 . 2012-04-06 22:16 -------- d-----w- c:\program files (x86)\PdaNet for Android
    2012-04-06 22:16 . 2011-11-25 04:25 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys
    2012-04-06 22:16 . 2009-11-08 05:41 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
    2012-04-06 22:16 . 2009-11-08 05:41 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2012-04-06 22:05 . 2012-04-06 22:08 -------- d-----w- C:\android-sdk-windows
    2012-04-05 01:13 . 2012-04-05 01:13 -------- d-----w- c:\users\Doug\AppData\Roaming\Trine2
    2012-03-31 17:43 . 2012-03-31 17:43 -------- d-----w- c:\users\Doug\AppData\Roaming\Intuit
    2012-03-31 17:42 . 2012-03-31 17:42 -------- d-----w- c:\users\Doug\AppData\Local\IsolatedStorage
    2012-03-31 17:42 . 2012-03-31 17:42 -------- d-----w- c:\program files (x86)\Common Files\Intuit
    2012-03-31 17:41 . 2012-03-31 17:41 -------- d-----w- c:\program files (x86)\TurboTax
    2012-03-31 17:41 . 2012-03-31 17:42 -------- d-----w- c:\programdata\Intuit
    2012-03-29 01:54 . 2012-03-29 02:06 -------- d-----w- c:\users\Doug\AppData\Roaming\GOG.com
    2012-03-27 03:25 . 2012-03-27 03:25 -------- d-----w- c:\program files (x86)\Stardock
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-21 16:26 . 2011-03-03 00:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-04-19 02:56 . 2011-07-07 03:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-13 08:46 . 2011-02-23 00:29 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-03-27 02:50 . 2010-01-18 03:12 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-03-27 02:50 . 2010-01-18 03:12 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-03-27 02:50 . 2010-01-18 03:12 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-03-27 02:50 . 2010-01-18 03:12 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-03-15 07:03 . 2011-12-16 04:52 2578752 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-03-09 05:14 . 2009-12-11 20:34 958464 ----a-w- c:\windows\system32\aticfx64.dll
    2012-03-09 05:11 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
    2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
    2012-03-09 04:45 . 2009-11-04 15:31 7646208 ----a-w- c:\windows\system32\atidxx64.dll
    2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2012-03-09 04:35 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-03-09 04:11 . 2012-02-15 02:25 7552000 ----a-w- c:\windows\system32\atiumd64.dll
    2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-03-09 03:58 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-03-09 03:57 . 2009-12-11 19:50 43008 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-03-09 03:56 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-03-09 03:47 . 2009-12-11 20:11 58880 ----a-w- c:\windows\system32\coinst.dll
    2012-03-06 05:59 . 2012-04-10 23:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-06 05:59 . 2012-04-10 23:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-01 11:06 . 2012-03-01 11:06 10 ----a-w- c:\windows\Fonts\wfonts.key
    2012-03-01 05:37 . 2012-04-10 23:44 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:29 . 2012-04-10 23:44 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-02-28 01:11 . 2012-04-10 23:48 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-02-28 01:03 . 2012-04-10 23:48 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-02-17 06:38 . 2012-03-14 11:56 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 05:34 . 2012-03-14 11:56 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58 . 2012-03-14 11:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:57 . 2012-03-14 11:56 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-15 02:05 . 2012-02-15 02:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-02-15 02:05 . 2012-02-15 02:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-02-15 02:05 . 2012-02-15 02:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-02-15 02:05 . 2012-02-15 02:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-02-15 02:05 . 2012-02-15 02:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
    2012-02-15 02:04 . 2012-02-15 02:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-02-15 02:03 . 2012-02-15 02:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-15 02:03 . 2012-02-15 02:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-02-10 08:32 . 2012-02-10 08:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99F55B0B-29CC-400B-B611-660323298EEC}\gapaengine.dll
    2012-02-10 06:36 . 2012-03-14 11:57 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:38 . 2012-03-14 11:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-02-03 04:34 . 2012-03-14 11:57 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-01-31 12:44 . 2009-12-01 02:36 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
    2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
    2012-01-26 08:01 . 2011-07-09 02:27 111968 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
    2012-01-25 06:38 . 2012-03-14 11:57 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 06:38 . 2012-03-14 11:57 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 06:33 . 2012-03-14 11:57 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "BitTorrent"="c:\users\Doug\AppData\Local\BitTorrent\sgncirdd.dll" [2011-10-13 472360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "TortoiseHgOverlayIconServer"="c:\program files (x86)\TortoiseHg\TortoiseHgOverlayServer.exe" [2010-12-02 44448]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
    R3 ALSysIO;ALSysIO;c:\users\Doug\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 cpuz130;cpuz130;c:\users\Doug\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
    S2 Apache CouchDB01cc6ef5a400cae0;Apache CouchDB;c:\program files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\erlsrv.exe [2011-06-05 158208]
    S2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2010-12-26 25832]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 02:56]
    .
    2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2749567692-2079744049-2433670221-1001Core.job
    - c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 17:35]
    .
    2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2749567692-2079744049-2433670221-1001UA.job
    - c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 17:35]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-04-23 23:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-04-23 23:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-04-23 23:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-04-23 23:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-04-23 23:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-04-23 23:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-04-23 23:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-04-23 23:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-04-23 23:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LXCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCCtime.dll" [2007-02-22 28672]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ebvejd9z.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
    AddRemove-Heroes of Might and Magic® III - c:\program files (x86)\GOG.com\Heroes of Might and Magic 3 Complete\unins000.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2749567692-2079744049-2433670221-1001\Software\SecuROM\License information*]
    "datasecu"=hex:78,03,ba,b8,36,fb,2b,ca,f0,aa,55,5a,2f,fc,a8,14,e9,ce,49,63,b3,
    10,94,41,d8,93,79,46,4e,32,d3,f9,a1,ce,b9,f9,89,d9,a3,b3,b7,66,c8,72,ef,6d,\
    "rkeysecu"=hex:08,8e,b7,00,0a,aa,3b,28,b4,89,4e,25,5a,fd,05,07
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\erl.exe
    c:\progra~2\APACHE~1\CouchDB\ERTS-5~1.4\bin\epmd.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-23 21:58:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-24 01:58
    .
    Pre-Run: 439,751,999,488 bytes free
    Post-Run: 440,748,642,304 bytes free
    .
    - - End Of File - - 20B3086947020362C9396DD4C2151345
     
  13. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    Thanks again. Computer from my point of view seems to run the same. There are 4 instances of iexplore.exe running right now up from the two when the computer restarted after combofix. So they are still being created, but it seems slower possibly?

    Logs coming up.
     
  15. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    OTL logfile created on: 4/23/2012 10:29:46 PM - Run 1
    OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Doug\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.96 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.68% Memory free
    15.92 Gb Paging File | 14.01 Gb Available in Paging File | 87.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.51 Gb Total Space | 410.58 Gb Free Space | 44.08% Space Free | Partition Type: NTFS
    Drive L: | 232.88 Gb Total Space | 74.88 Gb Free Space | 32.15% Space Free | Partition Type: NTFS
    Drive N: | 596.17 Gb Total Space | 217.36 Gb Free Space | 36.46% Space Free | Partition Type: NTFS

    Computer Name: OFFICE | User Name: Doug | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/23 22:28:14 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL.exe
    PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2011/06/04 22:38:24 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\erlsrv.exe
    PRC - [2011/06/04 22:38:24 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\epmd.exe
    PRC - [2011/06/04 22:38:24 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\erl.exe
    PRC - [2011/03/03 21:53:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/12/01 20:26:10 | 000,044,448 | ---- | M] () -- C:\Program Files (x86)\TortoiseHg\TortoiseHgOverlayServer.exe
    PRC - [2010/11/20 08:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/27 00:09:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/03/02 03:07:08 | 000,008,704 | ---- | M] () -- C:\Users\Doug\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\GetCoreTempInfoNET.dll
    MOD - [2011/03/02 03:07:08 | 000,007,680 | ---- | M] () -- C:\Users\Doug\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\SystemInfo.dll
    MOD - [2011/03/02 03:07:08 | 000,006,144 | ---- | M] () -- C:\Users\Doug\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\CoreTempReader.dll
    MOD - [2010/12/01 20:26:10 | 000,044,448 | ---- | M] () -- C:\Program Files (x86)\TortoiseHg\TortoiseHgOverlayServer.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/09 01:10:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2011/06/17 03:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV:64bit: - [2007/03/26 08:49:58 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
    SRV - [2012/04/18 22:56:26 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/02/21 00:26:30 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012/02/15 22:35:40 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/06/04 22:38:24 | 000,158,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.4\bin\erlsrv.exe -- (Apache CouchDB01cc6ef5a400cae0)
    SRV - [2011/03/03 21:53:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/12/26 00:46:44 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
    SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/03 00:55:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/03/26 08:49:26 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcccoms.exe -- (lxcc_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/03 23:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
    DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/30 07:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2011/04/30 07:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/04/30 07:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/03/24 10:57:54 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2011/03/24 10:57:54 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011/02/23 22:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/08 15:42:16 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
    DRV:64bit: - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
    DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
    DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
    DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009/11/23 14:43:48 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
    DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2009/12/02 00:03:41 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 59 F2 97 B5 77 CC 01 [binary data]
    IE - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
    FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.8.9
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2012/03/01 11:17:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbdownloader@KMcore:
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4\components [2012/03/18 10:14:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4\plugins [2012/02/11 15:02:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/29 22:30:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/29 22:30:35 | 000,000,000 | ---D | M]

    [2009/12/01 22:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions
    [2012/04/18 10:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ebvejd9z.default\extensions
    [2012/04/18 10:08:51 | 000,000,000 | ---D | M] (CompTool0234 Community Toolbar) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ebvejd9z.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
    [2010/02/16 11:07:19 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ebvejd9z.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
    [2011/01/23 22:22:52 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ebvejd9z.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2012/03/03 07:05:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ebvejd9z.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/03/15 21:03:38 | 000,000,925 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ebvejd9z.default\searchplugins\conduit.xml
    [2011/03/21 10:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/06/13 00:55:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/02 22:36:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/29 00:40:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/06 01:18:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\DOUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBVEJD9Z.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
    () (No name found) -- C:\USERS\DOUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBVEJD9Z.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
    [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Doug\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Reddit Enhancement Suite = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\3.4_0\
    CHR - Extension: Netflix Queue Sorter = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpebagbhpffonjbcopcgclfbehjpoec\2.8_0\
    CHR - Extension: Gmail = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/04/23 21:50:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [LXCCCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCCtime.DLL ()
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Program Files (x86)\TortoiseHg\TortoiseHgOverlayServer.exe ()
    O4 - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001..\Run: [BitTorrent] C:\Users\Doug\AppData\Local\BitTorrent\sgncirdd.dll (CyberLink Corp.)
    O4 - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2749567692-2079744049-2433670221-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8B5FDAB-0B57-4FAC-B099-25819234B758}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3E08FAC-BE4F-4B3E-8A29-EFDB690780C5}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.imc - xbadpcm.acm (Microsoft Corporation)
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
     
  16. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/23 22:28:13 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL.exe
    [2012/04/23 21:58:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/23 21:51:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/23 21:36:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/23 21:36:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/23 21:36:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/23 21:36:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/23 21:36:07 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/04/23 21:36:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/23 21:34:06 | 004,472,597 | R--- | C] (Swearware) -- C:\Users\Doug\Desktop\ComboFix.exe
    [2012/04/23 20:03:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Doug\Desktop\aswMBR.exe
    [2012/04/23 19:13:40 | 002,073,648 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\TDSSKiller.exe
    [2012/04/23 18:23:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Doug\Desktop\dds.scr
    [2012/04/23 13:18:05 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Malwarebytes
    [2012/04/23 13:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/23 13:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/23 13:17:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/04/23 13:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/04/23 10:42:54 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\BitTorrent
    [2012/04/22 05:27:13 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2012/04/22 05:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/04/22 05:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
    [2012/04/22 05:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2012/04/21 22:06:45 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Diablo III
    [2012/04/21 22:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2012/04/21 21:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
    [2012/04/21 21:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
    [2012/04/21 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
    [2012/04/21 18:40:35 | 000,000,000 | ---D | C] -- C:\Fraps
    [2012/04/21 09:18:01 | 000,389,608 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
    [2012/04/20 17:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
    [2012/04/20 17:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Beta
    [2012/04/20 16:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2012/04/20 14:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2012/04/19 22:27:09 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Trials 2
    [2012/04/19 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Redlynx
    [2012/04/06 18:16:17 | 000,015,360 | ---- | C] (June Fabrics Technology Inc.) -- C:\Windows\SysNative\drivers\pneteth.sys
    [2012/04/06 18:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
    [2012/04/06 18:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PdaNet for Android
    [2012/04/06 18:05:40 | 000,000,000 | ---D | C] -- C:\android-sdk-windows
    [2012/04/04 21:13:00 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Trine2
    [2012/03/31 13:45:03 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\TurboTax
    [2012/03/31 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Intuit
    [2012/03/31 13:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
    [2012/03/31 13:42:22 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\IsolatedStorage
    [2012/03/31 13:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
    [2012/03/31 13:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
    [2012/03/31 13:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
    [2012/03/28 21:54:07 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\GOG.com
    [2012/03/26 23:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock Games
    [2012/03/26 23:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/23 22:28:14 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL.exe
    [2012/04/23 22:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2749567692-2079744049-2433670221-1001UA.job
    [2012/04/23 22:02:31 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/23 22:02:31 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/23 21:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/23 21:50:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/04/23 21:49:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/23 21:49:19 | 2117,955,583 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/23 21:34:07 | 004,472,597 | R--- | M] (Swearware) -- C:\Users\Doug\Desktop\ComboFix.exe
    [2012/04/23 21:27:02 | 002,054,550 | ---- | M] () -- C:\Users\Doug\Desktop\tdsskiller.zip
    [2012/04/23 21:13:21 | 000,044,607 | ---- | M] () -- C:\Users\Doug\Desktop\bootkit_remover.zip
    [2012/04/23 21:12:44 | 000,000,512 | ---- | M] () -- C:\Users\Doug\Desktop\MBR.dat
    [2012/04/23 20:03:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Doug\Desktop\aswMBR.exe
    [2012/04/23 19:13:40 | 002,073,648 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\TDSSKiller.exe
    [2012/04/23 18:23:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Doug\Desktop\dds.scr
    [2012/04/23 17:57:50 | 000,302,592 | ---- | M] () -- C:\Users\Doug\Desktop\342mn8oe.exe
    [2012/04/23 10:59:42 | 000,000,600 | ---- | M] () -- C:\Users\Doug\AppData\Local\PUTTY.RND
    [2012/04/22 23:15:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2749567692-2079744049-2433670221-1001Core.job
    [2012/04/22 05:44:41 | 000,953,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/04/22 05:44:41 | 000,785,688 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/04/22 05:44:41 | 000,167,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/04/21 21:30:40 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2012/04/17 20:46:54 | 000,949,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/04/11 23:39:35 | 000,097,854 | ---- | M] () -- C:\Users\Doug\Documents\2011 Hogan D Form 1040 Individual Tax Return_Filing_State.pdf
    [2012/04/11 23:36:34 | 000,214,556 | ---- | M] () -- C:\Users\Doug\Documents\2011 Hogan D Form 1040 Individual Tax Return_Records.pdf
    [2012/04/07 01:03:10 | 003,320,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/04/06 18:18:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
    [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/04/02 22:13:50 | 000,037,748 | ---- | M] () -- C:\Users\Doug\Documents\f1098e.pdf
    [2012/03/31 13:44:36 | 000,000,614 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/03/26 22:50:59 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/03/26 22:50:59 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/23 21:36:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/23 21:36:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/23 21:36:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/23 21:36:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/23 21:36:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/23 21:27:00 | 002,054,550 | ---- | C] () -- C:\Users\Doug\Desktop\tdsskiller.zip
    [2012/04/23 21:13:21 | 000,044,607 | ---- | C] () -- C:\Users\Doug\Desktop\bootkit_remover.zip
    [2012/04/23 21:12:44 | 000,000,512 | ---- | C] () -- C:\Users\Doug\Desktop\MBR.dat
    [2012/04/23 17:57:47 | 000,302,592 | ---- | C] () -- C:\Users\Doug\Desktop\342mn8oe.exe
    [2012/04/23 10:59:42 | 000,000,600 | ---- | C] () -- C:\Users\Doug\AppData\Local\PUTTY.RND
    [2012/04/21 21:30:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/04/18 22:22:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/11 23:39:35 | 000,097,854 | ---- | C] () -- C:\Users\Doug\Documents\2011 Hogan D Form 1040 Individual Tax Return_Filing_State.pdf
    [2012/04/11 23:36:33 | 000,214,556 | ---- | C] () -- C:\Users\Doug\Documents\2011 Hogan D Form 1040 Individual Tax Return_Records.pdf
    [2012/04/06 18:18:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
    [2012/04/02 22:23:25 | 000,037,748 | ---- | C] () -- C:\Users\Doug\Documents\f1098e.pdf
    [2012/03/31 13:42:54 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/02/25 16:23:40 | 000,070,056 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\icarus-dxdiag.xml
    [2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/01/28 22:09:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012/01/12 15:12:18 | 000,291,825 | ---- | C] () -- C:\Windows\To the Moon Uninstaller.exe
    [2011/11/18 17:52:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/09/20 12:28:43 | 000,330,056 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/04/06 19:52:25 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
    [2011/04/06 19:52:25 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
    [2011/04/06 19:52:25 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
    [2011/04/06 19:52:25 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
    [2011/04/06 19:52:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
    [2010/12/26 12:09:46 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/12/10 18:37:18 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
    [2010/12/10 18:37:18 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
    [2010/09/06 23:44:40 | 000,000,169 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\rftg
    [2010/08/10 16:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
    [2010/06/13 00:51:21 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
    [2010/05/17 13:33:18 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/05/17 10:39:40 | 000,949,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== LOP Check ==========

    [2010/05/04 00:24:43 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\AgeOfBooty
    [2010/01/18 13:11:23 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Amazon
    [2011/07/06 22:15:24 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\AtomZombieData
    [2010/08/25 00:44:15 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Braid
    [2010/12/07 21:56:42 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Chime
    [2011/08/22 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\com.amazon.music.uploader
    [2012/04/23 12:53:41 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Dropbox
    [2010/06/13 16:51:37 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Easeware
    [2011/03/23 11:46:33 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\encoding.com
    [2012/04/12 23:26:02 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\FileZilla
    [2011/01/27 23:22:11 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\fofix
    [2012/04/23 13:29:42 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\foobar2000
    [2009/12/01 21:55:34 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Foxit
    [2010/07/23 07:27:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Foxit Software
    [2011/01/27 23:17:06 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\fretsonfire
    [2012/03/28 22:06:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\GOG.com
    [2010/01/23 19:53:18 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\HandBrake
    [2010/06/13 13:45:51 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\IObit
    [2010/11/09 21:24:55 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\IrfanView
    [2011/08/10 22:09:51 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Lazy 8 Studios
    [2011/03/02 20:44:16 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Leadertech
    [2010/01/26 23:13:55 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\LockHunter
    [2010/07/15 01:09:50 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\LucasArts
    [2012/01/28 22:09:56 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\MinMaxGames
    [2010/01/13 02:20:43 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Mp3tag
    [2009/12/09 16:25:37 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\nl.demonsters.debugger.E334F8D7F2378D71EF2F522DAC01AD396D8F452E.1
    [2010/06/13 17:12:25 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Oberon Media
    [2009/12/03 01:16:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\OpenOffice.org
    [2009/11/30 22:47:29 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Opera
    [2012/02/21 14:45:59 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Python-Eggs
    [2009/12/24 01:24:10 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\runic games
    [2010/04/03 23:13:05 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ScummVM
    [2010/10/26 23:16:51 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Sublime Text
    [2009/12/08 22:19:43 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Subversion
    [2010/11/20 13:37:00 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\SuperNZB
    [2012/04/04 21:13:00 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Trine2
    [2012/04/03 00:09:20 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Tropico 3
    [2010/04/28 00:23:17 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Tropico 3 Demo
    [2012/04/11 22:31:04 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\uTorrent
    [2012/01/12 15:02:15 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\VisibleGains
    [2010/06/13 16:58:00 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\WinBatch
    [2011/02/28 20:44:26 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\XBMC
    [2011/06/04 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Yamb
    [2010/12/21 10:28:41 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Yammer
    [2011/07/15 01:09:25 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ZenBound2
    [2010/12/16 21:39:48 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ZombieDriver
    [2012/01/03 15:44:31 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2009/12/01 01:07:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/04/23 21:58:52 | 000,031,935 | ---- | M] () -- C:\ComboFix.txt
    [2009/12/09 22:41:13 | 000,000,185 | ---- | M] () -- C:\Debug.log
    [2012/04/23 21:49:19 | 2117,955,583 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/21 14:27:37 | 000,002,384 | ---- | M] () -- C:\lxcc.log
    [2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/04/23 21:49:22 | 4255,600,639 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/21 23:04:58 | 000,000,213 | ---- | M] () -- C:\python25shell.bat
    [2011/07/05 23:17:22 | 000,006,529 | ---- | M] () -- C:\Session.xml
    [2012/04/23 21:34:24 | 000,137,328 | ---- | M] () -- C:\TDSSKiller.2.7.32.0_23.04.2012_21.27.30_log.txt
    [2010/03/19 19:55:52 | 002,073,703 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.CAB
    [2010/03/19 19:58:20 | 000,551,424 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/16 12:03:29 | 000,000,221 | -HS- | M] () -- C:\Users\Doug\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/23 17:57:50 | 000,302,592 | ---- | M] () -- C:\Users\Doug\Desktop\342mn8oe.exe
    [2012/04/23 20:03:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Doug\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Doug\Desktop\boot_cleaner.exe
    [2012/04/23 21:34:07 | 004,472,597 | R--- | M] (Swearware) -- C:\Users\Doug\Desktop\ComboFix.exe
    [2012/04/23 22:28:14 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL.exe
    [2012/04/23 19:13:40 | 002,073,648 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/23 21:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/22 23:15:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2749567692-2079744049-2433670221-1001Core.job
    [2012/04/23 22:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2749567692-2079744049-2433670221-1001UA.job
    [2012/04/23 21:49:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/01/03 15:44:31 | 000,032,598 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/06/27 16:30:56 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/06/27 16:30:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/06/27 16:30:55 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/06/27 16:30:55 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/06/27 16:30:55 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/06/27 16:30:56 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/15 04:28:07 | 000,000,402 | -HS- | M] () -- C:\Users\Doug\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/03/31 13:44:36 | 000,000,614 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    To the Moon Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:322EAACD

    < End of report >
     
  17. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    OTL Extras logfile created on: 4/23/2012 10:29:46 PM - Run 1
    OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Doug\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.96 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.68% Memory free
    15.92 Gb Paging File | 14.01 Gb Available in Paging File | 87.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.51 Gb Total Space | 410.58 Gb Free Space | 44.08% Space Free | Partition Type: NTFS
    Drive L: | 232.88 Gb Total Space | 74.88 Gb Free Space | 32.15% Space Free | Partition Type: NTFS
    Drive N: | 596.17 Gb Total Space | 217.36 Gb Free Space | 36.46% Space Free | Partition Type: NTFS

    Computer Name: OFFICE | User Name: Doug | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{0F7861E5-3B24-33CA-AECF-B5477194CEEB}" = Windows Phone Emulator x64 - ENU
    "{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    "{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BD}" = Python 2.5.4 (64 bit)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
    "{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders
    "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{825C7AAC-C5D5-B89B-EBA1-D4DFC5E46D6C}" = AMD Drag and Drop Transcoding
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}" = HP Deskjet 1000 J110 series Basic Device Software
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    "{9005CF63-F082-65AD-7431-7EBF31642279}" = AMD Fuel
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
    "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
    "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
    "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AC2512D4-ED8A-4015-BF87-92478483C171}" = TortoiseSVN 1.6.6.17493 (64 bit)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{CD54A15F-4FBA-04DE-FE24-20AE11BE07AE}" = AMD AVIVO64 Codecs
    "{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E260681F-D341-4371-AE86-981FAF5CB0AB}" = TortoiseHg 1.1.7 (x64)
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "DriverEasy_is1" = DriverEasy 2.3.0
    "Lexmark 3300 Series" = Lexmark 3300 Series
    "LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "sp6" = Logitech SetPoint 6.30

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
    "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
    "{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
    "{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
    "{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
    "{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
    "{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{422EB670-90F6-4332-AEAE-5128AFF84FDD}" = Python 2.7 pycrypto-2.3
    "{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2
    "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.25
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D530841-7036-4997-A2F6-961001568100}" = Viva Piñata®
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
    "{522DAB8E-9ED2-4737-9557-E4DE8E7191F7}" = Windows Live Sync
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
    "{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
    "{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6ADC1384-4E79-44D5-BB9A-F1DB4038C79E}" = TurboTax 2011 wmaiper
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6C15DC29-040C-433F-B1AE-783D37E9C08B}" = Python 2.6 pygame-1.9.1
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
    "{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1
    "{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{AA935592-5463-434F-B044-DE18705F9912}" = TurboTax 2011 wnhiper
    "{AB25C7D6-B68B-DC97-5138-3A7E1E23683E}" = HydraVision
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AE010308-007D-11DD-A3C1-001636EEECBD}" = Google App Engine
    "{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
    "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.07
    "{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
    "{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
    "{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
    "{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
    "{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB3CB52F-6F12-42FD-A840-4C55EC2CA0B8}" = Add-in Express 2010 for Microsoft Office and .NET, Standard
    "{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
    "{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
    "{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
    "{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
    "{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F3667D1A-377E-4B01-9FF0-2449B11B2F93}" = Python 2.7 M2Crypto-0.21.1
    "{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = AMD VISION Engine Control Center
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FDF9862D-2B3E-4648-9DD9-CEEDD4971686}" = Adobe Setup
    "{FE3D816F-3F49-4646-842F-BAA067254D81}" = VisualSVN 1.7.8
    "{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flex Builder 3" = Adobe Flex Builder 3
    "Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6a3003001b9c4e53e6b3f44e0db85d4" = Adobe Update Manager CS3
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.80
    "Air Video Server" = Air Video Server 2.4.3
    "Amazon Kindle" = Amazon Kindle
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
    "ApacheCouchDB_is1" = Apache CouchDB 1.1.0
    "Aptana Studio 2.0" = Aptana Studio 2.0
    "Arcanum Of Steamworks and Magick Obscura_is1" = Arcanum Of Steamworks and Magick Obscura
    "AutoHotkey" = AutoHotkey 1.1.05.04
    "Baldur's Gate II_is1" = Baldur's Gate II
    "Baldur's Gate Tutu" = Baldur's Gate Tutu
    "Baldur's Gate_is1" = Baldur's Gate
    "Beneath a Steel Sky_is1" = Beneath a Steel Sky
    "Blend_4.0.20901.0" = Microsoft Expression Blend 4
    "BookSmart® 3.1.0 3.1.0" = BookSmart® 3.1.0 3.1.0
    "Broken Sword - The Shadow of the Templars_is1" = Broken Sword - The Shadow of the Templars
    "com.amazon.music.uploader" = Amazon MP3 Uploader
    "Diablo III Beta" = Diablo III Beta
    "DVDStyler_is1" = DVDStyler v1.8.1
    "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
    "Fallout Tactics_is1" = Fallout Tactics
    "Fiddler2" = Fiddler2
    "FileZilla Client" = FileZilla Client 3.5.0
    "FLV Player" = FLV Player 2.0 (build 25)
    "foobar2000" = foobar2000 v0.9.6.9
    "Foxit Reader" = Foxit Reader
    "Fraps" = Fraps
    "Frets on Fire" = Frets On Fire
    "Galactic Civilizations II Demo" = Galactic Civilizations II Demo
    "GFWL_{4D530841-7036-4997-A2F6-961001568100}" = Viva Piñata®
    "Git_is1" = Git version 1.7.9-preview20120201
    "HDTP" = Deus Ex - HDTP
    "InvelosDVDProfiler_is1" = DVD Profiler Version 3.7.2
    "IrfanView" = IrfanView (remove only)
    "LastFM_is1" = Last.fm 1.5.4.27091
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Master of Orion 1 and 2_is1" = Master of Orion 1 and 2
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "Mp3tag" = Mp3tag v2.45a
    "Neighbours From Hell Compilation_is1" = Neighbours From Hell Compilation
    "On the Rain-Slick Precipice of Darkness, Episode Two" = On the Rain-Slick Precipice of Darkness, Episode Two
    "OpenAL" = OpenAL
    "OpenSSL (32-bit)_is1" = OpenSSL 1.0.0g (32-bit)
    "Opera 11.62.1347" = Opera 11.62
    "PdaNet_is1" = PdaNet for Android 3.50
    "PIL-py2.7" = Python 2.7 PIL-1.1.7
    "PunkBusterSvc" = PunkBuster Services
    "Puzzle Agent 2" = Puzzle Agent 2
    "PyCharm 1.0.1" = JetBrains PyCharm 1.0.1
    "PyCharm 1.1.1" = JetBrains PyCharm 1.1.1
    "PyCharm 1.5.4" = JetBrains PyCharm 1.5.4
    "PyCharm 2.0.1" = JetBrains PyCharm 2.0.1
    "PyCharm 2.0.2" = JetBrains PyCharm 2.0.2
    "PyCharm 2.5" = JetBrains PyCharm 2.5
    "pycrypto-py2.7" = Python 2.7 pycrypto-2.1.0
    "pywin32-py2.7" = Python 2.7 pywin32-214
    "Race for the Galaxy_is1" = Race for the Galaxy 0.7.4
    "ScummVM_is1" = ScummVM 1.1.1
    "setuptools-py2.7" = Python 2.7 setuptools-0.6c11
    "SpeedFan" = SpeedFan (remove only)
    "Steam App 102600" = Orcs Must Die!
    "Steam App 104700" = Super MNC Invitational
    "Steam App 107100" = Bastion
    "Steam App 107200" = Space Pirates and Zombies
    "Steam App 107310" = Cthulhu Saves the World
    "Steam App 108210" = Memoir '44 Online
    "Steam App 108710" = Alan Wake
    "Steam App 113200" = The Binding Of Isaac
    "Steam App 1250" = Killing Floor
    "Steam App 12840" = DiRT 2
    "Steam App 12900" = Audiosurf
    "Steam App 13560" = Tom Clancy's Splinter Cell
    "Steam App 13580" = Tom Clancy's Splinter Cell: Double Agent
    "Steam App 1500" = Darwinia
    "Steam App 1510" = Uplink
    "Steam App 15130" = Beyond Good & Evil
    "Steam App 15700" = Oddworld: Abe's Oddysee
    "Steam App 16300" = Everyday Shooter
    "Steam App 16600" = Trials 2: Second Edition
    "Steam App 16830" = Sid Meier's Civilization V SDK
    "Steam App 17300" = Crysis
    "Steam App 17460" = Mass Effect
    "Steam App 18020" = On the Rain-Slick Precipice of Darkness, Episode Two
    "Steam App 18500" = Defense Grid: The Awakening
    "Steam App 18700" = And Yet It Moves
    "Steam App 19900" = Far Cry 2
    "Steam App 200910" = Sequence
    "Steam App 204140" = All Zombies Must Die!
    "Steam App 20710" = Mr. Robot
    "Steam App 20820" = Shatter
    "Steam App 20900" = The Witcher: Enhanced Edition
    "Steam App 22230" = Rock of Ages
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 22600" = Worms Reloaded
    "Steam App 23490" = Tropico 3 - Steam Special Edition
    "Steam App 24960" = Battlefield: Bad Company 2
    "Steam App 24980" = Mass Effect 2
    "Steam App 2500" = Shadowgrounds
    "Steam App 26500" = Cogs
    "Steam App 26800" = Braid
    "Steam App 26900" = Crayon Physics Deluxe
    "Steam App 28050" = Deus Ex: Human Revolution
    "Steam App 29180" = Osmos
    "Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
    "Steam App 31410" = Zombie Driver
    "Steam App 32310" = Indiana Jones and the Last Crusade
    "Steam App 32340" = Loom
    "Steam App 32360" = The Secret of Monkey Island: Special Edition
    "Steam App 32460" = Monkey Island 2: Special Edition
    "Steam App 3260" = Safecracker: The Ultimate Puzzle Adventure
    "Steam App 33180" = Zombie Shooter 2
    "Steam App 34010" = Alpha Protocol
    "Steam App 35130" = Lara Croft and the Guardian of Light
    "Steam App 35700" = Trine
    "Steam App 35720" = Trine 2
    "Steam App 3590" = Plants Vs Zombies
    "Steam App 3720" = Evil Genius
    "Steam App 3830" = Psychonauts
    "Steam App 3900" = Sid Meier's Civilization IV
    "Steam App 3990" = Sid Meier's Civilization IV: Warlords
    "Steam App 400" = Portal
    "Steam App 4000" = Garry's Mod
    "Steam App 40720" = Samorost 2
    "Steam App 40800" = Super Meat Boy
    "Steam App 40930" = The Misadventures of P.B. Winterbottom
    "Steam App 41100" = Hammerfight
    "Steam App 41500" = Torchlight
    "Steam App 41520" = Torchlight Editor
    "Steam App 42120" = Lead and Gold - Gangs of the Wild West
    "Steam App 42910" = Magicka
    "Steam App 43110" = Metro 2033
    "Steam App 440" = Team Fortress 2
    "Steam App 4500" = STALKER: Shadow of Chernobyl
    "Steam App 4550" = Titan Quest: Immortal Throne
    "Steam App 4560" = Company of Heroes
    "Steam App 45740" = Dead Rising 2
    "Steam App 4600" = Full Pipe
    "Steam App 47810" = Dragon Age: Origins - Ultimate Edition
    "Steam App 48000" = LIMBO
    "Steam App 48950" = Greed Corp
    "Steam App 500" = Left 4 Dead
    "Steam App 550" = Left 4 Dead 2
    "Steam App 55040" = Atom Zombie Smasher
    "Steam App 55230" = Saints Row: The Third
    "Steam App 563" = Left 4 Dead 2 Authoring Tools
    "Steam App 564" = Left 4 Dead 2 Add-on Support
    "Steam App 57600" = Tropico 3: Absolute Power
    "Steam App 6010" = Indiana Jones and the Fate of Atlantis
    "Steam App 6040" = The Dig
    "Steam App 61600" = Zen Bound® 2
    "Steam App 6200" = Ghost Master
    "Steam App 62100" = Chime
    "Steam App 630" = Alien Swarm
    "Steam App 63200" = Monday Night Combat
    "Steam App 63500" = Swords and Soldiers HD
    "Steam App 63710" = BIT.TRIP RUNNER
    "Steam App 640" = Alien Swarm - SDK
    "Steam App 65800" = Dungeon Defenders
    "Steam App 6810" = Commandos: Beyond the Call of Duty
    "Steam App 6860" = Hitman: Blood Money
    "Steam App 6910" = Deus Ex: Game of the Year Edition
    "Steam App 70300" = VVVVVV
    "Steam App 70910" = Star Ruler - Demo
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 7650" = X-COM: Terror from the Deep
    "Steam App 7670" = BioShock
    "Steam App 7760" = X-COM: UFO Defense
    "Steam App 8190" = Just Cause 2
    "Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
    "Steam App 8890" = Freedom Force vs. the 3rd Reich
    "Steam App 8930" = Sid Meier's Civilization V
    "Steam App 8980" = Borderlands
    "Steam App 90500" = Guardians of Graxia
    "Steam App 91600" = Sanctum
    "Steam App 92800" = SpaceChem
    "Steam App 93200" = Revenge of the Titans
    "Steam App 94200" = Jamestown
    "Steam App 9480" = Saints Row 2
    "Sublime Text_is1" = Sublime Text 1.4
    "Tex Murphy 1 and 2_is1" = Tex Murphy 1 and 2
    "To the Moon" = To the Moon
    "Treasure Adventure Game_is1" = Treasure Adventure Game
    "TurboTax 2011" = TurboTax 2011
    "Under a Killing Moon_is1" = Under a Killing Moon
    "uTorrent" = µTorrent
    "VirtualCloneDrive" = VirtualCloneDrive
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "VLC media player" = VLC media player 1.1.1
    "XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2749567692-2079744049-2433670221-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "348015751.mongoexplorer.com" = MongoExplorer
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "XBMC" = XBMC

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  18. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    Five instances now, spoke too soon it seems.
     
  19. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Do you have IE open or closed when you see iexplore.exe running?
     
  20. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    Closed all the time. I only run it to test website compatibility every few weeks. Other than that it is never opened or run to my knowledge. I started it once earlier today to look at some of the settings, but have not started it again since the computer has rebooted.
     
  21. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    When you ran aswMBR it created MBR.dat file on your desktop.
    Zip that file and attach it to your next reply.
     
  22. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    Here you go.
     

    Attached Files:

    • MBR.zip
      File size:
      545 bytes
      Views:
      1
  23. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    That's clean.

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  24. DigTheDoug

    DigTheDoug TS Rookie Topic Starter Posts: 31

    Results say:

    Suspicious use of kernel callback but MBR appears intact. Repair not done.
    No infections were found.

    And just for records' sake, after reboot we are at 2 Instances of iexplore.exe
     
  25. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
    NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    bootrec /fixboot (<--- there is a "space" after "bootrec")

    exit

    Restart computer.

    Check for the issues.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.