TechSpot

Spyware.password

Solved
By areske86
Sep 25, 2012
  1. Hi.. malwarebytes recently detected spyware.password on its own without a scan.. it is in quarentine.. can u help.. how should I go about removing this??
  2. Broni

    Broni Malware Annihilator Posts: 46,478   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    Malwarebytes scan log-
    Malwarebytes Anti-Malware (PRO) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.25.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    areske :: ARESKE-HP [administrator]

    Protection: Enabled

    9/25/2012 9:27:07 PM
    mbam-log-2012-09-25 (21-27-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 220030
    Time elapsed: 2 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    gmer.log-
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-25 22:35:24
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Files - GMER 1.0.15 ----

    File C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0066-0409-0000-0000000FF1CE} 0 bytes
    File C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml 26098 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\027aeb5a-4ecf-46cd-a318-2bc0c44f1abd.png 5426 bytes

    ---- EOF - GMER 1.0.15 ----
  4. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    Dds log-
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by areske at 22:37:10 on 2012-09-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5935 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\areske\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\areske\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\areske\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\areske\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\areske\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\areske\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://xfinity.comcast.net/?cid=cgps08252012
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Constant Guard Protection Suite: {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.829.1\NativeBHO.dll
    BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [AdobeBridge]
    uRun: [Google Update] "C:\Users\areske\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [<NO NAME>]
    mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{22BE178C-75BB-49F7-92C5-AFD9F55449AD} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{88392F5E-7C2A-4D79-95EE-463ECDF09881} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
    BHO-X64: XFINITY Toolbar - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO-X64: TSBHO Class - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.829.1\NativeBHO.dll
    BHO-X64: Constant Guard Protection Suite - No File
    BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
    BHO-X64: Updater For XFIN_PORTAL - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [(Default)]
    mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-5-6 263496]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-3-14 197504]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-23 13592]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 676936]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-23 2656280]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\system32\DRIVERS\AE1200w764.sys --> C:\Windows\system32\DRIVERS\AE1200w764.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-20 116648]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-1 250568]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-20 116648]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-25 21:23:069308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF4B4299-D553-4C49-AF1C-18CCB1DAF16A}\mpengine.dll
    2012-09-25 21:23:04245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-09-23 20:24:56--------d-----w-C:\Users\areske\AppData\Roaming\redsn0w
    2012-09-22 00:01:00--------d-----w-C:\Users\areske\.shsh
    2012-09-22 00:00:26821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-22 00:00:26746984----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-09-22 00:00:1395208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-21 17:23:0633240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-21 17:22:34--------d-----w-C:\Program Files\iPod
    2012-09-21 17:22:33--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-21 17:22:33--------d-----w-C:\Program Files\iTunes
    2012-09-21 17:22:33--------d-----w-C:\Program Files (x86)\iTunes
    2012-09-18 21:05:32--------d-----w-C:\Users\areske\AppData\Local\libimobiledevice
    2012-09-12 23:40:56159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-09-12 23:40:56159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-09-12 23:40:56159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-09-12 23:40:56159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-09-12 23:40:56159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-09-12 23:40:56159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-09-12 23:40:56159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-09-12 09:13:12950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-09-12 09:13:11574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-09-12 09:13:11490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 09:13:1141472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 09:13:11376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-09-12 09:13:111913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-09-12 09:13:10288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-10 22:52:46--------d-----w-C:\backup
    2012-09-10 22:49:5188704----a-w-C:\Windows\SysWow64\packet.dll
    2012-09-10 22:49:5168224----a-w-C:\Windows\SysWow64\WanPacket.dll
    2012-09-10 22:49:5153299----a-w-C:\Windows\SysWow64\pthreadVC.dll
    2012-09-10 22:49:5140464----a-w-C:\Windows\System32\drivers\npf.sys
    2012-09-10 22:49:51240248----a-w-C:\Windows\SysWow64\wpcap.dll
    2012-09-10 22:49:45--------d-----w-C:\Program Files (x86)\Linksys Adapter
    2012-09-09 20:53:21--------d-----w-C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-09-08 19:08:17--------d-----w-C:\Program Files (x86)\WinSCP
    2012-09-06 03:12:30--------d-----w-C:\Users\areske\AppData\Local\White_Sky,_Inc
    2012-09-03 04:06:49--------d-----w-C:\Users\areske\AppData\Local\Diagnostics
    2012-09-03 03:55:45--------d-----w-C:\Program Files\Microsoft Device Center
    2012-09-01 23:05:54--------d-----w-C:\ProgramData\ALM
    2012-09-01 22:52:10696520----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-01 22:51:43--------d-----w-C:\Users\areske\AppData\Roaming\Intel Corporation
    2012-09-01 17:06:46557848----a-w-C:\Windows\System32\drivers\iaStor.sys
    2012-08-29 00:09:33--------d-----w-C:\Program Files (x86)\Gimp-2.0
    2012-08-28 02:19:22--------d-----w-C:\Users\areske\AppData\Local\CrashDumps
    2012-08-28 01:14:48514560----a-w-C:\Windows\SysWow64\qdvd.dll
    2012-08-28 01:14:48366592----a-w-C:\Windows\System32\qdvd.dll
    .
    ==================== Find3M ====================
    .
    2012-09-07 21:04:4625928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-01 22:52:1073416----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-01 17:08:151145960----a-w-C:\Windows\System32\drivers\rtl8192ce.sys
    2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-21 17:01:20125872----a-w-C:\Windows\System32\GEARAspi64.dll
    2012-08-21 17:01:20106928----a-w-C:\Windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
    2012-07-09 17:42:564547984----a-w-C:\Windows\System32\usbaaplrc.dll
    2012-07-09 17:42:5452736----a-w-C:\Windows\System32\drivers\usbaapl64.sys
    2012-07-04 22:13:2759392----a-w-C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27136704----a-w-C:\Windows\System32\browser.dll
    2012-07-04 21:14:3441984----a-w-C:\Windows\SysWow64\browcli.dll
    .
    ============= FINISH: 22:37:46.26 ===============
  5. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    Attach.txt-

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/24/2012 6:05:27 PM
    System Uptime: 9/25/2012 9:38:49 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1695
    Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz | CPU1 | 2200/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 280 GiB total, 117.827 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 0.808 GiB free.
    E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
    F: is CDROM ()
    G: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP34: 9/18/2012 4:31:39 PM - Windows Update
    RP35: 9/21/2012 7:59:21 PM - Installed Java 7 Update 7
    RP36: 9/23/2012 3:00:12 AM - Windows Update
    RP37: 9/25/2012 9:32:34 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Help Manager
    Adobe Illustrator CS5.1
    Adobe Photoshop CS6
    Adobe Reader X (10.1.4) MUI
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    Blio
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Constant Guard Protection Suite
    CyberLink YouCam
    D3DX10
    ESU for Microsoft Windows 7 SP1
    Evernote v. 4.2.3
    FontLab Studio 5
    Gimp 2.6.2 Debug
    Google Chrome
    Google Earth
    Google Update Helper
    GuardedID
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Customer Experience Enhancements
    HP Documentation
    HP MovieStore
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP QuickWeb
    HP Setup
    HP Setup Manager
    HP SimplePass PE 2011
    HP Software Framework
    HP Support Assistant
    IDT Audio
    Intel(R) Control Center
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Java 7 Update 7
    Java Auto Updater
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PDF Settings CS5
    PlayReady PC Runtime x86
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    REALTEK Wireless LAN Driver
    Recovery Manager
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VIP Access SDK (1.0.1.2)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinSCP 4.3.9
    XFINITY Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/24/2012 10:02:14 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
    .
    ==== End Of File ===========================
  6. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    I hope I posted the right stuff.. my pc froze befor I could sign in after reboot.. thankyou for ur fast response and support
  7. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    If I dont anwser tonight I will be back after work tomorrow afternoon... again thanks
  8. Broni

    Broni Malware Annihilator Posts: 46,478   +252

    I don't see any AV program running.
    Install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    ==================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  9. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    Malware bytes isn't a AV program. I had norton with it but was told not to have both. Was I told wrong??? Thanks. I will do this tomorrow. Getting lat. chat with u then
  10. Broni

    Broni Malware Annihilator Posts: 46,478   +252

    Malwarebytes will work along any AV program.
  11. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    Hi.. I downloaded security essentials.

    here is tdsskiller log-



    20:56:08.0567 8060 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    20:56:08.0971 8060 ============================================================
    20:56:08.0971 8060 Current date / time: 2012/09/26 20:56:08.0971
    20:56:08.0971 8060 SystemInfo:
    20:56:08.0971 8060
    20:56:08.0971 8060 OS Version: 6.1.7601 ServicePack: 1.0
    20:56:08.0971 8060 Product type: Workstation
    20:56:08.0971 8060 ComputerName: ARESKE-HP
    20:56:08.0971 8060 UserName: areske
    20:56:08.0972 8060 Windows directory: C:\Windows
    20:56:08.0972 8060 System windows directory: C:\Windows
    20:56:08.0972 8060 Running under WOW64
    20:56:08.0972 8060 Processor architecture: Intel x64
    20:56:08.0972 8060 Number of processors: 4
    20:56:08.0972 8060 Page size: 0x1000
    20:56:08.0972 8060 Boot type: Normal boot
    20:56:08.0972 8060 ============================================================
    20:56:11.0766 8060 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:56:11.0829 8060 Drive \Device\Harddisk1\DR1 - Size: 0x746EC00000 (465.73 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    20:56:11.0833 8060 ============================================================
    20:56:11.0833 8060 \Device\Harddisk0\DR0:
    20:56:11.0833 8060 MBR partitions:
    20:56:11.0833 8060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    20:56:11.0833 8060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x22F31800
    20:56:11.0833 8060 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22F95800, BlocksNum 0x1CA9000
    20:56:11.0833 8060 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x24C3E800, BlocksNum 0x7EFAB0
    20:56:11.0833 8060 ============================================================
    20:56:11.0891 8060 C: <-> \Device\Harddisk0\DR0\Partition2
    20:56:12.0086 8060 D: <-> \Device\Harddisk0\DR0\Partition3
    20:56:12.0142 8060 E: <-> \Device\Harddisk0\DR0\Partition4
    20:56:12.0142 8060 ============================================================
    20:56:12.0142 8060 Initialize success
    20:56:12.0142 8060 ============================================================
    21:04:04.0205 6744 ============================================================
    21:04:04.0205 6744 Scan started
    21:04:04.0205 6744 Mode: Manual;
    21:04:04.0205 6744 ============================================================
    21:04:04.0591 6744 ================ Scan system memory ========================
    21:04:04.0591 6744 System memory - ok
    21:04:04.0591 6744 ================ Scan services =============================
    21:04:04.0794 6744 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    21:04:04.0795 6744 1394ohci - ok
    21:04:04.0827 6744 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    21:04:04.0829 6744 ACPI - ok
    21:04:04.0851 6744 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    21:04:04.0851 6744 AcpiPmi - ok
    21:04:04.0971 6744 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:04:04.0972 6744 AdobeARMservice - ok
    21:04:05.0116 6744 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:04:05.0117 6744 AdobeFlashPlayerUpdateSvc - ok
    21:04:05.0169 6744 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    21:04:05.0172 6744 adp94xx - ok
    21:04:05.0212 6744 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    21:04:05.0214 6744 adpahci - ok
    21:04:05.0260 6744 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    21:04:05.0261 6744 adpu320 - ok
    21:04:05.0286 6744 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:04:05.0287 6744 AeLookupSvc - ok
    21:04:05.0345 6744 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    21:04:05.0348 6744 AFD - ok
    21:04:05.0388 6744 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:04:05.0390 6744 agp440 - ok
    21:04:05.0436 6744 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    21:04:05.0437 6744 ALG - ok
    21:04:05.0479 6744 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:04:05.0480 6744 aliide - ok
    21:04:05.0513 6744 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    21:04:05.0513 6744 amdide - ok
    21:04:05.0556 6744 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    21:04:05.0556 6744 AmdK8 - ok
    21:04:05.0572 6744 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    21:04:05.0572 6744 AmdPPM - ok
    21:04:05.0610 6744 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    21:04:05.0611 6744 amdsata - ok
    21:04:05.0672 6744 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    21:04:05.0673 6744 amdsbs - ok
    21:04:05.0712 6744 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    21:04:05.0713 6744 amdxata - ok
    21:04:05.0750 6744 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    21:04:05.0752 6744 AppID - ok
    21:04:05.0775 6744 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:04:05.0776 6744 AppIDSvc - ok
    21:04:05.0890 6744 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    21:04:05.0892 6744 Appinfo - ok
    21:04:05.0958 6744 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:04:05.0960 6744 Apple Mobile Device - ok
    21:04:05.0999 6744 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    21:04:06.0000 6744 arc - ok
    21:04:06.0023 6744 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    21:04:06.0024 6744 arcsas - ok
    21:04:06.0064 6744 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:04:06.0065 6744 AsyncMac - ok
    21:04:06.0085 6744 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    21:04:06.0085 6744 atapi - ok
    21:04:06.0163 6744 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:04:06.0167 6744 AudioEndpointBuilder - ok
    21:04:06.0183 6744 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:04:06.0187 6744 AudioSrv - ok
    21:04:06.0250 6744 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:04:06.0251 6744 AxInstSV - ok
    21:04:06.0311 6744 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    21:04:06.0314 6744 b06bdrv - ok
    21:04:06.0370 6744 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:04:06.0372 6744 b57nd60a - ok
    21:04:06.0441 6744 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    21:04:06.0474 6744 BCM43XX - ok
    21:04:06.0525 6744 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:04:06.0526 6744 BDESVC - ok
    21:04:06.0578 6744 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:04:06.0579 6744 Beep - ok
    21:04:06.0634 6744 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    21:04:06.0639 6744 BFE - ok
    21:04:06.0674 6744 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    21:04:06.0680 6744 BITS - ok
    21:04:06.0712 6744 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    21:04:06.0713 6744 blbdrive - ok
    21:04:06.0769 6744 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:04:06.0771 6744 Bonjour Service - ok
    21:04:06.0802 6744 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:04:06.0803 6744 bowser - ok
    21:04:06.0841 6744 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    21:04:06.0842 6744 BrFiltLo - ok
    21:04:06.0852 6744 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    21:04:06.0853 6744 BrFiltUp - ok
    21:04:06.0878 6744 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    21:04:06.0879 6744 Browser - ok
    21:04:06.0901 6744 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:04:06.0903 6744 Brserid - ok
    21:04:06.0923 6744 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:04:06.0924 6744 BrSerWdm - ok
    21:04:06.0961 6744 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:04:06.0961 6744 BrUsbMdm - ok
    21:04:06.0992 6744 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:04:06.0993 6744 BrUsbSer - ok
    21:04:07.0023 6744 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    21:04:07.0024 6744 BTHMODEM - ok
    21:04:07.0076 6744 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    21:04:07.0077 6744 bthserv - ok
    21:04:07.0105 6744 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:04:07.0106 6744 cdfs - ok
    21:04:07.0140 6744 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:04:07.0141 6744 cdrom - ok
    21:04:07.0178 6744 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    21:04:07.0179 6744 CertPropSvc - ok
    21:04:07.0216 6744 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    21:04:07.0217 6744 circlass - ok
    21:04:07.0241 6744 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    21:04:07.0244 6744 CLFS - ok
    21:04:07.0331 6744 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:04:07.0331 6744 clr_optimization_v2.0.50727_32 - ok
    21:04:07.0394 6744 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:04:07.0395 6744 clr_optimization_v2.0.50727_64 - ok
    21:04:07.0490 6744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:04:07.0491 6744 clr_optimization_v4.0.30319_32 - ok
    21:04:07.0534 6744 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:04:07.0536 6744 clr_optimization_v4.0.30319_64 - ok
    21:04:07.0590 6744 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
    21:04:07.0591 6744 clwvd - ok
    21:04:07.0631 6744 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    21:04:07.0632 6744 CmBatt - ok
    21:04:07.0649 6744 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:04:07.0650 6744 cmdide - ok
    21:04:07.0692 6744 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    21:04:07.0695 6744 CNG - ok
    21:04:07.0751 6744 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    21:04:07.0753 6744 Compbatt - ok
    21:04:07.0792 6744 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    21:04:07.0793 6744 CompositeBus - ok
    21:04:07.0807 6744 COMSysApp - ok
    21:04:07.0843 6744 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    21:04:07.0844 6744 crcdisk - ok
    21:04:07.0877 6744 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:04:07.0879 6744 CryptSvc - ok
    21:04:07.0987 6744 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    21:04:07.0992 6744 cvhsvc - ok
    21:04:08.0054 6744 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    21:04:08.0055 6744 dc3d - ok
    21:04:08.0108 6744 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:04:08.0113 6744 DcomLaunch - ok
    21:04:08.0137 6744 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    21:04:08.0139 6744 defragsvc - ok
    21:04:08.0165 6744 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:04:08.0166 6744 DfsC - ok
    21:04:08.0199 6744 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:04:08.0202 6744 Dhcp - ok
    21:04:08.0233 6744 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    21:04:08.0233 6744 discache - ok
    21:04:08.0268 6744 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    21:04:08.0269 6744 Disk - ok
    21:04:08.0293 6744 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:04:08.0295 6744 Dnscache - ok
    21:04:08.0327 6744 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:04:08.0329 6744 dot3svc - ok
    21:04:08.0340 6744 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    21:04:08.0342 6744 DPS - ok
    21:04:08.0381 6744 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:04:08.0381 6744 drmkaud - ok
    21:04:08.0415 6744 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:04:08.0421 6744 DXGKrnl - ok
    21:04:08.0446 6744 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    21:04:08.0447 6744 EapHost - ok
    21:04:08.0536 6744 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    21:04:08.0604 6744 ebdrv - ok
    21:04:08.0656 6744 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    21:04:08.0658 6744 EFS - ok
    21:04:08.0741 6744 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:04:08.0797 6744 ehRecvr - ok
    21:04:08.0816 6744 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    21:04:08.0841 6744 ehSched - ok
    21:04:08.0892 6744 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    21:04:08.0895 6744 elxstor - ok
    21:04:08.0931 6744 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:04:08.0932 6744 ErrDev - ok
    21:04:08.0989 6744 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    21:04:08.0992 6744 EventSystem - ok
    21:04:09.0034 6744 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    21:04:09.0036 6744 exfat - ok
    21:04:09.0062 6744 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:04:09.0063 6744 fastfat - ok
    21:04:09.0122 6744 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    21:04:09.0127 6744 Fax - ok
    21:04:09.0161 6744 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    21:04:09.0161 6744 fdc - ok
    21:04:09.0190 6744 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:04:09.0190 6744 fdPHost - ok
    21:04:09.0199 6744 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:04:09.0200 6744 FDResPub - ok
    21:04:09.0238 6744 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:04:09.0239 6744 FileInfo - ok
    21:04:09.0254 6744 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:04:09.0255 6744 Filetrace - ok
    21:04:09.0294 6744 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    21:04:09.0295 6744 flpydisk - ok
    21:04:09.0332 6744 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:04:09.0334 6744 FltMgr - ok
    21:04:09.0377 6744 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    21:04:09.0383 6744 FontCache - ok
    21:04:09.0443 6744 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:04:09.0443 6744 FontCache3.0.0.0 - ok
    21:04:09.0511 6744 [ 26065327BB2AA358140381FC76520908 ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    21:04:09.0513 6744 FPLService - ok
    21:04:09.0540 6744 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:04:09.0541 6744 FsDepends - ok
    21:04:09.0572 6744 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:04:09.0573 6744 Fs_Rec - ok
    21:04:09.0634 6744 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:04:09.0636 6744 fvevol - ok
    21:04:09.0666 6744 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    21:04:09.0667 6744 gagp30kx - ok
    21:04:09.0719 6744 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:04:09.0720 6744 GEARAspiWDM - ok
    21:04:09.0771 6744 [ 9BA22AEE7F531EF9CE085CC2E1112BC4 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys
    21:04:09.0782 6744 GIDv2 - ok
    21:04:09.0814 6744 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    21:04:09.0819 6744 gpsvc - ok
    21:04:09.0932 6744 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:04:09.0933 6744 gupdate - ok
    21:04:09.0937 6744 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:04:09.0938 6744 gupdatem - ok
    21:04:09.0971 6744 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:04:09.0972 6744 hcw85cir - ok
    21:04:10.0010 6744 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:04:10.0013 6744 HdAudAddService - ok
    21:04:10.0062 6744 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    21:04:10.0063 6744 HDAudBus - ok
    21:04:10.0084 6744 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    21:04:10.0085 6744 HidBatt - ok
    21:04:10.0100 6744 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    21:04:10.0101 6744 HidBth - ok
    21:04:10.0124 6744 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    21:04:10.0124 6744 HidIr - ok
    21:04:10.0156 6744 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    21:04:10.0157 6744 hidserv - ok
    21:04:10.0196 6744 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:04:10.0197 6744 HidUsb - ok
    21:04:10.0227 6744 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:04:10.0228 6744 hkmsvc - ok
    21:04:10.0243 6744 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:04:10.0246 6744 HomeGroupListener - ok
    21:04:10.0274 6744 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:04:10.0277 6744 HomeGroupProvider - ok
    21:04:10.0389 6744 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    21:04:10.0390 6744 HP Support Assistant Service - ok
    21:04:10.0462 6744 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    21:04:10.0466 6744 HPAuto - ok
    21:04:10.0485 6744 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    21:04:10.0487 6744 HPClientSvc - ok
    21:04:10.0550 6744 [ 02CE63D8DD5E6DD5CEFF336191C0859E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    21:04:10.0551 6744 HPDrvMntSvc.exe - ok
    21:04:10.0612 6744 [ E7C7829BA0395E48F8C8FE16B8832344 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    21:04:10.0617 6744 hpqwmiex - ok
    21:04:10.0659 6744 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    21:04:10.0660 6744 HpSAMD - ok
    21:04:10.0734 6744 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    21:04:10.0734 6744 HPWMISVC - ok
    21:04:10.0766 6744 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:04:10.0774 6744 HTTP - ok
    21:04:10.0796 6744 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:04:10.0796 6744 hwpolicy - ok
    21:04:10.0837 6744 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    21:04:10.0838 6744 i8042prt - ok
    21:04:10.0874 6744 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    21:04:10.0877 6744 iaStor - ok
    21:04:10.0965 6744 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    21:04:10.0966 6744 IAStorDataMgrSvc - ok
    21:04:11.0002 6744 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    21:04:11.0004 6744 iaStorV - ok
    21:04:11.0060 6744 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:04:11.0065 6744 idsvc - ok
    21:04:11.0326 6744 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    21:04:11.0563 6744 igfx - ok
    21:04:11.0623 6744 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    21:04:11.0624 6744 iirsp - ok
    21:04:11.0664 6744 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    21:04:11.0670 6744 IKEEXT - ok
    21:04:11.0711 6744 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    21:04:11.0713 6744 IntcDAud - ok
    21:04:11.0734 6744 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    21:04:11.0735 6744 intelide - ok
    21:04:11.0772 6744 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:04:11.0773 6744 intelppm - ok
    21:04:11.0800 6744 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:04:11.0802 6744 IPBusEnum - ok
    21:04:11.0825 6744 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:04:11.0826 6744 IpFilterDriver - ok
    21:04:11.0879 6744 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:04:11.0883 6744 iphlpsvc - ok
    21:04:11.0887 6744 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    21:04:11.0887 6744 IPMIDRV - ok
    21:04:11.0908 6744 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:04:11.0909 6744 IPNAT - ok
    21:04:11.0977 6744 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:04:11.0982 6744 iPod Service - ok
    21:04:12.0010 6744 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:04:12.0010 6744 IRENUM - ok
    21:04:12.0053 6744 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:04:12.0054 6744 isapnp - ok
    21:04:12.0095 6744 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    21:04:12.0097 6744 iScsiPrt - ok
    21:04:12.0177 6744 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    21:04:12.0213 6744 jhi_service - ok
    21:04:12.0259 6744 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    21:04:12.0260 6744 kbdclass - ok
    21:04:12.0288 6744 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    21:04:12.0289 6744 kbdhid - ok
    21:04:12.0323 6744 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    21:04:12.0324 6744 KeyIso - ok
    21:04:12.0352 6744 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:04:12.0353 6744 KSecDD - ok
    21:04:12.0372 6744 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:04:12.0373 6744 KSecPkg - ok
    21:04:12.0419 6744 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:04:12.0419 6744 ksthunk - ok
    21:04:12.0455 6744 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:04:12.0458 6744 KtmRm - ok
    21:04:12.0510 6744 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    21:04:12.0513 6744 LanmanServer - ok
    21:04:12.0552 6744 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:04:12.0554 6744 LanmanWorkstation - ok
    21:04:12.0654 6744 [ 584528BF596A54B2BF6BE5067ADDA44A ] Linksys_adapter_H C:\Windows\system32\DRIVERS\AE1200w764.sys
    21:04:12.0661 6744 Linksys_adapter_H - ok
    21:04:12.0702 6744 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:04:12.0703 6744 lltdio - ok
    21:04:12.0730 6744 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:04:12.0733 6744 lltdsvc - ok
    21:04:12.0775 6744 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:04:12.0776 6744 lmhosts - ok
    21:04:12.0833 6744 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    21:04:12.0835 6744 LMS - ok
    21:04:12.0866 6744 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    21:04:12.0867 6744 LSI_FC - ok
    21:04:12.0885 6744 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    21:04:12.0886 6744 LSI_SAS - ok
    21:04:12.0889 6744 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    21:04:12.0890 6744 LSI_SAS2 - ok
    21:04:12.0906 6744 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    21:04:12.0907 6744 LSI_SCSI - ok
    21:04:12.0927 6744 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:04:12.0928 6744 luafv - ok
    21:04:13.0006 6744 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    21:04:13.0007 6744 MBAMProtector - ok
    21:04:13.0083 6744 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    21:04:13.0086 6744 MBAMScheduler - ok
    21:04:13.0105 6744 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    21:04:13.0110 6744 MBAMService - ok
    21:04:13.0177 6744 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:04:13.0179 6744 Mcx2Svc - ok
    21:04:13.0254 6744 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    21:04:13.0255 6744 megasas - ok
    21:04:13.0318 6744 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    21:04:13.0320 6744 MegaSR - ok
    21:04:13.0378 6744 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    21:04:13.0379 6744 MEIx64 - ok
    21:04:13.0410 6744 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    21:04:13.0411 6744 MMCSS - ok
    21:04:13.0432 6744 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    21:04:13.0433 6744 Modem - ok
    21:04:13.0471 6744 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:04:13.0472 6744 monitor - ok
    21:04:13.0484 6744 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:04:13.0484 6744 mouclass - ok
    21:04:13.0503 6744 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:04:13.0504 6744 mouhid - ok
    21:04:13.0511 6744 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    21:04:13.0512 6744 mountmgr - ok
    21:04:13.0546 6744 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    21:04:13.0548 6744 MpFilter - ok
    21:04:13.0618 6744 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:04:13.0619 6744 mpio - ok
    21:04:13.0664 6744 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:04:13.0665 6744 mpsdrv - ok
    21:04:13.0787 6744 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:04:13.0793 6744 MpsSvc - ok
    21:04:13.0809 6744 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:04:13.0810 6744 MRxDAV - ok
    21:04:13.0930 6744 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:04:13.0932 6744 mrxsmb - ok
     
  12. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    21:04:14.0095 6744 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:04:14.0097 6744 mrxsmb10 - ok
    21:04:14.0177 6744 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:04:14.0178 6744 mrxsmb20 - ok
    21:04:14.0208 6744 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:04:14.0209 6744 msahci - ok
    21:04:14.0275 6744 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:04:14.0276 6744 msdsm - ok
    21:04:14.0330 6744 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    21:04:14.0332 6744 MSDTC - ok
    21:04:14.0383 6744 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:04:14.0384 6744 Msfs - ok
    21:04:14.0413 6744 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:04:14.0414 6744 mshidkmdf - ok
    21:04:14.0421 6744 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:04:14.0422 6744 msisadrv - ok
    21:04:14.0455 6744 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:04:14.0457 6744 MSiSCSI - ok
    21:04:14.0461 6744 msiserver - ok
    21:04:14.0511 6744 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:04:14.0512 6744 MSKSSRV - ok
    21:04:14.0580 6744 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    21:04:14.0580 6744 MsMpSvc - ok
    21:04:14.0630 6744 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:04:14.0631 6744 MSPCLOCK - ok
    21:04:14.0667 6744 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:04:14.0668 6744 MSPQM - ok
    21:04:14.0782 6744 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:04:14.0784 6744 MsRPC - ok
    21:04:14.0823 6744 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    21:04:14.0824 6744 mssmbios - ok
    21:04:14.0863 6744 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:04:14.0863 6744 MSTEE - ok
    21:04:14.0881 6744 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    21:04:14.0882 6744 MTConfig - ok
    21:04:14.0902 6744 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:04:14.0903 6744 Mup - ok
    21:04:15.0116 6744 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    21:04:15.0120 6744 napagent - ok
    21:04:15.0196 6744 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:04:15.0198 6744 NativeWifiP - ok
    21:04:15.0533 6744 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:04:15.0539 6744 NDIS - ok
    21:04:15.0577 6744 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:04:15.0578 6744 NdisCap - ok
    21:04:15.0635 6744 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:04:15.0636 6744 NdisTapi - ok
    21:04:15.0651 6744 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:04:15.0651 6744 Ndisuio - ok
    21:04:15.0672 6744 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:04:15.0673 6744 NdisWan - ok
    21:04:15.0677 6744 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:04:15.0678 6744 NDProxy - ok
    21:04:15.0725 6744 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
    21:04:15.0726 6744 Netaapl - ok
    21:04:15.0748 6744 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:04:15.0748 6744 NetBIOS - ok
    21:04:15.0754 6744 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:04:15.0756 6744 NetBT - ok
    21:04:15.0778 6744 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    21:04:15.0779 6744 Netlogon - ok
    21:04:15.0828 6744 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    21:04:15.0831 6744 Netman - ok
    21:04:15.0839 6744 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    21:04:15.0843 6744 netprofm - ok
    21:04:15.0913 6744 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:04:15.0914 6744 NetTcpPortSharing - ok
    21:04:15.0993 6744 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    21:04:15.0994 6744 nfrd960 - ok
    21:04:16.0055 6744 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    21:04:16.0056 6744 NisDrv - ok
    21:04:16.0193 6744 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    21:04:16.0195 6744 NisSrv - ok
    21:04:16.0304 6744 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:04:16.0307 6744 NlaSvc - ok
    21:04:16.0336 6744 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:04:16.0337 6744 Npfs - ok
    21:04:16.0427 6744 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    21:04:16.0429 6744 nsi - ok
    21:04:16.0466 6744 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:04:16.0466 6744 nsiproxy - ok
    21:04:17.0033 6744 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:04:17.0042 6744 Ntfs - ok
    21:04:17.0114 6744 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
    21:04:17.0114 6744 NuidFltr - ok
    21:04:17.0143 6744 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    21:04:17.0143 6744 Null - ok
    21:04:17.0180 6744 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    21:04:17.0183 6744 NVENETFD - ok
    21:04:17.0225 6744 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:04:17.0227 6744 nvraid - ok
    21:04:17.0231 6744 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:04:17.0233 6744 nvstor - ok
    21:04:17.0264 6744 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:04:17.0265 6744 nv_agp - ok
    21:04:17.0269 6744 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    21:04:17.0270 6744 ohci1394 - ok
    21:04:17.0333 6744 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:04:17.0334 6744 ose - ok
    21:04:18.0195 6744 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    21:04:18.0222 6744 osppsvc - ok
    21:04:18.0268 6744 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:04:18.0271 6744 p2pimsvc - ok
    21:04:18.0308 6744 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:04:18.0312 6744 p2psvc - ok
    21:04:18.0358 6744 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    21:04:18.0359 6744 Parport - ok
    21:04:18.0385 6744 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:04:18.0386 6744 partmgr - ok
    21:04:18.0442 6744 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:04:18.0445 6744 PcaSvc - ok
    21:04:18.0489 6744 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    21:04:18.0490 6744 pci - ok
    21:04:18.0528 6744 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    21:04:18.0528 6744 pciide - ok
    21:04:18.0591 6744 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    21:04:18.0592 6744 pcmcia - ok
    21:04:18.0611 6744 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:04:18.0612 6744 pcw - ok
    21:04:18.0666 6744 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:04:18.0673 6744 PEAUTH - ok
    21:04:18.0791 6744 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:04:18.0792 6744 PerfHost - ok
    21:04:18.0848 6744 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    21:04:18.0881 6744 pla - ok
    21:04:18.0948 6744 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:04:18.0951 6744 PlugPlay - ok
    21:04:18.0981 6744 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:04:18.0983 6744 PNRPAutoReg - ok
    21:04:19.0002 6744 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:04:19.0005 6744 PNRPsvc - ok
    21:04:19.0051 6744 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    21:04:19.0052 6744 Point64 - ok
    21:04:19.0081 6744 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:04:19.0084 6744 PolicyAgent - ok
    21:04:19.0120 6744 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    21:04:19.0123 6744 Power - ok
    21:04:19.0159 6744 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:04:19.0160 6744 PptpMiniport - ok
    21:04:19.0183 6744 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    21:04:19.0184 6744 Processor - ok
    21:04:19.0225 6744 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:04:19.0228 6744 ProfSvc - ok
    21:04:19.0245 6744 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:04:19.0247 6744 ProtectedStorage - ok
    21:04:19.0275 6744 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    21:04:19.0276 6744 Psched - ok
    21:04:19.0334 6744 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    21:04:19.0344 6744 ql2300 - ok
    21:04:19.0397 6744 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    21:04:19.0398 6744 ql40xx - ok
    21:04:19.0436 6744 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    21:04:19.0439 6744 QWAVE - ok
    21:04:19.0455 6744 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:04:19.0456 6744 QWAVEdrv - ok
    21:04:19.0478 6744 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:04:19.0479 6744 RasAcd - ok
    21:04:19.0519 6744 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:04:19.0519 6744 RasAgileVpn - ok
    21:04:19.0541 6744 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    21:04:19.0544 6744 RasAuto - ok
    21:04:19.0557 6744 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:04:19.0558 6744 Rasl2tp - ok
    21:04:19.0598 6744 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    21:04:19.0601 6744 RasMan - ok
    21:04:19.0636 6744 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:04:19.0637 6744 RasPppoe - ok
    21:04:19.0641 6744 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:04:19.0643 6744 RasSstp - ok
    21:04:19.0655 6744 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:04:19.0657 6744 rdbss - ok
    21:04:19.0672 6744 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    21:04:19.0673 6744 rdpbus - ok
    21:04:19.0712 6744 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:04:19.0712 6744 RDPCDD - ok
    21:04:19.0732 6744 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:04:19.0733 6744 RDPENCDD - ok
    21:04:19.0751 6744 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    21:04:19.0751 6744 RDPREFMP - ok
    21:04:19.0774 6744 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:04:19.0776 6744 RDPWD - ok
    21:04:19.0801 6744 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:04:19.0802 6744 rdyboost - ok
    21:04:19.0841 6744 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:04:19.0843 6744 RemoteAccess - ok
    21:04:19.0875 6744 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:04:19.0877 6744 RemoteRegistry - ok
    21:04:19.0964 6744 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    21:04:19.0967 6744 RoxioNow Service - ok
    21:04:20.0001 6744 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:04:20.0003 6744 RpcEptMapper - ok
    21:04:20.0045 6744 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    21:04:20.0046 6744 RpcLocator - ok
    21:04:20.0064 6744 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    21:04:20.0068 6744 RpcSs - ok
    21:04:20.0111 6744 [ CFDFD15D2D26BB50B6F4BF2D4FE6FA70 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
    21:04:20.0114 6744 RSPCIESTOR - ok
    21:04:20.0168 6744 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:04:20.0169 6744 rspndr - ok
    21:04:20.0212 6744 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:04:20.0215 6744 RTL8167 - ok
    21:04:20.0271 6744 [ 177963A6EEBAA9EF3B56A2DBE9D5D0FC ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
    21:04:20.0278 6744 RTL8192Ce - ok
    21:04:20.0290 6744 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    21:04:20.0291 6744 SamSs - ok
    21:04:20.0313 6744 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:04:20.0314 6744 sbp2port - ok
    21:04:20.0344 6744 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:04:20.0346 6744 SCardSvr - ok
    21:04:20.0379 6744 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:04:20.0380 6744 scfilter - ok
    21:04:20.0412 6744 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    21:04:20.0419 6744 Schedule - ok
    21:04:20.0455 6744 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:04:20.0456 6744 SCPolicySvc - ok
    21:04:20.0489 6744 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    21:04:20.0490 6744 sdbus - ok
    21:04:20.0526 6744 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:04:20.0529 6744 SDRSVC - ok
    21:04:20.0545 6744 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:04:20.0546 6744 secdrv - ok
    21:04:20.0553 6744 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    21:04:20.0554 6744 seclogon - ok
    21:04:20.0589 6744 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    21:04:20.0591 6744 SENS - ok
    21:04:20.0612 6744 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:04:20.0614 6744 SensrSvc - ok
    21:04:20.0641 6744 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    21:04:20.0642 6744 Serenum - ok
    21:04:20.0658 6744 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    21:04:20.0659 6744 Serial - ok
    21:04:20.0691 6744 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    21:04:20.0692 6744 sermouse - ok
    21:04:20.0748 6744 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:04:20.0750 6744 SessionEnv - ok
    21:04:20.0768 6744 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:04:20.0769 6744 sffdisk - ok
    21:04:20.0794 6744 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:04:20.0795 6744 sffp_mmc - ok
    21:04:20.0824 6744 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:04:20.0825 6744 sffp_sd - ok
    21:04:20.0861 6744 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    21:04:20.0861 6744 sfloppy - ok
    21:04:20.0944 6744 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    21:04:20.0949 6744 Sftfs - ok
    21:04:21.0034 6744 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    21:04:21.0038 6744 sftlist - ok
    21:04:21.0056 6744 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    21:04:21.0058 6744 Sftplay - ok
    21:04:21.0089 6744 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    21:04:21.0089 6744 Sftredir - ok
    21:04:21.0105 6744 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    21:04:21.0106 6744 Sftvol - ok
    21:04:21.0127 6744 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    21:04:21.0129 6744 sftvsa - ok
    21:04:21.0156 6744 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:04:21.0159 6744 SharedAccess - ok
    21:04:21.0192 6744 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:04:21.0196 6744 ShellHWDetection - ok
    21:04:21.0223 6744 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    21:04:21.0223 6744 SiSRaid2 - ok
    21:04:21.0257 6744 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    21:04:21.0258 6744 SiSRaid4 - ok
    21:04:21.0282 6744 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:04:21.0283 6744 Smb - ok
    21:04:21.0328 6744 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:04:21.0330 6744 SNMPTRAP - ok
    21:04:21.0351 6744 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:04:21.0352 6744 spldr - ok
    21:04:21.0379 6744 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    21:04:21.0384 6744 Spooler - ok
    21:04:21.0462 6744 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    21:04:21.0482 6744 sppsvc - ok
    21:04:21.0517 6744 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:04:21.0519 6744 sppuinotify - ok
    21:04:21.0553 6744 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:04:21.0556 6744 srv - ok
    21:04:21.0577 6744 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:04:21.0580 6744 srv2 - ok
    21:04:21.0629 6744 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    21:04:21.0631 6744 SrvHsfHDA - ok
    21:04:21.0677 6744 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    21:04:21.0707 6744 SrvHsfV92 - ok
    21:04:21.0757 6744 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    21:04:21.0765 6744 SrvHsfWinac - ok
    21:04:21.0804 6744 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:04:21.0806 6744 srvnet - ok
    21:04:21.0836 6744 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:04:21.0838 6744 SSDPSRV - ok
    21:04:21.0850 6744 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:04:21.0852 6744 SstpSvc - ok
    21:04:21.0938 6744 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
    21:04:21.0970 6744 STacSV - ok
    21:04:22.0023 6744 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    21:04:22.0024 6744 stexstor - ok
    21:04:22.0067 6744 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    21:04:22.0074 6744 STHDA - ok
    21:04:22.0132 6744 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    21:04:22.0137 6744 stisvc - ok
    21:04:22.0163 6744 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    21:04:22.0163 6744 swenum - ok
    21:04:22.0210 6744 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    21:04:22.0214 6744 swprv - ok
    21:04:22.0257 6744 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    21:04:22.0260 6744 SynTP - ok
    21:04:22.0320 6744 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    21:04:22.0331 6744 SysMain - ok
    21:04:22.0371 6744 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:04:22.0373 6744 TabletInputService - ok
    21:04:22.0380 6744 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:04:22.0383 6744 TapiSrv - ok
    21:04:22.0398 6744 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    21:04:22.0400 6744 TBS - ok
    21:04:22.0494 6744 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:04:22.0505 6744 Tcpip - ok
    21:04:22.0583 6744 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:04:22.0593 6744 TCPIP6 - ok
    21:04:22.0641 6744 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:04:22.0642 6744 tcpipreg - ok
    21:04:22.0660 6744 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:04:22.0661 6744 TDPIPE - ok
    21:04:22.0685 6744 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:04:22.0686 6744 TDTCP - ok
    21:04:22.0701 6744 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:04:22.0703 6744 tdx - ok
    21:04:22.0706 6744 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    21:04:22.0707 6744 TermDD - ok
    21:04:22.0757 6744 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    21:04:22.0762 6744 TermService - ok
    21:04:22.0772 6744 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    21:04:22.0774 6744 Themes - ok
    21:04:22.0788 6744 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    21:04:22.0789 6744 THREADORDER - ok
    21:04:22.0804 6744 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    21:04:22.0806 6744 TrkWks - ok
    21:04:22.0853 6744 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:04:22.0854 6744 TrustedInstaller - ok
    21:04:22.0865 6744 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:04:22.0866 6744 tssecsrv - ok
    21:04:22.0892 6744 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    21:04:22.0893 6744 TsUsbFlt - ok
    21:04:22.0928 6744 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    21:04:22.0929 6744 TsUsbGD - ok
    21:04:22.0956 6744 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:04:22.0957 6744 tunnel - ok
    21:04:23.0009 6744 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    21:04:23.0010 6744 uagp35 - ok
    21:04:23.0017 6744 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:04:23.0019 6744 udfs - ok
    21:04:23.0054 6744 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:04:23.0055 6744 UI0Detect - ok
    21:04:23.0083 6744 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:04:23.0084 6744 uliagpkx - ok
    21:04:23.0087 6744 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:04:23.0088 6744 umbus - ok
    21:04:23.0117 6744 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    21:04:23.0118 6744 UmPass - ok
    21:04:23.0223 6744 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    21:04:23.0238 6744 UNS - ok
    21:04:23.0309 6744 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    21:04:23.0313 6744 upnphost - ok
    21:04:23.0351 6744 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    21:04:23.0352 6744 USBAAPL64 - ok
    21:04:23.0415 6744 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    21:04:23.0416 6744 usbaudio - ok
    21:04:23.0448 6744 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:04:23.0449 6744 usbccgp - ok
    21:04:23.0492 6744 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:04:23.0493 6744 usbcir - ok
    21:04:23.0519 6744 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:04:23.0520 6744 usbehci - ok
    21:04:23.0548 6744 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:04:23.0550 6744 usbhub - ok
    21:04:23.0570 6744 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    21:04:23.0571 6744 usbohci - ok
    21:04:23.0592 6744 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    21:04:23.0592 6744 usbprint - ok
    21:04:23.0612 6744 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:04:23.0613 6744 USBSTOR - ok
    21:04:23.0625 6744 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    21:04:23.0626 6744 usbuhci - ok
    21:04:23.0662 6744 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    21:04:23.0664 6744 usbvideo - ok
    21:04:23.0701 6744 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    21:04:23.0703 6744 UxSms - ok
    21:04:23.0734 6744 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    21:04:23.0735 6744 VaultSvc - ok
    21:04:23.0738 6744 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    21:04:23.0739 6744 vdrvroot - ok
    21:04:23.0767 6744 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    21:04:23.0774 6744 vds - ok
    21:04:23.0834 6744 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:04:23.0835 6744 vga - ok
    21:04:23.0852 6744 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:04:23.0853 6744 VgaSave - ok
    21:04:23.0875 6744 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    21:04:23.0876 6744 vhdmp - ok
    21:04:23.0895 6744 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    21:04:23.0896 6744 viaide - ok
    21:04:23.0920 6744 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:04:23.0921 6744 volmgr - ok
    21:04:23.0941 6744 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:04:23.0943 6744 volmgrx - ok
    21:04:23.0950 6744 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:04:23.0953 6744 volsnap - ok
    21:04:23.0963 6744 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    21:04:23.0964 6744 vsmraid - ok
    21:04:24.0024 6744 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    21:04:24.0034 6744 VSS - ok
    21:04:24.0079 6744 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:04:24.0080 6744 vwifibus - ok
    21:04:24.0103 6744 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:04:24.0104 6744 vwififlt - ok
    21:04:24.0124 6744 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    21:04:24.0124 6744 vwifimp - ok
    21:04:24.0166 6744 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    21:04:24.0170 6744 W32Time - ok
    21:04:24.0209 6744 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    21:04:24.0209 6744 WacomPen - ok
    21:04:24.0238 6744 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:04:24.0239 6744 WANARP - ok
    21:04:24.0252 6744 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:04:24.0253 6744 Wanarpv6 - ok
    21:04:24.0320 6744 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    21:04:24.0328 6744 WatAdminSvc - ok
    21:04:24.0395 6744 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    21:04:24.0426 6744 wbengine - ok
    21:04:24.0431 6744 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:04:24.0434 6744 WbioSrvc - ok
    21:04:24.0470 6744 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:04:24.0473 6744 wcncsvc - ok
    21:04:24.0481 6744 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:04:24.0483 6744 WcsPlugInService - ok
    21:04:24.0510 6744 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    21:04:24.0511 6744 Wd - ok
    21:04:24.0548 6744 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    21:04:24.0549 6744 WDC_SAM - ok
    21:04:24.0571 6744 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:04:24.0575 6744 Wdf01000 - ok
    21:04:24.0591 6744 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:04:24.0593 6744 WdiServiceHost - ok
    21:04:24.0596 6744 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:04:24.0598 6744 WdiSystemHost - ok
    21:04:24.0631 6744 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    21:04:24.0634 6744 WebClient - ok
    21:04:24.0640 6744 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:04:24.0643 6744 Wecsvc - ok
    21:04:24.0647 6744 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:04:24.0649 6744 wercplsupport - ok
    21:04:24.0660 6744 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:04:24.0662 6744 WerSvc - ok
    21:04:24.0683 6744 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:04:24.0684 6744 WfpLwf - ok
    21:04:24.0701 6744 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:04:24.0702 6744 WIMMount - ok
    21:04:24.0723 6744 WinDefend - ok
    21:04:24.0727 6744 WinHttpAutoProxySvc - ok
    21:04:24.0784 6744 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:04:24.0817 6744 Winmgmt - ok
    21:04:24.0877 6744 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    21:04:24.0922 6744 WinRM - ok
    21:04:25.0025 6744 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    21:04:25.0026 6744 WinUsb - ok
    21:04:25.0074 6744 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:04:25.0081 6744 Wlansvc - ok
    21:04:25.0154 6744 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    21:04:25.0155 6744 wlcrasvc - ok
    21:04:25.0260 6744 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:04:25.0273 6744 wlidsvc - ok
    21:04:25.0308 6744 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:04:25.0309 6744 WmiAcpi - ok
    21:04:25.0347 6744 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:04:25.0369 6744 wmiApSrv - ok
    21:04:25.0395 6744 WMPNetworkSvc - ok
    21:04:25.0430 6744 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:04:25.0432 6744 WPCSvc - ok
    21:04:25.0445 6744 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:04:25.0447 6744 WPDBusEnum - ok
    21:04:25.0473 6744 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:04:25.0474 6744 ws2ifsl - ok
    21:04:25.0493 6744 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    21:04:25.0495 6744 wscsvc - ok
    21:04:25.0499 6744 WSearch - ok
    21:04:25.0571 6744 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:04:25.0586 6744 wuauserv - ok
    21:04:25.0604 6744 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:04:25.0605 6744 WudfPf - ok
    21:04:25.0623 6744 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:04:25.0624 6744 WUDFRd - ok
    21:04:25.0651 6744 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:04:25.0653 6744 wudfsvc - ok
    21:04:25.0689 6744 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:04:25.0692 6744 WwanSvc - ok
    21:04:25.0717 6744 ================ Scan global ===============================
    21:04:25.0737 6744 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    21:04:25.0766 6744 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:04:25.0773 6744 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:04:25.0815 6744 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    21:04:25.0850 6744 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    21:04:25.0853 6744 [Global] - ok
    21:04:25.0854 6744 ================ Scan MBR ==================================
    21:04:25.0865 6744 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    21:04:26.0140 6744 \Device\Harddisk0\DR0 - ok
    21:04:26.0140 6744 ================ Scan VBR ==================================
    21:04:26.0142 6744 [ 67C31A17191BE34F35D2AC1A6C9DF0BA ] \Device\Harddisk0\DR0\Partition1
    21:04:26.0144 6744 \Device\Harddisk0\DR0\Partition1 - ok
    21:04:26.0166 6744 [ 71DCD88E8576F1E4B614EE7EE29AE507 ] \Device\Harddisk0\DR0\Partition2
    21:04:26.0169 6744 \Device\Harddisk0\DR0\Partition2 - ok
    21:04:26.0194 6744 [ ABE74F6DBE652105C923E5E954EF3E16 ] \Device\Harddisk0\DR0\Partition3
    21:04:26.0195 6744 \Device\Harddisk0\DR0\Partition3 - ok
    21:04:26.0208 6744 [ DBE99EDA5FEB228F7FBAEDFBD202A650 ] \Device\Harddisk0\DR0\Partition4
    21:04:26.0209 6744 \Device\Harddisk0\DR0\Partition4 - ok
    21:04:26.0209 6744 ============================================================
    21:04:26.0209 6744 Scan finished
    21:04:26.0209 6744 ============================================================
    21:04:26.0217 7844 Detected object count: 0
    21:04:26.0217 7844 Actual detected object count: 0
    21:04:36.0978 5852 Deinitialize success
  13. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    Rogue killer log-

    RogueKiller V8.0.5 [09/23/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : areske [Admin rights]
    Mode : Remove -- Date : 09/26/2012 21:08:38

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com
    127.0.0.1 practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
    --- User ---
    [MBR] dd32188fa9329469e13384acb28c7f0f
    [BSP] cf48c302f995b75b8834d128eb736bb7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 286307 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 586766336 | Size: 14674 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] a31d5b6c50f336dd3eb98608e224f19a
    [BSP] cf48c302f995b75b8834d128eb736bb7 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
    1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo
    2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo
    3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 20000 Mo

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  14. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    Just downloaded aswMBR.. gonna run now.. ill post when it completes
  15. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    OH DONT KNOW WHY BUT WHEN I TRIED TO RIGHT CLICK AND COPY TDSSKILLER REPORT I COULDNT
  16. Broni

    Broni Malware Annihilator Posts: 46,478   +252

    You posted TDSSKiller log.
  17. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    SORRY DIDNT KNOW IF REPORT AND LOG WERE THE SAME..
  18. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    HERE IS aswMBR LOG-

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-26 21:58:48
    -----------------------------
    21:58:48.284 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:58:48.284 Number of processors: 4 586 0x2A07
    21:58:48.285 ComputerName: ARESKE-HP UserName: areske
    21:58:49.336 Initialize success
    21:58:56.750 AVAST engine defs: 12092601
    21:59:09.330 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:59:09.332 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
    21:59:09.534 Disk 0 MBR read successfully
    21:59:09.536 Disk 0 MBR scan
    21:59:09.540 Disk 0 Windows 7 default MBR code
    21:59:09.557 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    21:59:09.567 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 286307 MB offset 409600
    21:59:09.594 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14674 MB offset 586766336
    21:59:09.708 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 616818688
    21:59:09.786 Disk 0 scanning C:\Windows\system32\drivers
    21:59:36.530 Service scanning
    22:00:08.474 Modules scanning
    22:00:08.480 Disk 0 trace - called modules:
    22:00:08.854 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    22:00:08.858 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a31a060]
    22:00:08.861 3 CLASSPNP.SYS[fffff88001c2e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007cc1050]
    22:00:10.616 AVAST engine scan C:\Windows
    22:00:16.302 AVAST engine scan C:\Windows\system32
    22:05:16.416 AVAST engine scan C:\Windows\system32\drivers
    22:05:53.448 AVAST engine scan C:\Users\areske
    00:09:16.857 AVAST engine scan C:\ProgramData
    00:21:31.512 Scan finished successfully
    17:30:38.478 Disk 0 MBR has been saved successfully to "C:\Users\areske\Desktop\MBR.dat"
    17:30:38.532 The log file has been saved successfully to "C:\Users\areske\Desktop\aswMBR.txt"
  19. Broni

    Broni Malware Annihilator Posts: 46,478   +252

    Very good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ====================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  20. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    COMBOFIX LOG-
    ComboFix 12-09-27.03 - areske 09/27/2012 21:39:19.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.4788 [GMT -4:00]
    Running from: c:\users\areske\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\WanPacket.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-28 01:45 . 2012-09-28 01:45--------d-----w-c:\users\Default\AppData\Local\temp
    2012-09-28 01:45 . 2012-09-28 01:45--------d-----w-c:\users\Administrator\AppData\Local\temp
    2012-09-28 01:03 . 2012-09-19 04:589308616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{641DE5EC-9C43-483E-A082-D0DA6F8DDFA3}\mpengine.dll
    2012-09-27 00:54 . 2012-08-07 20:18972192------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FB4C4C2-4F5F-4055-B2A0-1CA963BC70B2}\gapaengine.dll
    2012-09-27 00:54 . 2012-09-19 04:589308616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-27 00:52 . 2012-09-27 00:52--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-09-27 00:52 . 2012-09-27 00:52--------d-----w-c:\program files\Microsoft Security Client
    2012-09-25 21:23 . 2012-08-30 07:279308616----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF4B4299-D553-4C49-AF1C-18CCB1DAF16A}\mpengine.dll
    2012-09-25 21:23 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-09-23 20:24 . 2012-09-23 20:38--------d-----w-c:\users\areske\AppData\Roaming\redsn0w
    2012-09-22 00:01 . 2012-09-22 00:01--------d-----w-c:\users\areske\.shsh
    2012-09-22 00:00 . 2012-09-22 00:00--------d-----w-c:\program files (x86)\Common Files\Java
    2012-09-22 00:00 . 2012-09-21 23:59821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-09-22 00:00 . 2012-09-21 23:59746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-09-22 00:00 . 2012-09-21 23:5995208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-21 23:59 . 2012-09-21 23:59--------d-----w-c:\program files (x86)\Java
    2012-09-21 23:59 . 2012-09-21 23:59--------d-----w-c:\programdata\McAfee
    2012-09-21 17:23 . 2012-08-21 17:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-21 17:22 . 2012-09-21 17:22--------d-----w-c:\program files\iPod
    2012-09-21 17:22 . 2012-09-21 17:23--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-21 17:22 . 2012-09-21 17:23--------d-----w-c:\program files\iTunes
    2012-09-21 17:22 . 2012-09-21 17:23--------d-----w-c:\program files (x86)\iTunes
    2012-09-21 02:40 . 2012-09-21 02:40--------d-----w-c:\program files (x86)\Google
    2012-09-18 21:05 . 2012-09-18 21:05--------d-----w-c:\users\areske\AppData\Local\libimobiledevice
    2012-09-12 23:40 . 2012-09-12 23:40159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-09-12 23:40 . 2012-09-12 23:40159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-09-12 23:40 . 2012-09-12 23:40159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-09-12 23:40 . 2012-09-12 23:40159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-09-12 23:40 . 2012-09-12 23:40159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-09-12 23:40 . 2012-09-12 23:40159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-09-12 23:40 . 2012-09-12 23:40159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-09-12 23:40 . 2012-09-12 23:40--------d-----w-c:\program files (x86)\QuickTime
    2012-09-12 09:13 . 2012-08-22 18:12950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-09-12 09:13 . 2012-08-22 18:121913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-09-12 09:13 . 2012-08-22 18:12376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-09-12 09:13 . 2012-08-02 17:58574464----a-w-c:\windows\system32\d3d10level9.dll
    2012-09-12 09:13 . 2012-08-02 16:57490496----a-w-c:\windows\SysWow64\d3d10level9.dll
    2012-09-12 09:13 . 2012-07-04 20:2641472----a-w-c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 09:13 . 2012-08-22 18:12288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-10 22:52 . 2012-09-10 22:52--------d-----w-C:\backup
    2012-09-10 22:49 . 2007-11-06 16:2340464----a-w-c:\windows\system32\drivers\npf.sys
    2012-09-10 22:49 . 2012-09-10 22:51--------d-----w-c:\program files (x86)\Linksys Adapter
    2012-09-09 20:53 . 2012-09-09 20:53--------d-----w-c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-09-08 19:08 . 2012-09-08 19:08--------d-----w-c:\program files (x86)\WinSCP
    2012-09-06 03:12 . 2012-09-06 03:12--------d-----w-c:\users\areske\AppData\Local\White_Sky,_Inc
    2012-09-03 04:06 . 2012-09-03 04:06--------d-----w-c:\users\areske\AppData\Local\Diagnostics
    2012-09-03 03:55 . 2012-09-03 03:55--------d-----w-c:\program files\Microsoft Device Center
    2012-09-01 23:05 . 2012-09-01 23:05--------d-----w-c:\programdata\ALM
    2012-09-01 22:52 . 2012-09-01 22:52696520----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-01 22:52 . 2012-09-01 22:52--------d-----w-c:\windows\system32\Macromed
    2012-09-01 22:51 . 2012-09-01 22:51--------d-----w-c:\users\areske\AppData\Roaming\Intel Corporation
    2012-09-01 22:51 . 2012-09-01 22:51--------d-----w-c:\users\Administrator\AppData\Roaming\Intel Corporation
    2012-09-01 22:50 . 2012-09-01 22:50--------d-----w-c:\users\Administrator\AppData\Roaming\Apple Computer
    2012-09-01 22:50 . 2012-09-01 22:50--------d-----w-c:\users\Administrator\AppData\Roaming\Synaptics
    2012-09-01 22:50 . 2012-09-01 22:51--------d-----w-c:\users\Administrator\AppData\Roaming\hpqLog
    2012-09-01 22:50 . 2012-09-01 22:50--------d-----w-c:\users\Administrator\AppData\Local\Adobe
    2012-09-01 22:50 . 2012-09-01 22:50--------d-----w-c:\users\Administrator\AppData\Local\ID Vault
    2012-09-01 22:49 . 2012-09-01 22:49--------d-----w-c:\users\Administrator\AppData\Roaming\Symantec
    2012-09-01 22:49 . 2012-09-01 22:50--------d-----w-c:\users\Administrator\AppData\Roaming\ID Vault
    2012-09-01 17:06 . 2011-05-20 13:53557848----a-w-c:\windows\system32\drivers\iaStor.sys
    2012-09-01 17:06 . 2012-09-01 17:06--------d-----w-c:\users\areske\AppData\Roaming\InstallShield
    2012-08-31 04:04 . 2012-08-31 04:04--------d-----w-c:\program files\WinZip
    2012-08-31 02:03 . 2012-08-31 02:03228768----a-w-c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 02:03 . 2012-08-31 02:03128456----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-07 21:04 . 2012-08-24 23:0925928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-01 22:52 . 2011-07-21 04:0673416----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-01 17:08 . 2011-09-23 08:291145960----a-w-c:\windows\system32\drivers\rtl8192ce.sys
    2012-08-31 04:43 . 2012-08-25 05:4164462936----a-w-c:\windows\system32\MRT.exe
    2012-08-24 22:06 . 2010-06-24 18:3319720----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-08-21 17:01 . 2012-08-25 02:46125872----a-w-c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2012-08-25 02:46106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15 . 2012-08-24 22:243148800----a-w-c:\windows\system32\win32k.sys
    2012-07-09 17:42 . 2012-07-09 17:424547984----a-w-c:\windows\system32\usbaaplrc.dll
    2012-07-09 17:42 . 2012-07-09 17:4252736----a-w-c:\windows\system32\drivers\usbaapl64.sys
    2012-07-04 22:16 . 2012-08-24 22:2573216----a-w-c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-24 22:2559392----a-w-c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-24 22:25136704----a-w-c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-24 22:2541984----a-w-c:\windows\SysWow64\browcli.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-8-30 5965936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 116648]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 250568]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 116648]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-04-08 338536]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-25 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 GIDv2;GIDv2; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-06 263496]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys [2011-03-29 1254464]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-09-01 1145960]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 71921279
    *NewlyCreated* - 85375868
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MPFILTER
    *NewlyCreated* - NISDRV
    *Deregistered* - 71921279
    *Deregistered* - 85375868
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 14:26435976----a-w-c:\program files (x86)\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 22:52]
    .
    2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 02:40]
    .
    2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 02:40]
    .
    2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3884388331-1653558372-2755294257-1001Core.job
    - c:\users\areske\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 04:55]
    .
    2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3884388331-1653558372-2755294257-1001UA.job
    - c:\users\areske\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 04:55]
    .
    2012-09-23 c:\windows\Tasks\HPCeeScheduleForARESKE-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-09-23 c:\windows\Tasks\HPCeeScheduleForareske.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-08 1128448]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://xfinity.comcast.net/?cid=cgps08252012
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    SafeBoot-04816452.sys
    SafeBoot-06289066.sys
    SafeBoot-27850289.sys
    SafeBoot-33995738.sys
    SafeBoot-43735734.sys
    SafeBoot-59706440.sys
    SafeBoot-60948396.sys
    SafeBoot-62256290.sys
    SafeBoot-62364828.sys
    SafeBoot-63038069.sys
    SafeBoot-63040718.sys
    SafeBoot-76181573.sys
    SafeBoot-90930021.sys
    SafeBoot-97334165.sys
    SafeBoot-98973076.sys
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-09-27 21:47:32
    ComboFix-quarantined-files.txt 2012-09-28 01:47
    .
    Pre-Run: 128,307,384,320 bytes free
    Post-Run: 129,123,704,832 bytes free
    .
    - - End Of File - - 8D57BDF49BEE498DF415B59D4A04271F
  21. Broni

    Broni Malware Annihilator Posts: 46,478   +252

    Looks good :)

    Any current issues?

    ===========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  22. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    NO EVERYTHING SEEMS GOOD.. THANKS.. I WILL DL THE OTL AND POST BACK TOMORROW.. AGAIN THANKS YOU
  23. Broni

    Broni Malware Annihilator Posts: 46,478   +252

  24. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\areske\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.95 Gb Total Physical Memory | 4.65 Gb Available Physical Memory | 58.44% Memory free
    15.90 Gb Paging File | 12.46 Gb Available in Paging File | 78.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 279.60 Gb Total Space | 120.35 Gb Free Space | 43.04% Space Free | Partition Type: NTFS
    Drive D: | 14.33 Gb Total Space | 0.78 Gb Free Space | 5.43% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32
    Drive G: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ARESKE-HP | User Name: areske | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/27 23:25:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\areske\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/08/30 10:04:22 | 005,965,936 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
    PRC - [2011/06/28 05:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    PRC - [2011/06/15 20:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/05/06 02:06:46 | 000,263,496 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/09 16:54:10 | 000,877,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
    MOD - [2012/09/02 22:12:29 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
    MOD - [2012/09/02 22:11:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/09/02 22:11:03 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
    MOD - [2012/09/02 22:11:02 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/09/02 22:10:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/09/02 22:10:03 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
    MOD - [2012/09/02 22:10:02 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
    MOD - [2012/09/02 22:10:01 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
    MOD - [2012/09/02 22:10:00 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
    MOD - [2012/09/01 13:08:01 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012/09/01 13:07:54 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
    MOD - [2012/09/01 13:07:50 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012/09/01 13:07:46 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/09/01 13:07:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/09/01 13:07:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/09/01 13:07:39 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
    MOD - [2012/09/01 13:07:36 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
    MOD - [2012/09/01 13:07:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/09/01 13:07:27 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/09/01 13:07:25 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
    MOD - [2012/09/01 13:07:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/09/01 13:07:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/09/01 13:07:18 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
    MOD - [2012/09/01 13:07:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/09/01 13:07:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/08/30 10:04:23 | 000,104,048 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
    MOD - [2012/08/30 10:01:11 | 000,548,040 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
    MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:\Windows\SysWOW64\EasyHook32.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/06/08 15:58:48 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
    SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/01 18:52:11 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/05/06 02:06:46 | 000,263,496 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
    SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/09/01 13:08:15 | 001,145,960 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/06/26 21:38:30 | 000,023,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2012/05/28 07:09:04 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/03/26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/20 23:51:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/07/20 23:51:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/07/05 10:18:38 | 000,029,288 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gidv2.sys -- (GIDv2)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/06/08 15:58:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/04/15 15:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/04/08 15:25:18 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/03/29 09:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AE1200w764.sys -- (Linksys_adapter_H)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{03E1F99B-34AE-4182-B651-88C34F0FE9AF}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{03E1F99B-34AE-4182-B651-88C34F0FE9AF}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=cgps08252012
    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\..\SearchScopes\{03E1F99B-34AE-4182-B651-88C34F0FE9AF}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\areske\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\areske\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - homepage: http://weather.weatherbug.com/PA/Ph...6042&uid=31e109f6-814c-4109-8a4d-1188594932e3
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://weather.weatherbug.com/PA/Ph...6042&uid=31e109f6-814c-4109-8a4d-1188594932e3
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\areske\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\areske\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\areske\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\areske\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
    CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\areske\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Bloglovin' = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcgnofbabeggkbjcogfmjfaojpdnehm\1.1_0\
    CHR - Extension: WiBit = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejaaogemoligmkbmeafkhnaegkggihf\2.1.1_0\
    CHR - Extension: Turn Off the Lights = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.6_0\
    CHR - Extension: eBay Web App = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.2_0\
    CHR - Extension: Facebook = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
    CHR - Extension: Add to Amazon Wish List = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\
    CHR - Extension: Monster Jobs = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\eocaeafeojdmijlfeheaeabellldmbcc\0.9.1.20_0\
    CHR - Extension: Website Logon = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\
    CHR - Extension: Text4FreeOnline = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhiboopoofbabnfbcpolfjgbckecbcl\1.1_0\
    CHR - Extension: Searchbar for Amazon = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmefehkkhdgnbppmpmmplbfdeckmhbja\1.2_0\
    CHR - Extension: Weather Window by WeatherBug = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
    CHR - Extension: Evernote Web = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
    CHR - Extension: Google Mail Checker = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.3.7_0\
    CHR - Extension: Dark wood = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfpfnpcdkbhengecnjpbmdeoebimbeo\1.6_0\
    CHR - Extension: Google Play Books = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
    CHR - Extension: Amazon Windowshop = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\nielaigelomefgdoljcpfgbdbfefhdjc\1.1.0.0_0\
    CHR - Extension: Evernote Web Clipper = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.7_0\
    CHR - Extension: Gmail = C:\Users\areske\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/09/27 21:45:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
    O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
    O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.829.1\NativeBHO.dll (WhiteSky)
    O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
    O3 - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3884388331-1653558372-2755294257-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209AB148-8182-48BD-B828-CC4F067CF7D6}: DhcpNameServer = 172.26.38.1 172.26.38.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22BE178C-75BB-49F7-92C5-AFD9F55449AD}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88392F5E-7C2A-4D79-95EE-463ECDF09881}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/02/02 14:14:20 | 000,000,082 | ---- | M] () - G:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  25. areske86

    areske86 Newcomer, in training Topic Starter Posts: 27

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/27 23:25:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\areske\Desktop\OTL.exe
    [2012/09/27 21:47:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/27 21:37:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/27 21:37:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/27 21:37:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/27 21:37:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/27 21:37:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/27 21:31:19 | 004,757,745 | R--- | C] (Swearware) -- C:\Users\areske\Desktop\ComboFix.exe
    [2012/09/26 21:53:11 | 000,000,000 | ---D | C] -- C:\Users\areske\Desktop\LOGS
    [2012/09/26 21:07:15 | 000,000,000 | ---D | C] -- C:\Users\areske\Desktop\RK_Quarantine
    [2012/09/26 21:06:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\areske\Desktop\aswMBR.exe
    [2012/09/26 20:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/09/26 20:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/09/25 22:56:52 | 000,000,000 | ---D | C] -- C:\Users\areske\Desktop\iphone5walls
    [2012/09/23 16:24:56 | 000,000,000 | ---D | C] -- C:\Users\areske\AppData\Roaming\redsn0w
    [2012/09/22 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\areske\Desktop\torrent downloads
    [2012/09/21 20:01:00 | 000,000,000 | ---D | C] -- C:\Users\areske\.shsh
    [2012/09/21 20:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/09/21 20:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/09/21 19:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/09/21 19:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/09/21 13:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [2012/09/21 13:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/09/21 13:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/09/21 13:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/09/21 13:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/09/21 13:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/09/20 22:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/09/20 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/09/18 17:05:32 | 000,000,000 | ---D | C] -- C:\Users\areske\AppData\Local\libimobiledevice
    [2012/09/17 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\areske\Desktop\kaspersky virus removal tool setup
    [2012/09/16 00:55:42 | 000,000,000 | ---D | C] -- C:\Users\areske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/09/14 20:48:34 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\areske\Desktop\TDSSKiller.exe
    [2012/09/12 19:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/09/12 19:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2012/09/11 20:36:45 | 000,000,000 | ---D | C] -- C:\Users\areske\Documents\edgy Badge black.theme
    [2012/09/10 18:52:46 | 000,000,000 | ---D | C] -- C:\backup
    [2012/09/10 18:49:51 | 000,040,464 | ---- | C] (CACE Technologies) -- C:\Windows\SysNative\drivers\npf.sys
    [2012/09/10 18:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linksys Adapter
    [2012/09/09 16:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    [2012/09/08 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
    [2012/09/08 15:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
    [2012/09/06 23:45:20 | 000,000,000 | ---D | C] -- C:\Users\areske\Documents\com.apple.mobilephone
    [2012/09/05 23:12:30 | 000,000,000 | ---D | C] -- C:\Users\areske\AppData\Local\White_Sky,_Inc
    [2012/09/05 15:39:48 | 000,000,000 | ---D | C] -- C:\Users\areske\Documents\edgy2x2.theme
    [2012/09/03 22:42:13 | 000,000,000 | ---D | C] -- C:\Users\areske\Documents\Destiny Icon shadow.theme
    [2012/09/03 00:06:49 | 000,000,000 | ---D | C] -- C:\Users\areske\AppData\Local\Diagnostics
    [2012/09/02 23:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/09/02 23:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
    [2012/09/01 21:31:55 | 000,000,000 | ---D | C] -- C:\Users\areske\Documents\my doppler dark.theme
    [2012/09/01 19:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
    [2012/09/01 18:52:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/09/01 18:51:43 | 000,000,000 | ---D | C] -- C:\Users\areske\AppData\Roaming\Intel Corporation
    [2012/09/01 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\areske\AppData\Roaming\InstallShield
    [2012/08/31 00:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    [2012/08/31 00:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

    ========== Files - Modified Within 30 Days ==========

    [2012/09/27 23:25:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\areske\Desktop\OTL.exe
    [2012/09/27 23:15:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884388331-1653558372-2755294257-1001UA.job
    [2012/09/27 22:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/27 22:51:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/27 22:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/27 21:45:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/27 21:31:23 | 004,757,745 | R--- | M] (Swearware) -- C:\Users\areske\Desktop\ComboFix.exe
    [2012/09/27 19:16:48 | 000,002,493 | ---- | M] () -- C:\Users\areske\Desktop\Google Chrome.lnk
    [2012/09/27 17:33:50 | 000,000,512 | ---- | M] () -- C:\Users\areske\Desktop\MBR.dat
    [2012/09/27 16:15:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884388331-1653558372-2755294257-1001Core.job
    [2012/09/26 21:06:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\areske\Desktop\aswMBR.exe
    [2012/09/26 20:55:46 | 001,391,616 | ---- | M] () -- C:\Users\areske\Desktop\RogueKiller (1).exe
    [2012/09/26 20:53:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/26 20:52:24 | 000,002,117 | ---- | M] () -- C:\Users\areske\Desktop\Microsoft Security Essentials.lnk
    [2012/09/25 22:58:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
    [2012/09/25 22:57:45 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/25 22:57:45 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/25 22:57:45 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/25 22:56:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/25 21:47:30 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 21:47:30 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 21:39:02 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/25 21:36:00 | 005,016,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/23 22:25:22 | 000,000,935 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
    [2012/09/22 23:32:47 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForARESKE-HP$.job
    [2012/09/22 23:32:47 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForareske.job
    [2012/09/22 23:29:01 | 000,000,600 | ---- | M] () -- C:\Users\areske\AppData\Roaming\winscp.rnd
    [2012/09/21 20:09:59 | 002,537,472 | ---- | M] () -- C:\Users\areske\Desktop\tinyumbrella-6.00.01.exe
    [2012/09/21 19:32:37 | 000,000,132 | ---- | M] () -- C:\Users\areske\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2012/09/21 13:23:08 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/20 22:49:31 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\areske\Desktop\TDSSKiller.exe
    [2012/09/12 20:59:29 | 000,000,473 | ---- | M] () -- C:\Users\areske\Desktop\My Passport (I) - Shortcut.lnk
    [2012/09/10 23:35:07 | 000,001,097 | ---- | M] () -- C:\Users\areske\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/09/10 23:35:07 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/09 16:54:16 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/09/08 15:08:19 | 000,001,813 | ---- | M] () -- C:\Users\areske\Desktop\WinSCP.lnk
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/05 23:12:02 | 000,002,167 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
    [2012/09/05 23:12:02 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
    [2012/09/02 23:56:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
    [2012/09/02 23:56:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
    [2012/09/02 23:54:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2012/09/01 23:13:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/08/31 00:04:32 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk

    ========== Files Created - No Company Name ==========

    [2012/09/27 21:37:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/27 21:37:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/27 21:37:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/27 21:37:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/27 21:37:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/26 21:44:15 | 000,000,512 | ---- | C] () -- C:\Users\areske\Desktop\MBR.dat
    [2012/09/26 20:55:45 | 001,391,616 | ---- | C] () -- C:\Users\areske\Desktop\RogueKiller (1).exe
    [2012/09/26 20:52:24 | 000,002,117 | ---- | C] () -- C:\Users\areske\Desktop\Microsoft Security Essentials.lnk
    [2012/09/25 22:58:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
    [2012/09/21 20:09:57 | 002,537,472 | ---- | C] () -- C:\Users\areske\Desktop\tinyumbrella-6.00.01.exe
    [2012/09/21 13:23:08 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/20 22:49:31 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/09/20 22:40:18 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/20 22:40:17 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/16 00:55:45 | 000,002,493 | ---- | C] () -- C:\Users\areske\Desktop\Google Chrome.lnk
    [2012/09/16 00:55:15 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884388331-1653558372-2755294257-1001UA.job
    [2012/09/16 00:55:14 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884388331-1653558372-2755294257-1001Core.job
    [2012/09/12 20:59:29 | 000,000,473 | ---- | C] () -- C:\Users\areske\Desktop\My Passport (I) - Shortcut.lnk
    [2012/09/10 23:35:07 | 000,001,097 | ---- | C] () -- C:\Users\areske\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/09/09 16:54:16 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/09/09 03:11:46 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/09/08 15:08:19 | 000,001,813 | ---- | C] () -- C:\Users\areske\Desktop\WinSCP.lnk
    [2012/09/02 23:56:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
    [2012/09/02 23:56:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
    [2012/09/02 23:54:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2012/09/02 18:10:52 | 000,019,601 | ---- | C] () -- C:\Users\areske\Documents\App-iPhoneIcon@2x.png
    [2012/09/01 23:13:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/09/01 19:06:10 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.1.lnk
    [2012/09/01 19:05:37 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
    [2012/09/01 19:05:03 | 000,001,242 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
    [2012/09/01 19:04:08 | 000,001,343 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
    [2012/09/01 19:04:06 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
    [2012/09/01 18:52:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/31 18:31:03 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForARESKE-HP$.job
    [2012/08/25 17:30:54 | 000,000,132 | ---- | C] () -- C:\Users\areske\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2012/08/25 02:44:42 | 000,000,600 | ---- | C] () -- C:\Users\areske\AppData\Roaming\winscp.rnd
    [2012/08/24 18:31:03 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/23 04:29:02 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2011/05/13 10:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/04/15 15:05:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/04/15 15:05:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/04/15 15:05:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/04/15 14:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/04/15 14:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/01 18:50:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ID Vault
    [2012/09/01 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Synaptics
    [2012/08/24 18:26:22 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/09/25 21:42:30 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\ID Vault
    [2012/08/25 03:43:08 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\IDT
    [2012/08/24 18:55:08 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\PDAppFlex
    [2012/09/23 16:38:13 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\redsn0w
    [2012/09/07 22:50:54 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\SoftGrid Client
    [2012/08/25 01:33:47 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/08/24 18:10:54 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\Synaptics
    [2012/08/24 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\TP
    [2012/09/22 23:30:30 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\uTorrent
    [2012/08/26 18:16:49 | 000,000,000 | ---D | M] -- C:\Users\areske\AppData\Roaming\WinZip

    ========== Purity Check ==========


    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.