Sudden slow download speed suspected malware

Solved
By James G
Sep 17, 2012
  1. Hello TS,
    I just got a new laptop and I'm having an issue using (Windows 7 Home Premium 64-bit Edition). When I started my computer I made a point to check the internet speed (wireless network). I used speedtest.net. My downloadspeed then was at least 1 Mbps (I've checked the speed so much now it's hard to remember) I didn't pay too much attention to my upload speed at that point but I know it was higher. I hadn't set up Adaware yet which is what I normally use. The internet was running fast at an acceptable speed. In the last 4 days I have.


    >used Thermaltake BlacX Duet Dual Hard Drives Docking Station to copy documents from my old laptop.

    > installed Adobe flash

    > Bought Downloaded and installed Adobe photoshop CS6

    > Started having trouble with download speed in the evening

    > Tried to go to a restore point from a windows update to see if a recent windows update had caused it to slow down

    > Restored it back to where I was as windows had just updated 61 documents

    > Had great connection the next morning and Immediately got my Adaware pro

    > Also secured my Router Network ( I am the only one who uses it and I live in a rural area)

    > Done a couple of full scans and came up with 1 corrupt file that I will post when I get back to my laptop

    > Have had slow download speed ever since

    > After this I installed my bamboo fun to do some work in PS

    ( all the above is in chronological order and I can't think of anything else I've done)

    I have been checking the speed at speedtest.net sometimes getting a flash animated error in the speed test and other times not being able to load the page as it just keeps loading and never finishes. Other times I get to hit begin test Ping goes at 19 ms and then the Download speed never finishes. The last time I checked it I was at 0.9 Mbps and 10 Mbps upload speed, but checking the Download speed took a minute or 2 to get across. When I right click The Network status has read 54. Mbps and sometimes slows down to 36. Mbps. All the while I had been trying to see if website pages would load. The problem seems to get worse the longer the computer is on.

    I've glanced at this page http://www.techspot.com/community/t...he-internet-to-slow-down-on-my-laptop.151749/ and I'm just hoping it's not something I can't fully fix.

    I will come back and post the corrupt file that adaware pro found right now I am using my work computer.

    Help is very much appreciated,

    James
  2. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. James G

    James G Newcomer, in training Topic Starter Posts: 48

    I will post as I follow your instructions thanks


    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.17.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    James :: JAMES-PC [administrator]

    9/17/2012 9:26:50 PM
    mbam-log-2012-09-17 (21-26-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217815
    Time elapsed: 1 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. James G

    James G Newcomer, in training Topic Starter Posts: 48

    DDS Notepad

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by James at 21:45:03 on 2012-09-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4066.2473 [GMT -4:00]
    .
    AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
    C:\Program Files (x86)\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe
    C:\Program Files (x86)\Infineon\Security Platform Software\ifxtcs.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\WSED\WSED.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe
    C:\Program Files (x86)\Infineon\Security Platform Software\SpTna.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.msn.com
    uDefault_Page_URL = hxxp://www.msn.com
    mDefault_Page_URL = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: EgisPBIE Sign-in Helper: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    uRun: [Akamai NetSession Interface] "C:\Users\James\AppData\Local\Akamai\netsession_win.exe"
    uRun: [AdobeBridge]
    uRun: [Bamboo Dock] "C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe"
    mRun: [AveoKeySti] "C:\Program Files (x86)\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [IFXSPMGT] "C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe" /NotifyLogon
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
    mRun: [WSED] C:\Program Files (x86)\WSED\WSED.exe
    mRun: [<NO NAME>]
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVEOST~1.LNK - C:\Program Files (x86)\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B8B6929E-F570-4FB6-BA4B-9EB1F8805F8D} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C96D66C6-6118-4052-BFAF-FB25306E8570} : DhcpNameServer = 10.0.0.2
    LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO-X64: Ad-Aware Security Toolbar - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO-X64: Search Helper - No File
    BHO-X64: EgisPBIE Sign-in Helper: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
    BHO-X64: EgisPBIE - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    mRun-x64: [AveoKeySti] "C:\Program Files (x86)\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe"
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun-x64: [IFXSPMGT] "C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe" /NotifyLogon
    mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun-x64: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
    mRun-x64: [WSED] C:\Program Files (x86)\WSED\WSED.exe
    mRun-x64: [(Default)]
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\my2whn7b.default\
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
    R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys --> C:\Windows\system32\drivers\psd.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
    R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2011-10-26 704048]
    R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-10-26 646704]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-6 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-9-6 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-6 161560]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-6 2458944]
    R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-9-16 5790064]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-9-16 487280]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-6 363800]
    R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\system32\DRIVERS\ATSwpWDF.sys --> C:\Windows\system32\DRIVERS\ATSwpWDF.sys [?]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 ibtfltcoex;ibtfltcoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-14 114144]
    S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-18 01:22:47 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
    2012-09-18 01:22:19 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-18 01:22:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-18 01:22:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-16 23:24:18 -------- d-----w- C:\Users\James\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2012-09-16 23:24:18 -------- d-----w- C:\ProgramData\Wacom
    2012-09-16 23:24:16 -------- d-----w- C:\Users\James\AppData\Roaming\Wacom
    2012-09-16 23:23:43 -------- d-----w- C:\Program Files (x86)\Bamboo Dock
    2012-09-16 23:18:14 642928 ------w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
    2012-09-16 23:18:14 -------- d-----w- C:\Users\James\AppData\Roaming\WTablet
    2012-09-16 23:18:12 749936 ------w- C:\Windows\System32\Pen_Touch_Tablet.dll
    2012-09-16 23:18:02 -------- d-----w- C:\Program Files (x86)\TabletPlugins
    2012-09-16 23:17:04 18288 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys
    2012-09-16 23:17:02 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys
    2012-09-16 23:16:58 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys
    2012-09-16 23:16:55 506736 ------w- C:\Windows\SysWow64\Wintab32.dll
    2012-09-16 23:16:54 600432 ------w- C:\Windows\System32\Wintab32.dll
    2012-09-16 23:16:53 756592 ------w- C:\Windows\System32\Pen_Tablet.dll
    2012-09-16 23:16:53 650096 ------w- C:\Windows\SysWow64\Pen_Tablet.dll
    2012-09-16 23:16:38 -------- d-----w- C:\Program Files\Tablet
    2012-09-16 20:24:08 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
    2012-09-16 18:48:46 -------- d-----w- C:\Users\James\AppData\Local\adaware
    2012-09-16 18:48:39 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
    2012-09-16 18:48:39 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
    2012-09-16 18:48:39 45936 ----a-w- C:\Windows\System32\sbbd.exe
    2012-09-16 18:48:38 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
    2012-09-16 18:43:44 -------- d-----w- C:\Users\James\AppData\Roaming\Ad-Aware Antivirus
    2012-09-16 18:37:45 -------- d-----w- C:\ProgramData\GFI Software
    2012-09-16 17:55:27 -------- d-----w- C:\Users\James\AppData\Local\Downloaded Installations
    2012-09-16 17:50:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-09-16 17:50:19 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-09-16 17:50:18 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-09-16 17:50:07 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2012-09-16 17:50:07 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2012-09-16 17:50:07 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2012-09-16 17:42:50 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
    2012-09-16 17:42:50 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-09-16 17:42:18 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-09-16 17:42:18 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-09-16 17:42:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-09-16 17:42:18 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-09-16 17:36:04 -------- d-----w- C:\Users\James\AppData\Local\adawarebp
    2012-09-16 17:36:04 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2012-09-16 17:36:04 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2012-09-16 17:36:03 -------- d-----w- C:\Program Files (x86)\adawaretb
    2012-09-16 17:29:52 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2012-09-16 17:29:51 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2012-09-16 17:29:49 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2012-09-16 17:29:49 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2012-09-16 17:29:37 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2012-09-16 17:29:37 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
    2012-09-16 17:29:37 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2012-09-16 17:29:37 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2012-09-16 17:29:37 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2012-09-16 17:29:37 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2012-09-16 17:27:29 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2012-09-16 17:27:28 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2012-09-16 17:27:28 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2012-09-16 17:27:28 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2012-09-16 17:25:13 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2012-09-16 17:25:13 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2012-09-16 17:25:13 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2012-09-16 17:24:10 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2012-09-16 17:24:10 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2012-09-16 17:24:10 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2012-09-16 17:24:10 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2012-09-16 17:24:04 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-09-16 17:24:00 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-09-16 17:17:38 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2012-09-16 17:17:37 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2012-09-16 17:17:36 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2012-09-16 17:17:22 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-09-16 17:17:22 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-09-16 17:17:12 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-09-16 17:16:45 956928 ----a-w- C:\Windows\System32\localspl.dll
    2012-09-16 17:16:35 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2012-09-16 17:16:33 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-09-16 17:16:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2012-09-16 17:16:33 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2012-09-16 17:16:33 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2012-09-16 17:16:27 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2012-09-16 17:16:27 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2012-09-16 17:16:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-16 17:16:11 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-16 17:13:43 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-09-16 17:13:43 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-09-16 06:48:05 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-09-16 06:48:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-09-16 05:27:45 -------- d-----w- C:\Users\James\AppData\Local\Diagnostics
    2012-09-15 23:00:22 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2012-09-15 23:00:22 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2012-09-15 23:00:22 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2012-09-15 23:00:22 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2012-09-15 23:00:22 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2012-09-14 21:42:29 -------- d-----w- C:\Users\James\AppData\Roaming\NVIDIA
    2012-09-14 21:42:11 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2012-09-14 21:38:48 -------- d-----w- C:\Users\James\AppData\Local\Adobe
    2012-09-14 15:50:07 -------- d-----w- C:\Users\James\AppData\Local\Macromedia
    2012-09-14 15:49:33 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-14 15:49:33 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-14 14:24:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-09-14 14:24:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-09-14 14:24:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-09-14 14:23:32 -------- d-----w- C:\Users\James\AppData\Roaming\Intel Corporation
    2012-09-06 21:58:29 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
    2012-09-06 21:53:39 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
    2012-09-06 21:50:04 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2012-09-06 21:50:04 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2012-09-06 21:50:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2012-09-06 21:48:55 3374592 ----a-w- C:\Windows\System32\NETwNr64.dll
    2012-09-06 21:48:55 11416576 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys
    2012-09-06 21:47:37 -------- d-----w- C:\ProgramData\XP32
    2012-09-06 21:47:37 -------- d-----w- C:\ProgramData\Win764
    2012-09-06 21:47:37 -------- d-----w- C:\ProgramData\Win732
    2012-09-06 21:47:37 -------- d-----w- C:\ProgramData\Vista64
    2012-09-06 21:47:37 -------- d-----w- C:\ProgramData\Vista32
    2012-09-06 21:47:29 -------- d-----w- C:\Program Files (x86)\WSED
    2012-09-06 21:46:18 18944 ----a-w- C:\Windows\System32\SzCcid.dll
    2012-09-06 21:46:11 -------- d-----w- C:\Program Files (x86)\AlcorMicroData
    2012-09-06 21:46:06 -------- d-----w- C:\ProgramData\SZCCID
    2012-09-06 21:46:06 -------- d-----w- C:\Program Files (x86)\AlcorMicro
    2012-09-06 21:45:19 62776 ----a-w- C:\Windows\System32\drivers\mwlPSDVDisk.sys
    2012-09-06 21:45:19 22648 ----a-w- C:\Windows\System32\drivers\mwlPSDFilter.sys
    2012-09-06 21:45:19 20520 ----a-w- C:\Windows\System32\drivers\mwlPSDNserv.sys
    2012-09-06 21:45:19 -------- d-----w- C:\ProgramData\EgisTec
    2012-09-06 21:45:15 -------- d-----w- C:\ProgramData\EgisTec IPS
    2012-09-06 21:45:15 -------- d-----w- C:\Program Files (x86)\EgisTec IPS
    2012-09-06 21:45:15 -------- d-----w- C:\Program Files (x86)\Common Files\EgisTec
    2012-09-06 21:45:09 -------- d-----w- C:\Program Files\EgisTec IPS
    2012-09-06 21:45:09 -------- d-----w- C:\Program Files (x86)\EgisTec BioExcess
    2012-09-06 21:44:08 -------- d-----w- C:\Program Files\Fingerprint Sensor
    2012-09-06 21:39:59 -------- d-----w- C:\ProgramData\Infineon
    2012-09-06 21:39:09 -------- d-----w- C:\Program Files (x86)\Infineon
    2012-09-06 21:38:05 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
    2012-09-06 21:37:57 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
    2012-09-06 21:37:56 787736 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
    2012-09-06 21:32:28 -------- d-----w- C:\Program Files\Elantech
    2012-09-06 21:32:27 240432 ----a-w- C:\Windows\System32\drivers\ETD.sys
    2012-09-06 21:26:54 -------- d--h--w- C:\Program Files (x86)\Temp
    2012-09-06 21:26:53 1698408 ------r- C:\Windows\RtlExUpd.dll
    2012-09-06 21:26:51 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-09-06 21:26:51 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-09-06 21:26:51 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-09-06 21:26:51 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-09-06 21:26:51 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2012-09-06 21:26:51 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-09-06 21:26:51 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-09-06 21:26:50 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-09-06 21:26:50 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-09-06 21:26:21 568600 ----a-w- C:\Windows\System32\drivers\iaStor.sys
    2012-09-06 21:25:15 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
    2012-09-06 21:24:58 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    2012-09-06 21:17:03 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
    2012-09-06 21:15:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2012-09-06 21:14:33 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
    2012-09-06 21:13:35 -------- d-----w- C:\Intel
    2012-09-06 21:12:28 86016 ----a-w- C:\Windows\SysWow64\AveoInftee.ax
    2012-09-06 21:12:28 28672 ----a-w- C:\Windows\SysWow64\MFC_InstDrvDLL.dll
    2012-09-06 21:12:28 -------- d-----w- C:\Program Files (x86)\AVEO
    .
    ==================== Find3M ====================
    .
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 21:45:15.74 ===============
  5. James G

    James G Newcomer, in training Topic Starter Posts: 48

    Attach Notepad


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/14/2012 10:22:15 AM
    System Uptime: 9/17/2012 9:13:25 PM (0 hours ago)
    .
    Motherboard: Compal | | Type2 - Board Product Name1
    Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz | U3E1 | 2301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 188.943 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP3: 9/14/2012 10:22:31 AM - Windows Update
    RP4: 9/14/2012 10:24:43 AM - Windows Update
    RP5: 9/16/2012 1:03:43 AM - Windows Update
    RP6: 9/16/2012 2:18:57 AM - Restore Operation
    RP7: 9/16/2012 2:25:14 AM - Windows Update
    RP8: 9/16/2012 2:39:40 AM - Restore Operation
    RP9: 9/16/2012 3:03:24 AM - Windows Update
    RP10: 9/16/2012 8:53:53 PM - Windows Update
    RP11: 9/16/2012 9:11:24 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Ad-Aware Antivirus
    Ad-Aware Browsing Protection
    Ad-Aware Security Toolbar
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS6
    Alcor Micro Smart Card Reader Driver
    AveoCap
    Bamboo
    Bamboo Dock
    Bamboo Dock 3.3
    BioExcess
    EMSC
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    NVIDIA PhysX
    PDF Settings CS6
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Wireless enable/disable
    WSED
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/16/2012 9:06:24 PM, Error: Service Control Manager [7023] -
    9/16/2012 9:05:55 PM, Error: Service Control Manager [7034] - The Trusted Platform Core Service service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 9:05:55 PM, Error: Service Control Manager [7034] - The Security Platform Management Service service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 9:05:55 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 9:05:55 PM, Error: Service Control Manager [7034] - The Personal Secure Drive Service service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 9:05:55 PM, Error: Service Control Manager [7034] - The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 9:05:55 PM, Error: Service Control Manager [7034] - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 9:05:55 PM, Error: Service Control Manager [7034] - The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 9:05:54 PM, Error: Service Control Manager [7034] - The EgisTec Ticket Service service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 9:05:54 PM, Error: Service Control Manager [7034] - The EgisTec Service service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 9:05:54 PM, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
    9/16/2012 2:38:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    .
    ==== End Of File ===========================
  6. James G

    James G Newcomer, in training Topic Starter Posts: 48

    I Just want to say. GMER did not produce a log after the scan or rather an empty log. I won't do anything further on this laptop as per the instructions.

    Thanks.
  7. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  8. James G

    James G Newcomer, in training Topic Starter Posts: 48

    I just got to my laptop and when I started up Bamboo tried to run an automatic update which I stopped. There was also a power outage earlier due to a storm. My internet connection seems fine but I've just tried to download TDSS Killer twice and got an error message. The first message I couldn't see because it seemed to save an image of what was behind it, but the second time I got this

    (Download error
    C:\Users\James\Downloads\tdsskiller.zip.part could not be saved, because the source file could not be read.

    Try again later, or contact the server administrator.)

    I am going to reboot and see if I can download, if not, I will let you know.
  9. Broni

    Broni Malware Annihilator Posts: 46,171   +251

  10. James G

    James G Newcomer, in training Topic Starter Posts: 48

    First half of TDSS

    21:28:45.0035 5436 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    21:28:45.0480 5436 ============================================================
    21:28:45.0480 5436 Current date / time: 2012/09/18 21:28:45.0480
    21:28:45.0480 5436 SystemInfo:
    21:28:45.0480 5436
    21:28:45.0480 5436 OS Version: 6.1.7601 ServicePack: 1.0
    21:28:45.0480 5436 Product type: Workstation
    21:28:45.0480 5436 ComputerName: JAMES-PC
    21:28:45.0480 5436 UserName: James
    21:28:45.0480 5436 Windows directory: C:\Windows
    21:28:45.0480 5436 System windows directory: C:\Windows
    21:28:45.0480 5436 Running under WOW64
    21:28:45.0480 5436 Processor architecture: Intel x64
    21:28:45.0480 5436 Number of processors: 8
    21:28:45.0480 5436 Page size: 0x1000
    21:28:45.0480 5436 Boot type: Normal boot
    21:28:45.0480 5436 ============================================================
    21:28:45.0892 5436 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:28:45.0895 5436 ============================================================
    21:28:45.0895 5436 \Device\Harddisk0\DR0:
    21:28:45.0895 5436 MBR partitions:
    21:28:45.0895 5436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    21:28:45.0895 5436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF1000
    21:28:45.0895 5436 ============================================================
    21:28:45.0896 5436 C: <-> \Device\Harddisk0\DR0\Partition2
    21:28:45.0896 5436 ============================================================
    21:28:45.0896 5436 Initialize success
    21:28:45.0896 5436 ============================================================
    21:28:49.0668 5664 ============================================================
    21:28:49.0668 5664 Scan started
    21:28:49.0668 5664 Mode: Manual;
    21:28:49.0668 5664 ============================================================
    21:28:49.0804 5664 ================ Scan system memory ========================
    21:28:49.0804 5664 System memory - ok
    21:28:49.0804 5664 ================ Scan services =============================
    21:28:49.0854 5664 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    21:28:49.0861 5664 1394ohci - ok
    21:28:49.0872 5664 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    21:28:49.0875 5664 ACPI - ok
    21:28:49.0880 5664 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    21:28:49.0884 5664 AcpiPmi - ok
    21:28:49.0907 5664 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    21:28:49.0919 5664 Ad-Aware Service - ok
    21:28:49.0931 5664 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    21:28:49.0943 5664 adp94xx - ok
    21:28:49.0953 5664 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    21:28:49.0963 5664 adpahci - ok
    21:28:49.0971 5664 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    21:28:49.0978 5664 adpu320 - ok
    21:28:49.0986 5664 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:28:49.0988 5664 AeLookupSvc - ok
    21:28:50.0000 5664 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    21:28:50.0013 5664 AFD - ok
    21:28:50.0019 5664 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:28:50.0023 5664 agp440 - ok
    21:28:50.0029 5664 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    21:28:50.0034 5664 ALG - ok
    21:28:50.0039 5664 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:28:50.0042 5664 aliide - ok
    21:28:50.0047 5664 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    21:28:50.0051 5664 amdide - ok
    21:28:50.0057 5664 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    21:28:50.0061 5664 AmdK8 - ok
    21:28:50.0066 5664 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    21:28:50.0071 5664 AmdPPM - ok
    21:28:50.0077 5664 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
    21:28:50.0082 5664 amdsata - ok
    21:28:50.0090 5664 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    21:28:50.0097 5664 amdsbs - ok
    21:28:50.0103 5664 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    21:28:50.0106 5664 amdxata - ok
    21:28:50.0112 5664 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    21:28:50.0116 5664 AppID - ok
    21:28:50.0122 5664 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:28:50.0125 5664 AppIDSvc - ok
    21:28:50.0130 5664 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    21:28:50.0132 5664 Appinfo - ok
    21:28:50.0138 5664 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    21:28:50.0143 5664 arc - ok
    21:28:50.0149 5664 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    21:28:50.0154 5664 arcsas - ok
    21:28:50.0159 5664 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:28:50.0160 5664 AsyncMac - ok
    21:28:50.0164 5664 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    21:28:50.0168 5664 atapi - ok
    21:28:50.0244 5664 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    21:28:50.0321 5664 atikmdag - ok
    21:28:50.0337 5664 [ 0C9039EC45E6C4631BE31DDEC370D341 ] ATSwpWDF C:\Windows\system32\DRIVERS\ATSwpWDF.sys
    21:28:50.0365 5664 ATSwpWDF - ok
    21:28:50.0375 5664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:28:50.0380 5664 AudioEndpointBuilder - ok
    21:28:50.0389 5664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:28:50.0393 5664 AudioSrv - ok
    21:28:50.0398 5664 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:28:50.0402 5664 AxInstSV - ok
    21:28:50.0410 5664 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    21:28:50.0419 5664 b06bdrv - ok
    21:28:50.0425 5664 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:28:50.0432 5664 b57nd60a - ok
    21:28:50.0437 5664 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:28:50.0441 5664 BDESVC - ok
    21:28:50.0445 5664 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:28:50.0447 5664 Beep - ok
    21:28:50.0457 5664 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    21:28:50.0462 5664 BFE - ok
    21:28:50.0474 5664 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    21:28:50.0480 5664 BITS - ok
    21:28:50.0484 5664 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    21:28:50.0487 5664 blbdrive - ok
    21:28:50.0502 5664 [ 05981C3E51D827ED6B8101A54B05E392 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    21:28:50.0508 5664 Bluetooth Device Monitor - ok
    21:28:50.0526 5664 [ BBFAF63BF768047FE2441B4139E803E3 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    21:28:50.0534 5664 Bluetooth Media Service - ok
    21:28:50.0549 5664 [ 41D8F56E6BBE0111244D87BE2FA90374 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    21:28:50.0555 5664 Bluetooth OBEX Service - ok
    21:28:50.0560 5664 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:28:50.0564 5664 bowser - ok
    21:28:50.0568 5664 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    21:28:50.0570 5664 BrFiltLo - ok
    21:28:50.0575 5664 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    21:28:50.0577 5664 BrFiltUp - ok
    21:28:50.0582 5664 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    21:28:50.0583 5664 Browser - ok
    21:28:50.0589 5664 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:28:50.0595 5664 Brserid - ok
    21:28:50.0599 5664 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:28:50.0602 5664 BrSerWdm - ok
    21:28:50.0605 5664 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:28:50.0608 5664 BrUsbMdm - ok
    21:28:50.0611 5664 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:28:50.0613 5664 BrUsbSer - ok
    21:28:50.0617 5664 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    21:28:50.0620 5664 BthEnum - ok
    21:28:50.0624 5664 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    21:28:50.0627 5664 BTHMODEM - ok
    21:28:50.0632 5664 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    21:28:50.0633 5664 BthPan - ok
    21:28:50.0642 5664 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    21:28:50.0652 5664 BTHPORT - ok
    21:28:50.0656 5664 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    21:28:50.0658 5664 bthserv - ok
    21:28:50.0661 5664 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    21:28:50.0665 5664 BTHUSB - ok
    21:28:50.0670 5664 [ 988CC6CC49303665D3B2435C51505C3F ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
    21:28:50.0780 5664 btmaux - ok
    21:28:50.0789 5664 [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
    21:28:50.0916 5664 btmhsf - ok
    21:28:50.0920 5664 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:28:50.0922 5664 cdfs - ok
    21:28:50.0926 5664 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:28:50.0929 5664 cdrom - ok
    21:28:50.0933 5664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    21:28:50.0933 5664 CertPropSvc - ok
    21:28:50.0936 5664 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    21:28:50.0938 5664 circlass - ok
    21:28:50.0943 5664 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    21:28:50.0945 5664 CLFS - ok
    21:28:50.0952 5664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:28:50.0955 5664 clr_optimization_v2.0.50727_32 - ok
    21:28:50.0961 5664 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:28:50.0964 5664 clr_optimization_v2.0.50727_64 - ok
    21:28:50.0972 5664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:28:50.0973 5664 clr_optimization_v4.0.30319_32 - ok
    21:28:50.0980 5664 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:28:50.0981 5664 clr_optimization_v4.0.30319_64 - ok
    21:28:50.0984 5664 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    21:28:50.0986 5664 CmBatt - ok
    21:28:50.0989 5664 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:28:50.0990 5664 cmdide - ok
    21:28:50.0997 5664 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    21:28:51.0004 5664 CNG - ok
    21:28:51.0007 5664 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    21:28:51.0008 5664 Compbatt - ok
    21:28:51.0011 5664 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    21:28:51.0013 5664 CompositeBus - ok
    21:28:51.0015 5664 COMSysApp - ok
    21:28:51.0018 5664 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    21:28:51.0020 5664 crcdisk - ok
    21:28:51.0026 5664 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:28:51.0027 5664 CryptSvc - ok
    21:28:51.0034 5664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:28:51.0038 5664 DcomLaunch - ok
    21:28:51.0043 5664 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    21:28:51.0049 5664 defragsvc - ok
    21:28:51.0052 5664 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:28:51.0055 5664 DfsC - ok
    21:28:51.0060 5664 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:28:51.0062 5664 Dhcp - ok
    21:28:51.0064 5664 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    21:28:51.0067 5664 discache - ok
    21:28:51.0070 5664 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    21:28:51.0072 5664 Disk - ok
    21:28:51.0076 5664 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:28:51.0078 5664 Dnscache - ok
    21:28:51.0082 5664 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:28:51.0087 5664 dot3svc - ok
    21:28:51.0091 5664 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    21:28:51.0092 5664 DPS - ok
    21:28:51.0095 5664 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:28:51.0096 5664 drmkaud - ok
    21:28:51.0107 5664 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:28:51.0113 5664 DXGKrnl - ok
    21:28:51.0117 5664 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    21:28:51.0118 5664 EapHost - ok
    21:28:51.0147 5664 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    21:28:51.0178 5664 ebdrv - ok
    21:28:51.0182 5664 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    21:28:51.0183 5664 EFS - ok
    21:28:51.0192 5664 [ 837080D0CE753D424A7597687ADF635E ] EgisTec Service C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    21:28:51.0195 5664 EgisTec Service - ok
    21:28:51.0203 5664 [ 8383299C07CDBA1D4FC9BA4F14C32F7F ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    21:28:51.0217 5664 EgisTec Ticket Service - ok
    21:28:51.0226 5664 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:28:51.0235 5664 ehRecvr - ok
    21:28:51.0238 5664 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    21:28:51.0241 5664 ehSched - ok
    21:28:51.0250 5664 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    21:28:51.0257 5664 elxstor - ok
    21:28:51.0260 5664 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows\system32\DRIVERS\EMSC.SYS
    21:28:51.0264 5664 EMSC - ok
    21:28:51.0267 5664 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:28:51.0269 5664 ErrDev - ok
    21:28:51.0275 5664 [ 1550E7977E376F7AE4D9D44D7C8FC8E8 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
    21:28:51.0283 5664 ETD - ok
    21:28:51.0290 5664 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    21:28:51.0293 5664 EventSystem - ok
    21:28:51.0297 5664 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    21:28:51.0301 5664 exfat - ok
    21:28:51.0305 5664 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:28:51.0309 5664 fastfat - ok
    21:28:51.0318 5664 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    21:28:51.0321 5664 Fax - ok
    21:28:51.0324 5664 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    21:28:51.0326 5664 fdc - ok
    21:28:51.0329 5664 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:28:51.0330 5664 fdPHost - ok
    21:28:51.0333 5664 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:28:51.0334 5664 FDResPub - ok
    21:28:51.0337 5664 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:28:51.0339 5664 FileInfo - ok
    21:28:51.0341 5664 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:28:51.0343 5664 Filetrace - ok
    21:28:51.0346 5664 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    21:28:51.0348 5664 flpydisk - ok
    21:28:51.0353 5664 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:28:51.0358 5664 FltMgr - ok
    21:28:51.0370 5664 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
    21:28:51.0375 5664 FontCache - ok
    21:28:51.0379 5664 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:28:51.0381 5664 FontCache3.0.0.0 - ok
    21:28:51.0384 5664 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:28:51.0386 5664 FsDepends - ok
    21:28:51.0389 5664 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:28:51.0390 5664 Fs_Rec - ok
    21:28:51.0394 5664 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:28:51.0398 5664 fvevol - ok
    21:28:51.0402 5664 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    21:28:51.0404 5664 gagp30kx - ok
    21:28:51.0412 5664 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    21:28:51.0416 5664 gpsvc - ok
    21:28:51.0419 5664 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:28:51.0421 5664 hcw85cir - ok
    21:28:51.0426 5664 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:28:51.0432 5664 HdAudAddService - ok
    21:28:51.0435 5664 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:28:51.0436 5664 HDAudBus - ok
    21:28:51.0439 5664 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    21:28:51.0441 5664 HidBatt - ok
    21:28:51.0444 5664 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    21:28:51.0447 5664 HidBth - ok
    21:28:51.0463 5664 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    21:28:51.0466 5664 HidIr - ok
    21:28:51.0469 5664 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    21:28:51.0470 5664 hidserv - ok
    21:28:51.0472 5664 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:28:51.0474 5664 HidUsb - ok
    21:28:51.0477 5664 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:28:51.0478 5664 hkmsvc - ok
    21:28:51.0483 5664 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:28:51.0484 5664 HomeGroupListener - ok
    21:28:51.0489 5664 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:28:51.0490 5664 HomeGroupProvider - ok
    21:28:51.0493 5664 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    21:28:51.0496 5664 HpSAMD - ok
    21:28:51.0504 5664 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:28:51.0516 5664 HTTP - ok
    21:28:51.0519 5664 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:28:51.0521 5664 hwpolicy - ok
    21:28:51.0524 5664 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    21:28:51.0527 5664 i8042prt - ok
    21:28:51.0535 5664 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    21:28:51.0537 5664 iaStor - ok
    21:28:51.0541 5664 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    21:28:51.0542 5664 IAStorDataMgrSvc - ok
    21:28:51.0547 5664 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    21:28:51.0554 5664 iaStorV - ok
    21:28:51.0558 5664 [ 9E3D44CE737388F6BBBB6DD4A1C1847C ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
    21:28:51.0656 5664 ibtfltcoex - ok
    21:28:51.0660 5664 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    21:28:51.0663 5664 IDriverT - ok
    21:28:51.0672 5664 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:28:51.0682 5664 idsvc - ok
    21:28:51.0694 5664 [ BB530F1C035DD72A33ACE0A5DB65CB78 ] IFXSpMgtSrv C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe
    21:28:51.0699 5664 IFXSpMgtSrv - ok
    21:28:51.0709 5664 [ DD2CA93025BB1174C870F0B0A7B445DE ] IFXTCS C:\Program Files (x86)\Infineon\Security Platform Software\ifxtcs.exe
    21:28:51.0713 5664 IFXTCS - ok
    21:28:51.0717 5664 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    21:28:51.0719 5664 iirsp - ok
    21:28:51.0729 5664 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    21:28:51.0733 5664 IKEEXT - ok
    21:28:51.0761 5664 [ ABA41EE6F5EEFC034F3BBD025506B37E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    21:28:51.0808 5664 IntcAzAudAddService - ok
    21:28:51.0818 5664 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    21:28:51.0820 5664 Intel(R) Capability Licensing Service Interface - ok
    21:28:51.0825 5664 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    21:28:51.0830 5664 Intel(R) ME Service - ok
    21:28:51.0833 5664 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    21:28:51.0835 5664 intelide - ok
    21:28:51.0838 5664 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:28:51.0838 5664 intelppm - ok
    21:28:51.0841 5664 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:28:51.0845 5664 IPBusEnum - ok
    21:28:51.0848 5664 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:28:51.0850 5664 IpFilterDriver - ok
    21:28:51.0857 5664 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:28:51.0860 5664 iphlpsvc - ok
    21:28:51.0864 5664 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    21:28:51.0866 5664 IPMIDRV - ok
    21:28:51.0870 5664 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:28:51.0873 5664 IPNAT - ok
    21:28:51.0875 5664 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:28:51.0877 5664 IRENUM - ok
    21:28:51.0880 5664 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:28:51.0882 5664 isapnp - ok
    21:28:51.0887 5664 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    21:28:51.0893 5664 iScsiPrt - ok
    21:28:51.0896 5664 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
    21:28:51.0897 5664 iusb3hcs - ok
    21:28:51.0903 5664 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
    21:28:51.0906 5664 iusb3hub - ok
    21:28:51.0916 5664 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
    21:28:51.0920 5664 iusb3xhc - ok
    21:28:51.0924 5664 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    21:28:51.0925 5664 jhi_service - ok
    21:28:51.0928 5664 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:28:51.0930 5664 kbdclass - ok
    21:28:51.0932 5664 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    21:28:51.0934 5664 kbdhid - ok
    21:28:51.0937 5664 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    21:28:51.0938 5664 KeyIso - ok
    21:28:51.0941 5664 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:28:51.0943 5664 KSecDD - ok
    21:28:51.0947 5664 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:28:51.0950 5664 KSecPkg - ok
    21:28:51.0953 5664 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:28:51.0955 5664 ksthunk - ok
    21:28:51.0961 5664 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:28:51.0968 5664 KtmRm - ok
    21:28:51.0973 5664 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    21:28:51.0975 5664 LanmanServer - ok
    21:28:51.0978 5664 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:28:51.0980 5664 LanmanWorkstation - ok
    21:28:51.0983 5664 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:28:51.0985 5664 lltdio - ok
    21:28:51.0990 5664 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:28:51.0997 5664 lltdsvc - ok
    21:28:51.0999 5664 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:28:52.0000 5664 lmhosts - ok
    21:28:52.0005 5664 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    21:28:52.0006 5664 LMS - ok
    21:28:52.0010 5664 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    21:28:52.0014 5664 LSI_FC - ok
    21:28:52.0017 5664 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    21:28:52.0020 5664 LSI_SAS - ok
    21:28:52.0023 5664 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    21:28:52.0025 5664 LSI_SAS2 - ok
    21:28:52.0029 5664 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    21:28:52.0032 5664 LSI_SCSI - ok
    21:28:52.0036 5664 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:28:52.0039 5664 luafv - ok
    21:28:52.0042 5664 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:28:52.0045 5664 Mcx2Svc - ok
    21:28:52.0048 5664 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    21:28:52.0050 5664 megasas - ok
    21:28:52.0055 5664 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    21:28:52.0060 5664 MegaSR - ok
    21:28:52.0064 5664 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    21:28:52.0065 5664 MEIx64 - ok
    21:28:52.0068 5664 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    21:28:52.0069 5664 MMCSS - ok
    21:28:52.0072 5664 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    21:28:52.0074 5664 Modem - ok
    21:28:52.0077 5664 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:28:52.0077 5664 monitor - ok
    21:28:52.0080 5664 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:28:52.0081 5664 mouclass - ok
    21:28:52.0084 5664 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:28:52.0086 5664 mouhid - ok
    21:28:52.0089 5664 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    21:28:52.0091 5664 mountmgr - ok
    21:28:52.0095 5664 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    21:28:52.0099 5664 MozillaMaintenance - ok
    21:28:52.0103 5664 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:28:52.0106 5664 mpio - ok
    21:28:52.0109 5664 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:28:52.0112 5664 mpsdrv - ok
    21:28:52.0122 5664 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:28:52.0126 5664 MpsSvc - ok
    21:28:52.0130 5664 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:28:52.0133 5664 MRxDAV - ok
    21:28:52.0137 5664 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:28:52.0141 5664 mrxsmb - ok
    21:28:52.0146 5664 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:28:52.0152 5664 mrxsmb10 - ok
    21:28:52.0155 5664 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:28:52.0158 5664 mrxsmb20 - ok
    21:28:52.0161 5664 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:28:52.0163 5664 msahci - ok
    21:28:52.0166 5664 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:28:52.0170 5664 msdsm - ok
    21:28:52.0173 5664 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    21:28:52.0177 5664 MSDTC - ok
    21:28:52.0181 5664 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:28:52.0183 5664 Msfs - ok
    21:28:52.0185 5664 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:28:52.0187 5664 mshidkmdf - ok
    21:28:52.0189 5664 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:28:52.0191 5664 msisadrv - ok
    21:28:52.0194 5664 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:28:52.0198 5664 MSiSCSI - ok
    21:28:52.0201 5664 msiserver - ok
    21:28:52.0203 5664 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:28:52.0205 5664 MSKSSRV - ok
    21:28:52.0208 5664 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:28:52.0209 5664 MSPCLOCK - ok
    21:28:52.0212 5664 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:28:52.0214 5664 MSPQM - ok
    21:28:52.0219 5664 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:28:52.0225 5664 MsRPC - ok
    21:28:52.0229 5664 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    21:28:52.0230 5664 mssmbios - ok
    21:28:52.0232 5664 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:28:52.0234 5664 MSTEE - ok
    21:28:52.0236 5664 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    21:28:52.0238 5664 MTConfig - ok
    21:28:52.0242 5664 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:28:52.0243 5664 Mup - ok
    21:28:52.0246 5664 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
    21:28:52.0250 5664 mwlPSDFilter - ok
    21:28:52.0253 5664 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
    21:28:52.0257 5664 mwlPSDNServ - ok
    21:28:52.0260 5664 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
    21:28:52.0264 5664 mwlPSDVDisk - ok
    21:28:52.0271 5664 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    21:28:52.0274 5664 napagent - ok
    21:28:52.0280 5664 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:28:52.0286 5664 NativeWifiP - ok
    21:28:52.0297 5664 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:28:52.0301 5664 NDIS - ok
    21:28:52.0304 5664 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:28:52.0306 5664 NdisCap - ok
    21:28:52.0309 5664 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:28:52.0311 5664 NdisTapi - ok
    21:28:52.0313 5664 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:28:52.0316 5664 Ndisuio - ok
    21:28:52.0319 5664 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:28:52.0323 5664 NdisWan - ok
    21:28:52.0327 5664 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:28:52.0329 5664 NDProxy - ok
    21:28:52.0332 5664 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:28:52.0334 5664 NetBIOS - ok
    21:28:52.0338 5664 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:28:52.0344 5664 NetBT - ok
    21:28:52.0346 5664 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    21:28:52.0347 5664 Netlogon - ok
    21:28:52.0352 5664 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    21:28:52.0355 5664 Netman - ok
    21:28:52.0361 5664 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    21:28:52.0363 5664 netprofm - ok
    21:28:52.0366 5664 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:28:52.0369 5664 NetTcpPortSharing - ok
    21:28:52.0490 5664 [ 47DC062656EA661FE9175DBACAD00E9D ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
    21:28:52.0638 5664 NETwNs64 - ok
    21:28:52.0644 5664 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    21:28:52.0646 5664 nfrd960 - ok
    21:28:52.0651 5664 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:28:52.0653 5664 NlaSvc - ok
    21:28:52.0656 5664 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:28:52.0658 5664 Npfs - ok
    21:28:52.0660 5664 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    21:28:52.0661 5664 nsi - ok
    21:28:52.0664 5664 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:28:52.0666 5664 nsiproxy - ok
    21:28:52.0683 5664 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:28:52.0708 5664 Ntfs - ok
    21:28:52.0711 5664 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    21:28:52.0712 5664 Null - ok
    21:28:52.0717 5664 [ A4247F976E40B5C23273631153D97D58 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    21:28:52.0723 5664 NVHDA - ok
    21:28:52.0896 5664 [ 62CFE4DB3B014D248B70D1076636B001 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    21:28:53.0115 5664 nvlddmkm - ok
    21:28:53.0122 5664 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:28:53.0126 5664 nvraid - ok
    21:28:53.0130 5664 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:28:53.0134 5664 nvstor - ok
    21:28:53.0144 5664 [ 09EA4E7A5BB2F65DB0818CC5385E0A19 ] nvsvc C:\Windows\system32\nvvsvc.exe
    21:28:53.0148 5664 nvsvc - ok
    21:28:53.0172 5664 [ 961A4BD1A239F032056CE5F9B61CAE6D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    21:28:53.0181 5664 nvUpdatusService - ok
    21:28:53.0185 5664 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:28:53.0188 5664 nv_agp - ok
    21:28:53.0192 5664 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    21:28:53.0194 5664 ohci1394 - ok
    21:28:53.0200 5664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:28:53.0202 5664 p2pimsvc - ok
    21:28:53.0208 5664 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:28:53.0210 5664 p2psvc - ok
    21:28:53.0213 5664 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    21:28:53.0216 5664 Parport - ok
    21:28:53.0219 5664 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:28:53.0222 5664 partmgr - ok
    21:28:53.0226 5664 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:28:53.0227 5664 PcaSvc - ok
    21:28:53.0231 5664 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    21:28:53.0235 5664 pci - ok
    21:28:53.0237 5664 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    21:28:53.0239 5664 pciide - ok
    21:28:53.0243 5664 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    21:28:53.0248 5664 pcmcia - ok
    21:28:53.0251 5664 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:28:53.0252 5664 pcw - ok
    21:28:53.0264 5664 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:28:53.0275 5664 PEAUTH - ok
    21:28:53.0303 5664 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:28:53.0307 5664 PerfHost - ok
    21:28:53.0318 5664 [ F20612DF7E12DE3A087D0F44CC545FB1 ] PersonalSecureDrive C:\Windows\System32\drivers\psd.sys
    21:28:53.0320 5664 PersonalSecureDrive - ok
    21:28:53.0325 5664 [ 0AED704097BA683113CF08E8AD37723B ] PersonalSecureDriveService C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe
    21:28:53.0326 5664 PersonalSecureDriveService - ok
    21:28:53.0344 5664 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    21:28:53.0366 5664 pla - ok
    21:28:53.0374 5664 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:28:53.0378 5664 PlugPlay - ok
    21:28:53.0382 5664 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:28:53.0385 5664 PNRPAutoReg - ok
    21:28:53.0391 5664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:28:53.0394 5664 PNRPsvc - ok
    21:28:53.0402 5664 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:28:53.0411 5664 PolicyAgent - ok
    21:28:53.0417 5664 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    21:28:53.0420 5664 Power - ok
    21:28:53.0424 5664 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:28:53.0428 5664 PptpMiniport - ok
    21:28:53.0432 5664 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    21:28:53.0435 5664 Processor - ok
    21:28:53.0440 5664 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
    21:28:53.0442 5664 ProfSvc - ok
    21:28:53.0446 5664 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:28:53.0447 5664 ProtectedStorage - ok
    21:28:53.0451 5664 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    21:28:53.0452 5664 Psched - ok
    21:28:53.0470 5664 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    21:28:53.0494 5664 ql2300 - ok
    21:28:53.0499 5664 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    21:28:53.0503 5664 ql40xx - ok
    21:28:53.0508 5664 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    21:28:53.0515 5664 QWAVE - ok
    21:28:53.0519 5664 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:28:53.0522 5664 QWAVEdrv - ok
    21:28:53.0525 5664 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:28:53.0527 5664 RasAcd - ok
    21:28:53.0531 5664 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:28:53.0534 5664 RasAgileVpn - ok
    21:28:53.0538 5664 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    21:28:53.0542 5664 RasAuto - ok
    21:28:53.0546 5664 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:28:53.0551 5664 Rasl2tp - ok
    21:28:53.0557 5664 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    21:28:53.0565 5664 RasMan - ok
    21:28:53.0569 5664 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:28:53.0572 5664 RasPppoe - ok
    21:28:53.0576 5664 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:28:53.0580 5664 RasSstp - ok
    21:28:53.0586 5664 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:28:53.0592 5664 rdbss - ok
    21:28:53.0595 5664 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    21:28:53.0598 5664 rdpbus - ok
    21:28:53.0601 5664 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:28:53.0604 5664 RDPCDD - ok
    21:28:53.0608 5664 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:28:53.0610 5664 RDPENCDD - ok
    21:28:53.0615 5664 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
  11. James G

    James G Newcomer, in training Topic Starter Posts: 48

    Second half

    21:28:53.0617 5664 RDPREFMP - ok
    21:28:53.0622 5664 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:28:53.0628 5664 RDPWD - ok
    21:28:53.0633 5664 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:28:53.0638 5664 rdyboost - ok
    21:28:53.0642 5664 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:28:53.0646 5664 RemoteAccess - ok
    21:28:53.0651 5664 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:28:53.0656 5664 RemoteRegistry - ok
    21:28:53.0661 5664 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    21:28:53.0665 5664 RFCOMM - ok
    21:28:53.0669 5664 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:28:53.0671 5664 RpcEptMapper - ok
    21:28:53.0674 5664 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    21:28:53.0677 5664 RpcLocator - ok
    21:28:53.0685 5664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    21:28:53.0689 5664 RpcSs - ok
    21:28:53.0693 5664 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:28:53.0696 5664 rspndr - ok
    21:28:53.0703 5664 [ D4A7B5BE29413AFE27DFA2054DCEF957 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
    21:28:53.0705 5664 RSUSBVSTOR - ok
    21:28:53.0714 5664 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:28:53.0720 5664 RTL8167 - ok
    21:28:53.0723 5664 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    21:28:53.0724 5664 SamSs - ok
    21:28:53.0760 5664 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    21:28:53.0778 5664 SBAMSvc - ok
    21:28:53.0784 5664 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
    21:28:53.0787 5664 sbapifs - ok
    21:28:53.0790 5664 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
    21:28:53.0793 5664 sbhips - ok
    21:28:53.0797 5664 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:28:53.0801 5664 sbp2port - ok
    21:28:53.0804 5664 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
    21:28:53.0807 5664 SBRE - ok
    21:28:53.0812 5664 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:28:53.0817 5664 SCardSvr - ok
    21:28:53.0821 5664 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:28:53.0823 5664 scfilter - ok
    21:28:53.0837 5664 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    21:28:53.0845 5664 Schedule - ok
    21:28:53.0849 5664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:28:53.0850 5664 SCPolicySvc - ok
    21:28:53.0855 5664 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:28:53.0861 5664 SDRSVC - ok
    21:28:53.0868 5664 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    21:28:53.0871 5664 SeaPort - ok
    21:28:53.0876 5664 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:28:53.0879 5664 secdrv - ok
    21:28:53.0882 5664 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    21:28:53.0884 5664 seclogon - ok
    21:28:53.0887 5664 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    21:28:53.0889 5664 SENS - ok
    21:28:53.0892 5664 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:28:53.0896 5664 SensrSvc - ok
    21:28:53.0899 5664 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    21:28:53.0901 5664 Serenum - ok
    21:28:53.0905 5664 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    21:28:53.0908 5664 Serial - ok
    21:28:53.0911 5664 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    21:28:53.0914 5664 sermouse - ok
    21:28:53.0923 5664 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:28:53.0925 5664 SessionEnv - ok
    21:28:53.0928 5664 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:28:53.0931 5664 sffdisk - ok
    21:28:53.0934 5664 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:28:53.0936 5664 sffp_mmc - ok
    21:28:53.0939 5664 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:28:53.0942 5664 sffp_sd - ok
    21:28:53.0945 5664 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    21:28:53.0947 5664 sfloppy - ok
    21:28:53.0954 5664 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:28:53.0961 5664 SharedAccess - ok
    21:28:53.0968 5664 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:28:53.0971 5664 ShellHWDetection - ok
    21:28:53.0975 5664 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    21:28:53.0978 5664 SiSRaid2 - ok
    21:28:53.0982 5664 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    21:28:53.0985 5664 SiSRaid4 - ok
    21:28:53.0989 5664 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:28:53.0993 5664 Smb - ok
    21:28:53.0999 5664 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:28:54.0001 5664 SNMPTRAP - ok
    21:28:54.0004 5664 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:28:54.0006 5664 spldr - ok
    21:28:54.0014 5664 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    21:28:54.0019 5664 Spooler - ok
    21:28:54.0060 5664 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    21:28:54.0080 5664 sppsvc - ok
    21:28:54.0084 5664 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:28:54.0088 5664 sppuinotify - ok
    21:28:54.0096 5664 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:28:54.0106 5664 srv - ok
    21:28:54.0114 5664 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:28:54.0122 5664 srv2 - ok
    21:28:54.0127 5664 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:28:54.0132 5664 srvnet - ok
    21:28:54.0137 5664 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:28:54.0140 5664 SSDPSRV - ok
    21:28:54.0144 5664 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:28:54.0146 5664 SstpSvc - ok
    21:28:54.0150 5664 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    21:28:54.0152 5664 stexstor - ok
    21:28:54.0161 5664 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    21:28:54.0173 5664 stisvc - ok
    21:28:54.0176 5664 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    21:28:54.0178 5664 swenum - ok
    21:28:54.0187 5664 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    21:28:54.0192 5664 SwitchBoard - ok
    21:28:54.0201 5664 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    21:28:54.0205 5664 swprv - ok
    21:28:54.0227 5664 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    21:28:54.0238 5664 SysMain - ok
    21:28:54.0242 5664 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:28:54.0247 5664 TabletInputService - ok
    21:28:54.0320 5664 [ 5F5AC85DE73FD25AD36BF591185EC009 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    21:28:54.0348 5664 TabletServicePen - ok
    21:28:54.0356 5664 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:28:54.0361 5664 TapiSrv - ok
    21:28:54.0364 5664 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    21:28:54.0366 5664 TBS - ok
    21:28:54.0385 5664 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:28:54.0409 5664 Tcpip - ok
    21:28:54.0428 5664 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:28:54.0436 5664 TCPIP6 - ok
    21:28:54.0441 5664 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:28:54.0443 5664 tcpipreg - ok
    21:28:54.0447 5664 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:28:54.0449 5664 TDPIPE - ok
    21:28:54.0451 5664 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:28:54.0453 5664 TDTCP - ok
    21:28:54.0457 5664 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:28:54.0460 5664 tdx - ok
    21:28:54.0463 5664 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    21:28:54.0465 5664 TermDD - ok
    21:28:54.0473 5664 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    21:28:54.0477 5664 TermService - ok
    21:28:54.0480 5664 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    21:28:54.0481 5664 Themes - ok
    21:28:54.0483 5664 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    21:28:54.0484 5664 THREADORDER - ok
    21:28:54.0490 5664 [ 7446E9D669A3B747BC4D11A82F69A5ED ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    21:28:54.0492 5664 TouchServicePen - ok
    21:28:54.0495 5664 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
    21:28:54.0498 5664 TPM - ok
    21:28:54.0501 5664 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    21:28:54.0503 5664 TrkWks - ok
    21:28:54.0506 5664 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:28:54.0508 5664 TrustedInstaller - ok
    21:28:54.0511 5664 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:28:54.0513 5664 tssecsrv - ok
    21:28:54.0516 5664 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    21:28:54.0518 5664 TsUsbFlt - ok
    21:28:54.0521 5664 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    21:28:54.0523 5664 TsUsbGD - ok
    21:28:54.0526 5664 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:28:54.0529 5664 tunnel - ok
    21:28:54.0532 5664 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    21:28:54.0534 5664 uagp35 - ok
    21:28:54.0539 5664 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:28:54.0546 5664 udfs - ok
    21:28:54.0550 5664 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:28:54.0553 5664 UI0Detect - ok
    21:28:54.0556 5664 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:28:54.0559 5664 uliagpkx - ok
    21:28:54.0561 5664 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:28:54.0564 5664 umbus - ok
    21:28:54.0566 5664 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    21:28:54.0568 5664 UmPass - ok
    21:28:54.0574 5664 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    21:28:54.0575 5664 UNS - ok
    21:28:54.0581 5664 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    21:28:54.0583 5664 upnphost - ok
    21:28:54.0587 5664 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:28:54.0590 5664 usbccgp - ok
    21:28:54.0593 5664 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:28:54.0596 5664 usbcir - ok
    21:28:54.0599 5664 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:28:54.0602 5664 usbehci - ok
    21:28:54.0607 5664 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:28:54.0613 5664 usbhub - ok
    21:28:54.0615 5664 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    21:28:54.0617 5664 usbohci - ok
    21:28:54.0620 5664 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    21:28:54.0622 5664 usbprint - ok
    21:28:54.0625 5664 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:28:54.0628 5664 USBSTOR - ok
    21:28:54.0631 5664 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    21:28:54.0633 5664 usbuhci - ok
    21:28:54.0637 5664 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    21:28:54.0641 5664 usbvideo - ok
    21:28:54.0644 5664 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    21:28:54.0645 5664 UxSms - ok
    21:28:54.0648 5664 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    21:28:54.0649 5664 VaultSvc - ok
    21:28:54.0651 5664 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    21:28:54.0653 5664 vdrvroot - ok
    21:28:54.0660 5664 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    21:28:54.0669 5664 vds - ok
    21:28:54.0672 5664 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:28:54.0674 5664 vga - ok
    21:28:54.0676 5664 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:28:54.0678 5664 VgaSave - ok
    21:28:54.0682 5664 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    21:28:54.0687 5664 vhdmp - ok
    21:28:54.0689 5664 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    21:28:54.0691 5664 viaide - ok
    21:28:54.0694 5664 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:28:54.0696 5664 volmgr - ok
    21:28:54.0702 5664 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:28:54.0708 5664 volmgrx - ok
    21:28:54.0713 5664 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:28:54.0718 5664 volsnap - ok
    21:28:54.0722 5664 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    21:28:54.0726 5664 vsmraid - ok
    21:28:54.0742 5664 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    21:28:54.0774 5664 VSS - ok
    21:28:54.0780 5664 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:28:54.0784 5664 vwifibus - ok
    21:28:54.0788 5664 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:28:54.0791 5664 vwififlt - ok
    21:28:54.0799 5664 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    21:28:54.0803 5664 W32Time - ok
    21:28:54.0809 5664 [ 43CE14E1E17DA81EA71DFE686805ED07 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    21:28:54.0812 5664 wacmoumonitor - ok
    21:28:54.0816 5664 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
    21:28:54.0819 5664 wacommousefilter - ok
    21:28:54.0823 5664 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    21:28:54.0826 5664 WacomPen - ok
    21:28:54.0830 5664 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
    21:28:54.0832 5664 wacomvhid - ok
    21:28:54.0837 5664 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:28:54.0841 5664 WANARP - ok
    21:28:54.0845 5664 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:28:54.0846 5664 Wanarpv6 - ok
    21:28:54.0866 5664 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    21:28:54.0890 5664 WatAdminSvc - ok
    21:28:54.0911 5664 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    21:28:54.0938 5664 wbengine - ok
    21:28:54.0945 5664 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:28:54.0948 5664 WbioSrvc - ok
    21:28:54.0956 5664 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:28:54.0961 5664 wcncsvc - ok
    21:28:54.0965 5664 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:28:54.0969 5664 WcsPlugInService - ok
    21:28:54.0973 5664 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    21:28:54.0975 5664 Wd - ok
    21:28:54.0986 5664 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:28:54.0996 5664 Wdf01000 - ok
    21:28:55.0001 5664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:28:55.0003 5664 WdiServiceHost - ok
    21:28:55.0005 5664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:28:55.0007 5664 WdiSystemHost - ok
    21:28:55.0013 5664 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    21:28:55.0019 5664 WebClient - ok
    21:28:55.0024 5664 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:28:55.0031 5664 Wecsvc - ok
    21:28:55.0035 5664 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:28:55.0037 5664 wercplsupport - ok
    21:28:55.0041 5664 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:28:55.0045 5664 WerSvc - ok
    21:28:55.0048 5664 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:28:55.0050 5664 WfpLwf - ok
    21:28:55.0053 5664 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:28:55.0056 5664 WIMMount - ok
    21:28:55.0058 5664 WinDefend - ok
    21:28:55.0063 5664 WinHttpAutoProxySvc - ok
    21:28:55.0074 5664 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:28:55.0075 5664 Winmgmt - ok
    21:28:55.0098 5664 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    21:28:55.0127 5664 WinRM - ok
    21:28:55.0143 5664 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:28:55.0149 5664 Wlansvc - ok
    21:28:55.0152 5664 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:28:55.0155 5664 WmiAcpi - ok
    21:28:55.0161 5664 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:28:55.0166 5664 wmiApSrv - ok
    21:28:55.0169 5664 WMPNetworkSvc - ok
    21:28:55.0173 5664 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:28:55.0177 5664 WPCSvc - ok
    21:28:55.0180 5664 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:28:55.0182 5664 WPDBusEnum - ok
    21:28:55.0185 5664 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:28:55.0188 5664 ws2ifsl - ok
    21:28:55.0192 5664 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    21:28:55.0194 5664 wscsvc - ok
    21:28:55.0196 5664 WSearch - ok
    21:28:55.0225 5664 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:28:55.0239 5664 wuauserv - ok
    21:28:55.0243 5664 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:28:55.0247 5664 WudfPf - ok
    21:28:55.0251 5664 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:28:55.0256 5664 WUDFRd - ok
    21:28:55.0261 5664 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:28:55.0263 5664 wudfsvc - ok
    21:28:55.0268 5664 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:28:55.0274 5664 WwanSvc - ok
    21:28:55.0283 5664 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    21:28:55.0291 5664 yukonw7 - ok
    21:28:55.0296 5664 ================ Scan global ===============================
    21:28:55.0298 5664 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    21:28:55.0303 5664 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:28:55.0309 5664 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:28:55.0314 5664 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    21:28:55.0321 5664 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    21:28:55.0324 5664 [Global] - ok
    21:28:55.0324 5664 ================ Scan MBR ==================================
    21:28:55.0326 5664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    21:28:55.0428 5664 \Device\Harddisk0\DR0 - ok
    21:28:55.0429 5664 ================ Scan VBR ==================================
    21:28:55.0432 5664 [ 8BA29F45985061580F2CA956B80F8AB3 ] \Device\Harddisk0\DR0\Partition1
    21:28:55.0434 5664 \Device\Harddisk0\DR0\Partition1 - ok
    21:28:55.0438 5664 [ D604E63852D1A910704C8BCF6BE22E01 ] \Device\Harddisk0\DR0\Partition2
    21:28:55.0440 5664 \Device\Harddisk0\DR0\Partition2 - ok
    21:28:55.0440 5664 ============================================================
    21:28:55.0440 5664 Scan finished
    21:28:55.0440 5664 ============================================================
    21:28:55.0452 1564 Detected object count: 0
    21:28:55.0452 1564 Actual detected object count: 0
     
  12. James G

    James G Newcomer, in training Topic Starter Posts: 48

    Rogue killer reports

    RogueKiller V8.0.3 [09/13/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : James [Admin rights]
    Mode : Scan -- Date : 09/18/2012 21:46:47

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: OCZ-AGILITY3 +++++
    --- User ---
    [MBR] a32dc4640a8c83caedb008b592508e6d
    [BSP] b0fca25fc34b0767feb236b4df13e150 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 228834 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    RK report 2

    RogueKiller V8.0.3 [09/13/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : James [Admin rights]
    Mode : Remove -- Date : 09/18/2012 21:46:57

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: OCZ-AGILITY3 +++++
    --- User ---
    [MBR] a32dc4640a8c83caedb008b592508e6d
    [BSP] b0fca25fc34b0767feb236b4df13e150 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 228834 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  13. James G

    James G Newcomer, in training Topic Starter Posts: 48

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-18 21:58:29
    -----------------------------
    21:58:29.043 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:58:29.043 Number of processors: 8 586 0x3A09
    21:58:29.044 ComputerName: JAMES-PC UserName: James
    21:58:29.318 Initialize success
    22:28:56.476 AVAST engine defs: 12091400
    22:43:40.705 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:43:40.706 Disk 0 Vendor: OCZ-AGIL 2.22 Size: 228936MB BusType: 3
    22:43:40.708 Disk 0 MBR read successfully
    22:43:40.710 Disk 0 MBR scan
    22:43:40.712 Disk 0 Windows 7 default MBR code
    22:43:40.715 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:43:40.718 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228834 MB offset 206848
    22:43:40.723 Disk 0 scanning C:\Windows\system32\drivers
    22:43:43.394 Service scanning
    22:43:49.788 Modules scanning
    22:43:49.794 Disk 0 trace - called modules:
    22:43:49.798 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    22:43:49.801 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007248790]
    22:43:49.803 3 CLASSPNP.SYS[fffff880015c343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a32050]
    22:43:50.059 AVAST engine scan C:\Windows
    22:43:50.581 AVAST engine scan C:\Windows\system32
    22:45:02.305 AVAST engine scan C:\Windows\system32\drivers
    22:45:05.656 AVAST engine scan C:\Users\James
    22:45:22.734 AVAST engine scan C:\ProgramData
    22:45:31.167 Scan finished successfully
    22:47:10.546 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
    22:47:10.555 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"
  14. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ========================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  15. James G

    James G Newcomer, in training Topic Starter Posts: 48

    ComboFix 12-09-24.02 - James 09/24/2012 20:38:51.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4066.2570 [GMT -4:00]
    Running from: c:\users\James\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\aveosti.exe.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-19 01:02 . 2012-09-19 01:02 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-09-18 01:22 . 2012-09-18 01:22 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-18 01:22 . 2012-09-18 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-18 01:22 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-17 01:11 . 2012-08-31 04:43 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-09-16 23:24 . 2012-09-16 23:56 -------- d-----w- c:\programdata\Wacom
    2012-09-16 23:24 . 2012-09-16 23:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2012-09-16 23:23 . 2012-09-16 23:39 -------- d-----w- c:\program files (x86)\Bamboo Dock
    2012-09-16 23:18 . 2010-10-26 21:42 642928 ------w- c:\windows\SysWow64\Pen_Touch_Tablet.dll
    2012-09-16 23:18 . 2010-10-26 21:42 749936 ------w- c:\windows\system32\Pen_Touch_Tablet.dll
    2012-09-16 23:18 . 2012-09-16 23:18 -------- d-----w- c:\program files (x86)\TabletPlugins
    2012-09-16 23:17 . 2010-10-11 19:19 18288 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
    2012-09-16 23:17 . 2010-10-11 19:19 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2012-09-16 23:16 . 2010-10-11 19:19 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2012-09-16 23:16 . 2010-10-26 21:42 506736 ------w- c:\windows\SysWow64\Wintab32.dll
    2012-09-16 23:16 . 2010-10-26 21:42 600432 ------w- c:\windows\system32\Wintab32.dll
    2012-09-16 23:16 . 2010-10-26 21:42 756592 ------w- c:\windows\system32\Pen_Tablet.dll
    2012-09-16 23:16 . 2010-10-26 21:42 650096 ------w- c:\windows\SysWow64\Pen_Tablet.dll
    2012-09-16 23:16 . 2012-09-16 23:18 -------- d-----w- c:\program files\Tablet
    2012-09-16 20:24 . 2012-09-16 20:24 -------- d-----w- c:\programdata\Ad-Aware Antivirus
    2012-09-16 18:48 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe
    2012-09-16 18:48 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2012-09-16 18:48 . 2011-10-26 18:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
    2012-09-16 18:48 . 2012-09-16 20:21 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
    2012-09-16 18:48 . 2012-09-16 18:48 -------- d-----w- c:\programdata\Lavasoft
    2012-09-16 18:37 . 2012-09-16 18:37 -------- d-----w- c:\programdata\GFI Software
    2012-09-16 17:50 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-09-16 17:50 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-09-16 17:50 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-09-16 17:50 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2012-09-16 17:50 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
    2012-09-16 17:50 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2012-09-16 17:42 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-09-16 17:42 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
    2012-09-16 17:42 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-09-16 17:42 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-09-16 17:42 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-09-16 17:42 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-09-16 17:36 . 2012-09-19 23:42 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2012-09-16 17:36 . 2012-09-16 17:36 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
    2012-09-16 17:36 . 2012-09-16 17:36 -------- d-----w- c:\program files (x86)\adawaretb
    2012-09-16 17:29 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2012-09-16 17:29 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2012-09-16 17:29 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2012-09-16 17:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2012-09-16 17:29 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
    2012-09-16 17:29 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2012-09-16 17:29 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
    2012-09-16 17:29 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
    2012-09-16 17:29 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
    2012-09-16 17:29 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2012-09-16 17:27 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2012-09-16 17:27 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2012-09-16 17:27 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2012-09-16 17:27 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2012-09-16 17:27 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-09-16 17:25 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
    2012-09-16 17:25 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
    2012-09-16 17:25 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
    2012-09-16 17:25 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
    2012-09-16 17:24 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2012-09-16 17:24 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2012-09-16 17:24 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2012-09-16 17:24 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2012-09-16 17:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-09-16 17:24 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-09-16 17:17 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2012-09-16 17:17 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2012-09-16 17:17 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2012-09-16 17:17 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-09-16 17:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-09-16 17:17 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-09-16 17:16 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-09-16 17:16 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2012-09-16 17:16 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2012-09-16 17:16 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-09-16 17:16 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2012-09-16 17:16 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2012-09-16 17:16 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2012-09-16 17:16 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2012-09-16 17:16 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-16 17:16 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-09-16 17:13 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-09-16 17:13 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-09-16 06:48 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-09-16 06:48 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-09-15 23:00 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2012-09-15 23:00 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2012-09-15 23:00 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2012-09-15 23:00 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2012-09-15 23:00 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2012-09-14 21:42 . 2012-09-14 21:42 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2012-09-14 21:41 . 2012-09-16 06:40 -------- d-----w- c:\program files\Adobe
    2012-09-14 21:40 . 2012-09-16 06:40 -------- d-----w- c:\program files\Common Files\Adobe
    2012-09-14 21:40 . 2012-09-16 06:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-09-14 15:49 . 2012-09-14 15:49 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-14 15:49 . 2012-09-14 15:49 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-14 15:49 . 2012-09-16 06:40 -------- d-----w- c:\windows\SysWow64\Macromed
    2012-09-14 15:49 . 2012-09-16 06:40 -------- d-----w- c:\windows\system32\Macromed
    2012-09-14 14:32 . 2012-09-16 06:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-09-14 14:24 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-09-14 14:24 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-09-14 14:24 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-09-14 14:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-09-14 14:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-09-14 14:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-09-14 14:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-09-14 14:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-09-14 14:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-09-14 14:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-09-14 14:22 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-09-14 14:22 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-09-14 14:22 . 2012-09-16 23:19 -------- d-----w- c:\users\James
    2012-09-14 14:22 . 2012-09-14 14:22 -------- d-----w- C:\Recovery
    2012-09-06 21:57 . 2012-09-06 21:57 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2012-09-06 21:53 . 2012-09-06 21:53 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
    2012-09-06 21:50 . 2011-08-23 14:57 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2012-09-06 21:50 . 2011-08-23 14:57 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2012-09-06 21:50 . 2011-08-23 14:57 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2012-09-06 21:48 . 2012-01-08 18:44 11416576 ----a-w- c:\windows\system32\drivers\NETwNs64.sys
    2012-09-06 21:48 . 2011-11-16 09:20 3374592 ----a-w- c:\windows\system32\NETwNr64.dll
    2012-09-06 21:46 . 2011-09-19 14:58 18944 ----a-w- c:\windows\system32\SzCcid.dll
    2012-09-06 21:46 . 2012-09-06 21:46 -------- d-----w- c:\program files (x86)\AlcorMicro
    2012-09-06 21:46 . 2012-09-06 21:46 -------- d-----w- c:\programdata\SZCCID
    2012-09-06 21:45 . 2012-09-06 21:45 62776 ----a-w- c:\windows\system32\drivers\mwlPSDVDisk.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2012-04-11 20:08 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
    "IFXSPMGT"="c:\program files (x86)\Infineon\Security Platform Software\ifxspmgt.exe" [2009-08-04 1107232]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-06-22 418672]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-06-22 202608]
    "VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2011-10-26 384048]
    "WSED"="c:\program files (x86)\WSED\WSED.exe" [2010-12-02 320880]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-09-16 646232]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-25 2458944]
    R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-20 1304912]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 18288]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-01 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-09-06 22648]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-09-06 20520]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-09-06 62776]
    S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-07-19 44576]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-20 1014096]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-20 1104208]
    S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [2011-10-26 704048]
    S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-10-26 646704]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]
    S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2011-08-30 1050016]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-12-13 94720]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-12-13 747008]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-03-11 240432]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-14 60416]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2012-01-08 11416576]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-12-22 187712]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2012-03-19 314472]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-25 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    2012-09-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-12 13353064]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "combofix"="c:\combofix\CF18668.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\my2whn7b.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\James\AppData\Local\Akamai\netsession_win.exe
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-Bamboo Dock - c:\program files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
    Wow6432Node-HKLM-Run-AveoKeySti - c:\program files (x86)\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\Infineon\Security Platform Software\ifxtcs.exe
    c:\program files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-24 20:42:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-25 00:42
    .
    Pre-Run: 201,704,796,160 bytes free
    Post-Run: 201,357,586,432 bytes free
    .
    - - End Of File - - 8CAD4302B2C3E8BA1B6BD3619B081F50
  16. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Looks good.

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. James G

    James G Newcomer, in training Topic Starter Posts: 48

    OTL logfile created on: 9/25/2012 8:04:01 PM - Run 1
    OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\James\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.97 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.45% Memory free
    7.94 Gb Paging File | 6.46 Gb Available in Paging File | 81.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 223.47 Gb Total Space | 187.38 Gb Free Space | 83.85% Space Free | Partition Type: NTFS
    Drive D: | 485.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/25 19:56:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
    PRC - [2012/09/16 19:26:45 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2012/07/12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
    PRC - [2012/02/28 20:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/02/28 20:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/02/25 11:27:00 | 002,458,944 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/02/21 15:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2012/02/21 15:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/02/01 19:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2012/02/01 19:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2012/01/26 14:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2011/12/19 22:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2011/12/19 22:16:48 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2011/12/19 22:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2011/12/19 22:16:42 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    PRC - [2011/10/26 18:55:30 | 000,704,048 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    PRC - [2011/10/26 18:54:30 | 000,646,704 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    PRC - [2011/10/26 18:54:20 | 000,384,048 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2011/06/22 19:37:48 | 000,418,672 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    PRC - [2011/06/22 19:37:32 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    PRC - [2010/12/02 13:45:58 | 000,320,880 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\WSED\WSED.exe
    PRC - [2009/08/04 03:32:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Infineon\Security Platform Software\IFXSPMGT.exe
    PRC - [2009/07/19 10:21:42 | 000,296,224 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe
    PRC - [2009/07/19 10:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe
    PRC - [2009/07/19 10:13:40 | 001,193,248 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Infineon\Security Platform Software\SpTNA.exe
    PRC - [2009/07/19 09:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Infineon\Security Platform Software\IFXTCS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/16 22:48:30 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ab16b2721684612a1c9053401797082\IAStorUtil.ni.dll
    MOD - [2012/09/16 22:48:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0ac5296285b1a74de78ded1c844cfb60\IAStorCommon.ni.dll
    MOD - [2012/09/16 21:07:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/09/16 21:07:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/09/16 21:06:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/09/16 21:06:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/09/16 21:06:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/09/16 21:06:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/09/16 21:06:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/09/16 21:06:39 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/09/16 19:26:45 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    MOD - [2010/04/07 17:19:12 | 000,577,536 | ---- | M] () -- C:\Windows\SysWOW64\EMSC.DLL


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/02/03 01:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2010/10/26 17:42:16 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
    SRV:64bit: - [2010/10/26 17:42:16 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2012/02/28 20:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/02/28 20:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/02/25 11:27:00 | 002,458,944 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/21 15:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2012/02/21 15:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012/02/01 19:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/12/19 22:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2011/12/19 22:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2011/12/19 22:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2011/10/26 18:55:30 | 000,704,048 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
    SRV - [2011/10/26 18:54:30 | 000,646,704 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/08/04 03:32:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Infineon\Security Platform Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
    SRV - [2009/07/19 10:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
    SRV - [2009/07/19 09:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Infineon\Security Platform Software\IFXTCS.exe -- (IFXTCS)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/06 17:45:19 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2012/09/06 17:45:19 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2012/09/06 17:45:19 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2012/03/19 05:43:42 | 000,314,472 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2012/03/11 10:46:46 | 000,240,432 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/01 19:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2012/01/26 14:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/01/26 14:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/01/26 14:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2012/01/08 14:44:44 | 011,416,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/12/22 09:04:38 | 000,187,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
    DRV:64bit: - [2011/12/14 17:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
    DRV:64bit: - [2011/12/13 14:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2011/12/13 14:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
    DRV:64bit: - [2011/08/30 06:09:02 | 001,050,016 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV:64bit: - [2011/08/23 10:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/10/11 15:19:36 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2010/10/11 15:19:28 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2010/10/11 15:19:26 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2009/07/19 10:17:48 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/06/26 18:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/06/26 18:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3655210223-2097323190-3110598458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
    IE - HKU\S-1-5-21-3655210223-2097323190-3110598458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKU\S-1-5-21-3655210223-2097323190-3110598458-1000\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE - HKU\S-1-5-21-3655210223-2097323190-3110598458-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3655210223-2097323190-3110598458-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKU\S-1-5-21-3655210223-2097323190-3110598458-1002\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE - HKU\S-1-5-21-3655210223-2097323190-3110598458-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3655210223-2097323190-3110598458-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012/09/06 17:45:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}: C:\Program Files (x86)\EgisTec BioExcess\FFExt20 [2012/09/06 17:45:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/16 13:36:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/09/14 10:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
    [2012/09/24 20:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\my2whn7b.default\extensions
    [2012/09/16 13:36:03 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\my2whn7b.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    [2012/09/16 13:36:04 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\my2whn7b.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2012/09/16 20:33:34 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\my2whn7b.default\extensions\tineye@ideeinc.com.xpi
    [2012/09/14 10:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/09/24 20:41:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (EgisPBIE Sign-in Helper) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
    O2 - BHO: (EgisPBIE Sign-in Helper) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
    O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe (Infineon Technologies AG)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
    O4 - HKLM..\Run: [WSED] C:\Program Files (x86)\WSED\WSED.exe (TODO: <Company name>)
    O4 - HKU\S-1-5-21-3655210223-2097323190-3110598458-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3655210223-2097323190-3110598458-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3655210223-2097323190-3110598458-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3655210223-2097323190-3110598458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3655210223-2097323190-3110598458-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3655210223-2097323190-3110598458-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8B6929E-F570-4FB6-BA4B-9EB1F8805F8D}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C96D66C6-6118-4052-BFAF-FB25306E8570}:
  18. James G

    James G Newcomer, in training Topic Starter Posts: 48

    ... Same document continued

    DhcpNameServer = 10.0.0.2
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/10/11 15:17:00 | 000,000,055 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/25 19:56:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
    [2012/09/24 20:42:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/24 20:41:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/09/24 20:38:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/24 20:38:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/24 20:38:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/24 20:38:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/24 20:37:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/24 20:17:44 | 004,759,205 | R--- | C] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe
    [2012/09/18 21:51:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\James\Desktop\aswMBR.exe
    [2012/09/18 21:45:19 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\RK_Quarantine
    [2012/09/18 21:28:36 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\tdsskiller
    [2012/09/18 21:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2012/09/17 21:42:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\James\Desktop\dds.com
    [2012/09/17 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Malwarebytes
    [2012/09/17 21:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/17 21:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/17 21:22:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/17 21:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/17 21:16:43 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\James\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/09/16 20:31:29 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Adobe
    [2012/09/16 19:24:18 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    [2012/09/16 19:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
    [2012/09/16 19:24:16 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Wacom
    [2012/09/16 19:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
    [2012/09/16 19:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2012/09/16 19:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
    [2012/09/16 19:18:14 | 000,642,928 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
    [2012/09/16 19:18:14 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\WTablet
    [2012/09/16 19:18:12 | 000,749,936 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll
    [2012/09/16 19:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
    [2012/09/16 19:18:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
    [2012/09/16 19:17:04 | 000,018,288 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys
    [2012/09/16 19:17:02 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
    [2012/09/16 19:16:58 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
    [2012/09/16 19:16:55 | 000,506,736 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
    [2012/09/16 19:16:54 | 000,600,432 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
    [2012/09/16 19:16:53 | 000,756,592 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
    [2012/09/16 19:16:53 | 000,650,096 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
    [2012/09/16 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
    [2012/09/16 16:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
    [2012/09/16 14:48:46 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\adaware
    [2012/09/16 14:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
    [2012/09/16 14:48:39 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
    [2012/09/16 14:48:39 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
    [2012/09/16 14:48:39 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
    [2012/09/16 14:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2012/09/16 14:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
    [2012/09/16 14:43:44 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Ad-Aware Antivirus
    [2012/09/16 14:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
    [2012/09/16 13:55:27 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Downloaded Installations
    [2012/09/16 13:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2012/09/16 13:36:04 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\adawarebp
    [2012/09/16 13:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2012/09/16 13:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
    [2012/09/16 03:06:31 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Security Platform
    [2012/09/16 01:27:45 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Diagnostics
    [2012/09/14 18:57:50 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Artbase
    [2012/09/14 18:56:11 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\reading
    [2012/09/14 18:44:52 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Business plans
    [2012/09/14 18:40:13 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\House projects
    [2012/09/14 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\hobby
    [2012/09/14 17:42:29 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\NVIDIA
    [2012/09/14 17:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2012/09/14 17:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2012/09/14 17:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012/09/14 17:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2012/09/14 17:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2012/09/14 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Adobe
    [2012/09/14 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Adobe CS6
    [2012/09/14 16:39:43 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\PS Number
    [2012/09/14 11:50:07 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Macromedia
    [2012/09/14 11:50:07 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Macromedia
    [2012/09/14 11:50:07 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Adobe
    [2012/09/14 11:49:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2012/09/14 11:49:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/09/14 11:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2012/09/14 10:32:44 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\EgisTec
    [2012/09/14 10:32:11 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Mozilla
    [2012/09/14 10:32:11 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Mozilla
    [2012/09/14 10:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/09/14 10:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/09/14 10:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/09/14 10:23:32 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Intel Corporation
    [2012/09/14 10:22:31 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Infineon
    [2012/09/14 10:22:31 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\EgisTec IPS
    [2012/09/14 10:22:28 | 000,000,000 | R--D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2012/09/14 10:22:28 | 000,000,000 | R--D | C] -- C:\Users\James\Searches
    [2012/09/14 10:22:28 | 000,000,000 | R--D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2012/09/14 10:22:28 | 000,000,000 | -H-D | C] -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2012/09/14 10:22:23 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Identities
    [2012/09/14 10:22:22 | 000,000,000 | R--D | C] -- C:\Users\James\Contacts
    [2012/09/14 10:22:22 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\VirtualStore
    [2012/09/14 10:22:21 | 000,000,000 | --SD | C] -- C:\Users\James\AppData\Roaming\Microsoft
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\Videos
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\Saved Games
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\Pictures
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\Music
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\Links
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\Favorites
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\Downloads
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\Documents
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\Desktop
    [2012/09/14 10:22:21 | 000,000,000 | R--D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\AppData\Local\Temporary Internet Files
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\Templates
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\Start Menu
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\SendTo
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\Recent
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\PrintHood
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\NetHood
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\Documents\My Videos
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\Documents\My Pictures
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\Documents\My Music
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\My Documents
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\Local Settings
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\AppData\Local\History
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\Cookies
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\Application Data
    [2012/09/14 10:22:21 | 000,000,000 | -HSD | C] -- C:\Users\James\AppData\Local\Application Data
    [2012/09/14 10:22:21 | 000,000,000 | -H-D | C] -- C:\Users\James\AppData
    [2012/09/14 10:22:21 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Temp
    [2012/09/14 10:22:21 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Microsoft
    [2012/09/14 10:22:21 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Media Center Programs
    [2012/09/14 10:22:14 | 000,000,000 | ---D | C] -- C:\Recovery
    [2012/09/06 17:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2012/09/06 17:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
    [2012/09/06 17:50:04 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012/09/06 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\XP32
    [2012/09/06 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Win764
    [2012/09/06 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Win732
    [2012/09/06 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista64
    [2012/09/06 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista32
    [2012/09/06 17:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSED
    [2012/09/06 17:46:18 | 000,018,944 | ---- | C] (Generic) -- C:\Windows\SysNative\SzCcid.dll
    [2012/09/06 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AlcorMicroData
    [2012/09/06 17:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SZCCID
    [2012/09/06 17:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AlcorMicro
    [2012/09/06 17:45:19 | 000,062,776 | ---- | C] (Egis Technology Inc.) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys
    [2012/09/06 17:45:19 | 000,022,648 | ---- | C] (Egis Technology Inc.) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys
    [2012/09/06 17:45:19 | 000,020,520 | ---- | C] (Egis Technology Inc.) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys
    [2012/09/06 17:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec
    [2012/09/06 17:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
    [2012/09/06 17:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec IPS
    [2012/09/06 17:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec IPS
    [2012/09/06 17:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EgisTec
    [2012/09/06 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\EgisTec IPS
    [2012/09/06 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec BioExcess
    [2012/09/06 17:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Fingerprint Sensor
    [2012/09/06 17:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Infineon
    [2012/09/06 17:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infineon Security Platform Solution
    [2012/09/06 17:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infineon
    [2012/09/06 17:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
    [2012/09/06 17:32:27 | 000,240,432 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\drivers\ETD.sys
    [2012/09/06 17:27:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda
    [2012/09/06 17:27:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
    [2012/09/06 17:27:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2012/09/06 17:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2012/09/06 17:27:17 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2012/09/06 17:27:17 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2012/09/06 17:27:17 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2012/09/06 17:27:17 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2012/09/06 17:27:17 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2012/09/06 17:27:17 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2012/09/06 17:27:07 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2012/09/06 17:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2012/09/06 17:26:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2012/09/06 17:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2012/09/06 17:25:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    [2012/09/06 17:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
    [2012/09/06 17:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2012/09/06 17:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
    [2012/09/06 17:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2012/09/06 17:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012/09/06 17:16:28 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2012/09/06 17:16:28 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2012/09/06 17:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012/09/06 17:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2012/09/06 17:14:33 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012/09/06 17:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
    [2012/09/06 17:13:35 | 000,000,000 | ---D | C] -- C:\Intel
    [2012/09/06 17:13:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2012/09/06 17:12:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/09/06 17:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVEO
    [2012/09/06 17:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVEO
    [2012/09/06 17:10:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information

    ========== Files - Modified Within 30 Days ==========

    [2012/09/25 19:59:01 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 19:59:01 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 19:57:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/25 19:57:26 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/25 19:57:26 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/25 19:56:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
    [2012/09/25 19:51:56 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    [2012/09/25 19:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/25 19:51:48 | 3197,915,136 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/24 20:41:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/24 20:37:21 | 004,759,205 | R--- | M] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe
    [2012/09/18 22:47:10 | 000,000,512 | ---- | M] () -- C:\Users\James\Desktop\MBR.dat
    [2012/09/18 21:57:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\James\Desktop\aswMBR.exe
    [2012/09/18 21:43:07 | 001,378,816 | ---- | M] () -- C:\Users\James\Desktop\RogueKiller.exe
    [2012/09/18 21:26:36 | 002,193,278 | ---- | M] () -- C:\Users\James\Desktop\tdsskiller.zip
    [2012/09/17 21:42:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\James\Desktop\dds.com
    [2012/09/17 21:34:27 | 000,302,592 | ---- | M] () -- C:\Users\James\Desktop\28emdyc6.exe
    [2012/09/17 21:22:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/17 21:19:56 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\James\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/09/16 21:06:23 | 004,891,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/16 19:24:05 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
    [2012/09/16 17:57:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    [2012/09/14 13:18:59 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2012/09/14 13:18:59 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2012/09/14 10:32:08 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/14 10:27:50 | 000,001,441 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/06 17:45:19 | 000,062,776 | ---- | M] (Egis Technology Inc.) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys
    [2012/09/06 17:45:19 | 000,022,648 | ---- | M] (Egis Technology Inc.) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys
    [2012/09/06 17:45:19 | 000,020,520 | ---- | M] (Egis Technology Inc.) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys
    [2012/09/06 17:44:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
    [2012/09/06 17:38:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    [2012/09/06 17:36:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
    [2012/09/06 17:36:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf

    ========== Files Created - No Company Name ==========

    [2012/09/24 20:38:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/24 20:38:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/24 20:38:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/24 20:38:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/24 20:38:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/18 22:47:10 | 000,000,512 | ---- | C] () -- C:\Users\James\Desktop\MBR.dat
    [2012/09/18 21:42:30 | 001,378,816 | ---- | C] () -- C:\Users\James\Desktop\RogueKiller.exe
    [2012/09/18 21:23:46 | 002,193,278 | ---- | C] () -- C:\Users\James\Desktop\tdsskiller.zip
    [2012/09/17 21:34:15 | 000,302,592 | ---- | C] () -- C:\Users\James\Desktop\28emdyc6.exe
    [2012/09/17 21:22:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/16 19:24:05 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
    [2012/09/16 19:16:42 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTouchTabletUserDefaults.xml
    [2012/09/16 19:16:42 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTabletUserDefaults.xml
    [2012/09/14 19:17:08 | 000,014,582 | ---- | C] () -- C:\Users\James\Documents\skills log.odt
    [2012/09/14 19:13:15 | 000,000,091 | ---- | C] () -- C:\Users\James\Documents\Steven Wright Untitled Talk Show - YouTube.URL
    [2012/09/14 19:13:15 | 000,000,084 | ---- | C] () -- C:\Users\James\Documents\Steven Wright @ Peekskill Paramount Theater - YouTube.URL
    [2012/09/14 17:42:05 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
    [2012/09/14 17:41:57 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
    [2012/09/14 17:41:48 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
    [2012/09/14 17:41:44 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
    [2012/09/14 17:41:23 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
    [2012/09/14 17:41:22 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
    [2012/09/14 10:32:08 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/14 10:32:08 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/14 10:27:50 | 000,001,441 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/09/14 10:22:30 | 000,001,413 | ---- | C] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2012/09/14 10:22:29 | 000,001,447 | ---- | C] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2012/09/14 10:22:21 | 000,000,290 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2012/09/14 10:22:21 | 000,000,272 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2012/09/06 17:50:04 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
    [2012/09/06 17:44:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
    [2012/09/06 17:38:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    [2012/09/06 17:36:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
    [2012/09/06 17:36:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
    [2012/09/06 17:27:17 | 000,181,324 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
    [2012/09/06 17:25:21 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    [2012/09/06 17:25:20 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    [2012/09/06 17:25:15 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
    [2012/09/06 17:16:24 | 000,012,792 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
    [2012/09/06 17:12:28 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\MFC_InstDrvDLL.dll
    [2012/09/06 17:10:19 | 3197,915,136 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/03 01:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
    [2011/03/01 18:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== LOP Check ==========

    [2012/09/17 21:44:41 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Ad-Aware Antivirus
    [2012/09/14 10:22:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Infineon
    [2012/09/16 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Wacom
    [2012/09/16 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    [2012/09/06 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Infineon

    ========== Purity Check ==========



    < End of report >
  19. James G

    James G Newcomer, in training Topic Starter Posts: 48

    OTL Extras logfile created on: 9/25/2012 8:04:01 PM - Run 1
    OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\James\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.97 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.45% Memory free
    7.94 Gb Paging File | 6.46 Gb Available in Paging File | 81.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 223.47 Gb Total Space | 187.38 Gb Free Space | 83.85% Space Free | Partition Type: NTFS
    Drive D: | 485.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3655210223-2097323190-3110598458-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1EE3C45C-DC83-4B66-9FBD-6E07B1C2D57C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{410DDF18-A059-4A1D-9045-537BEA5A3487}" = lport=445 | protocol=6 | dir=in | app=system |
    "{4C6EF9EB-25DC-48C9-B6AF-166FB855B53A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{58DC89E4-4FDF-4551-9D0B-1B8A23FAD045}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5CCC5E0C-F550-422D-B105-6DE4733B7E22}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{69C4CDBE-32EB-44C1-85E2-B43058D7526F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{801A8C35-7A63-40DE-A33A-73F17DEFDD65}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8467CB51-BA11-42D1-99F6-BA66B7654A2B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{85923372-5227-47DA-AB8F-5D1BB4651078}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{87D8B4EE-E9CB-4C0E-8633-64179C8FF960}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{98F295D8-993C-40BC-A6D6-F3B981C241E6}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{A0A04445-3C0F-40D5-8A96-CE94E84269A2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B0CC8793-1018-485F-97C7-630CB4FA3698}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C018B2E3-F405-4635-A523-47DFF2A78452}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C7090E61-3EA9-4096-BB62-7272C85366B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C74F543A-00C8-4574-8B56-C2ACC7C80426}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C7A7B5AF-8347-4F57-880D-CB4843D9934A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{C905EBC5-238C-4C40-899F-B11E239192EE}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C9AFA01E-18DB-40E2-BDD4-5E7FECBC0E6C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D63C70B1-FBAF-463C-B3AB-F0C72C8E86E1}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D780D2D3-2C6E-4A4B-808C-291839ED713A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{E8D1FAF4-C352-48FB-BA83-D569D221292A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F32B0690-CE13-4D8A-ADAD-ECF4C26872D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0138AF50-4813-4C53-947E-BD9803F1BB40}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
    "{07D98932-C386-4244-B1EB-809C945E0DBB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{166E59F6-D20E-4B3C-BFA7-4BC42AE1027C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1983FD49-8BF1-4FAA-A2A8-1F54FD1E1007}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{20C2D00A-2C6D-47F0-B9AC-427B98BD9D43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{29A6809E-3E1E-4284-BD16-A3D815897556}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{2D479781-BBA7-4691-BB94-76EB83A61D58}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{4BA14F27-83C3-48EF-A5AF-087A170E7650}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4E881F16-CE8B-4E76-ADB4-4B40E3F8F305}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{569A517E-CEA0-4608-8271-FAB1DEA718F8}" = protocol=6 | dir=out | app=system |
    "{5BA3178E-0813-401E-8C07-B940E4A4A991}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5DC50C96-2FF1-41D5-80DF-7C74F783E63A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{654883B1-BD56-44E5-9109-88FA252B4A3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{95BF6648-53F1-4136-B7C9-FE628EAF84C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9A29345E-FEF5-427F-8BF0-E65C22DBDC50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{C94B7BBA-7528-4065-A327-32837718CFBA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{CA11BF3D-245B-40FA-BE7E-E9F0C38FBA8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CBE0EB21-86C8-4881-BBCD-8E6517D2F9EA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{DFBAD49D-695B-40F0-8435-DA5319BF9C21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E83F8318-CA2E-47D5-83DD-060E709A9BFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EA82B240-B52A-425B-AAD6-E8A5020510D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F4E4FC2C-6F25-48CE-8CD0-315C910C7D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
    "{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "TCP Query User{3F8A5E0F-1741-4BE5-973E-45C22286DA90}C:\users\james\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\james\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{CE10CC1F-2B7D-4A77-8914-E7FF31EFF459}C:\users\james\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\james\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4BDCF60D-EAAB-4595-B571-283F529F6AFA}" = AuthenTec WinBio FingerPrint Software
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B4E579F-14EB-4CC0-B74F-42B196A013C8}" = Infineon TPM Professional Package
    "{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.01
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.01
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.11.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Elantech" = ETDWare PS/2-X64 10.10.2.5_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Pen Tablet Driver" = Bamboo

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0F4B91C5-4524-02A6-1D9B-5AE52CE2E0F4}" = Bamboo Dock
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
    "{2ED24418-A58C-45C5-B93E-A9EF60B85D89}" = WSED
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{596DEDA5-FE48-4078-96E0-E449DF5D08B2}" = BioExcess
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F24F876B-7D71-4BD6-88E9-614D3BB84221}" = Alcor Micro Smart Card Reader Driver
    "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "adawaretb" = Ad-Aware Security Toolbar
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Bamboo Dock" = Bamboo Dock 3.3
    "InstallShield_{2ED24418-A58C-45C5-B93E-A9EF60B85D89}" = Wireless enable/disable
    "InstallShield_{596DEDA5-FE48-4078-96E0-E449DF5D08B2}" = BioExcess
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Pen Tablet Driver" = Bamboo
    "SZCCID" = Alcor Micro Smart Card Reader Driver
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: jhi_service.exe, version: 8.0.3.1427, time
    stamp: 0x4f43fc4b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x736a6c9c Faulting process id: 0x75c Faulting application
    start time: 0x01cd947090fc4489 Faulting application path: C:\Program Files (x86)\Intel\Intel(R)
    Management Engine Components\DAL\jhi_service.exe Faulting module path: unknown Report
    Id: d4ace9bb-0063-11e2-b0d2-685d4366ed14

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IfxPsdSv.exe, version: 3.60.2071.0, time
    stamp: 0x4a637f7e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x736a6c9c Faulting process id: 0x820 Faulting application
    start time: 0x01cd947090fea5ea Faulting application path: C:\Program Files (x86)\Infineon\Security
    Platform Software\IfxPsdSv.exe Faulting module path: unknown Report Id: d4bb31fc-0063-11e2-b0d2-685d4366ed14

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: SeaPort.exe, version: 1.2.123.0, time stamp:
    0x496e9780 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x736a6c9c Faulting process id: 0x848 Faulting application
    start time: 0x01cd94709101074a Faulting application path: C:\Program Files (x86)\Microsoft\Search
    Enhancement Pack\SeaPort\SeaPort.exe Faulting module path: unknown Report Id: d4ce3cff-0063-11e2-b0d2-685d4366ed14

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: obexsrv.exe, version: 2.0.0.128, time stamp:
    0x4ed5d3d0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x736a6c9c Faulting process id: 0x89c Faulting application
    start time: 0x01cd947091082b6b Faulting application path: C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    Faulting
    module path: unknown Report Id: d4dee6a1-0063-11e2-b0d2-685d4366ed14

    Error - 9/16/2012 9:08:09 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/16/2012 9:16:19 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/16/2012 9:29:17 PM | Computer Name = James-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "C:\Program Files (x86)\Windows
    Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
    Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 9/16/2012 10:08:58 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/16/2012 10:20:36 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/16/2012 10:25:53 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 9/16/2012 9:05:54 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The EgisTec Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 9/16/2012 9:05:54 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Ad-Aware Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Security Platform Management Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Trusted Platform Core Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) ME Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) Dynamic Application Loader Host Interface Service service
    terminated unexpectedly. It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Personal Secure Drive Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Bluetooth OBEX Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 9/16/2012 9:06:24 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Modules Installer service terminated with the following
    error: %%16405


    < End of report >
  20. James G

    James G Newcomer, in training Topic Starter Posts: 48

    OTL Extras logfile created on: 9/25/2012 8:04:01 PM - Run 1
    OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\James\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.97 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.45% Memory free
    7.94 Gb Paging File | 6.46 Gb Available in Paging File | 81.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 223.47 Gb Total Space | 187.38 Gb Free Space | 83.85% Space Free | Partition Type: NTFS
    Drive D: | 485.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3655210223-2097323190-3110598458-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1EE3C45C-DC83-4B66-9FBD-6E07B1C2D57C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{410DDF18-A059-4A1D-9045-537BEA5A3487}" = lport=445 | protocol=6 | dir=in | app=system |
    "{4C6EF9EB-25DC-48C9-B6AF-166FB855B53A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{58DC89E4-4FDF-4551-9D0B-1B8A23FAD045}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5CCC5E0C-F550-422D-B105-6DE4733B7E22}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{69C4CDBE-32EB-44C1-85E2-B43058D7526F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{801A8C35-7A63-40DE-A33A-73F17DEFDD65}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8467CB51-BA11-42D1-99F6-BA66B7654A2B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{85923372-5227-47DA-AB8F-5D1BB4651078}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{87D8B4EE-E9CB-4C0E-8633-64179C8FF960}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{98F295D8-993C-40BC-A6D6-F3B981C241E6}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{A0A04445-3C0F-40D5-8A96-CE94E84269A2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B0CC8793-1018-485F-97C7-630CB4FA3698}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C018B2E3-F405-4635-A523-47DFF2A78452}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C7090E61-3EA9-4096-BB62-7272C85366B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C74F543A-00C8-4574-8B56-C2ACC7C80426}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C7A7B5AF-8347-4F57-880D-CB4843D9934A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{C905EBC5-238C-4C40-899F-B11E239192EE}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C9AFA01E-18DB-40E2-BDD4-5E7FECBC0E6C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D63C70B1-FBAF-463C-B3AB-F0C72C8E86E1}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D780D2D3-2C6E-4A4B-808C-291839ED713A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{E8D1FAF4-C352-48FB-BA83-D569D221292A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F32B0690-CE13-4D8A-ADAD-ECF4C26872D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0138AF50-4813-4C53-947E-BD9803F1BB40}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
    "{07D98932-C386-4244-B1EB-809C945E0DBB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{166E59F6-D20E-4B3C-BFA7-4BC42AE1027C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1983FD49-8BF1-4FAA-A2A8-1F54FD1E1007}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{20C2D00A-2C6D-47F0-B9AC-427B98BD9D43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{29A6809E-3E1E-4284-BD16-A3D815897556}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{2D479781-BBA7-4691-BB94-76EB83A61D58}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{4BA14F27-83C3-48EF-A5AF-087A170E7650}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4E881F16-CE8B-4E76-ADB4-4B40E3F8F305}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{569A517E-CEA0-4608-8271-FAB1DEA718F8}" = protocol=6 | dir=out | app=system |
    "{5BA3178E-0813-401E-8C07-B940E4A4A991}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5DC50C96-2FF1-41D5-80DF-7C74F783E63A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{654883B1-BD56-44E5-9109-88FA252B4A3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{95BF6648-53F1-4136-B7C9-FE628EAF84C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9A29345E-FEF5-427F-8BF0-E65C22DBDC50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{C94B7BBA-7528-4065-A327-32837718CFBA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{CA11BF3D-245B-40FA-BE7E-E9F0C38FBA8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CBE0EB21-86C8-4881-BBCD-8E6517D2F9EA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{DFBAD49D-695B-40F0-8435-DA5319BF9C21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E83F8318-CA2E-47D5-83DD-060E709A9BFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EA82B240-B52A-425B-AAD6-E8A5020510D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F4E4FC2C-6F25-48CE-8CD0-315C910C7D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
    "{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "TCP Query User{3F8A5E0F-1741-4BE5-973E-45C22286DA90}C:\users\james\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\james\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{CE10CC1F-2B7D-4A77-8914-E7FF31EFF459}C:\users\james\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\james\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4BDCF60D-EAAB-4595-B571-283F529F6AFA}" = AuthenTec WinBio FingerPrint Software
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B4E579F-14EB-4CC0-B74F-42B196A013C8}" = Infineon TPM Professional Package
    "{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.01
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.01
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.11.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Elantech" = ETDWare PS/2-X64 10.10.2.5_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Pen Tablet Driver" = Bamboo

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0F4B91C5-4524-02A6-1D9B-5AE52CE2E0F4}" = Bamboo Dock
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
    "{2ED24418-A58C-45C5-B93E-A9EF60B85D89}" = WSED
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{596DEDA5-FE48-4078-96E0-E449DF5D08B2}" = BioExcess
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F24F876B-7D71-4BD6-88E9-614D3BB84221}" = Alcor Micro Smart Card Reader Driver
    "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "adawaretb" = Ad-Aware Security Toolbar
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Bamboo Dock" = Bamboo Dock 3.3
    "InstallShield_{2ED24418-A58C-45C5-B93E-A9EF60B85D89}" = Wireless enable/disable
    "InstallShield_{596DEDA5-FE48-4078-96E0-E449DF5D08B2}" = BioExcess
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Pen Tablet Driver" = Bamboo
    "SZCCID" = Alcor Micro Smart Card Reader Driver
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: jhi_service.exe, version: 8.0.3.1427, time
    stamp: 0x4f43fc4b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x736a6c9c Faulting process id: 0x75c Faulting application
    start time: 0x01cd947090fc4489 Faulting application path: C:\Program Files (x86)\Intel\Intel(R)
    Management Engine Components\DAL\jhi_service.exe Faulting module path: unknown Report
    Id: d4ace9bb-0063-11e2-b0d2-685d4366ed14

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IfxPsdSv.exe, version: 3.60.2071.0, time
    stamp: 0x4a637f7e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x736a6c9c Faulting process id: 0x820 Faulting application
    start time: 0x01cd947090fea5ea Faulting application path: C:\Program Files (x86)\Infineon\Security
    Platform Software\IfxPsdSv.exe Faulting module path: unknown Report Id: d4bb31fc-0063-11e2-b0d2-685d4366ed14

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: SeaPort.exe, version: 1.2.123.0, time stamp:
    0x496e9780 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x736a6c9c Faulting process id: 0x848 Faulting application
    start time: 0x01cd94709101074a Faulting application path: C:\Program Files (x86)\Microsoft\Search
    Enhancement Pack\SeaPort\SeaPort.exe Faulting module path: unknown Report Id: d4ce3cff-0063-11e2-b0d2-685d4366ed14

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: obexsrv.exe, version: 2.0.0.128, time stamp:
    0x4ed5d3d0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x736a6c9c Faulting process id: 0x89c Faulting application
    start time: 0x01cd947091082b6b Faulting application path: C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    Faulting
    module path: unknown Report Id: d4dee6a1-0063-11e2-b0d2-685d4366ed14

    Error - 9/16/2012 9:08:09 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/16/2012 9:16:19 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/16/2012 9:29:17 PM | Computer Name = James-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "C:\Program Files (x86)\Windows
    Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
    Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 9/16/2012 10:08:58 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/16/2012 10:20:36 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/16/2012 10:25:53 PM | Computer Name = James-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 9/16/2012 9:05:54 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The EgisTec Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 9/16/2012 9:05:54 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Ad-Aware Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Security Platform Management Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Trusted Platform Core Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) ME Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) Dynamic Application Loader Host Interface Service service
    terminated unexpectedly. It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Personal Secure Drive Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

    Error - 9/16/2012 9:05:55 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
    Description = The Bluetooth OBEX Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 9/16/2012 9:06:24 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Modules Installer service terminated with the following
    error: %%16405


    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-3655210223-2097323190-3110598458-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKU\S-1-5-21-3655210223-2097323190-3110598458-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\SysWow64\wbem\wbemess.dll
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. James G

    James G Newcomer, in training Topic Starter Posts: 48

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-3655210223-2097323190-3110598458-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3655210223-2097323190-3110598458-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: James
    ->Temp folder emptied: 1558 bytes
    ->Temporary Internet Files folder emptied: 6838565 bytes
    ->FireFox cache emptied: 68370684 bytes
    ->Flash cache emptied: 42403 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 72989 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 72.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: James

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: James
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.68.0 log created on 09262012_161025

    Files\Folders moved on Reboot...
    C:\Users\James\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  23. James G

    James G Newcomer, in training Topic Starter Posts: 48

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Lavasoft Ad-Aware
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    Malwarebytes Anti-Malware version 1.65.0.1400
    Adobe Flash Player 11.4.402.265
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Ad-Aware Antivirus AdAwareService.exe
    Ad-Aware Antivirus SBAMSvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 5%
    ````````````````````End of Log``````````````````````
  24. James G

    James G Newcomer, in training Topic Starter Posts: 48

    Farbar Service Scanner Version: 19-09-2012
    Ran by James (administrator) on 26-09-2012 at 16:22:09
    Running from "C:\Users\James\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  25. James G

    James G Newcomer, in training Topic Starter Posts: 48

    # AdwCleaner v2.003 - Logfile created 09/26/2012 at 16:25:34
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : James - JAMES-PC
    # Boot Mode : Normal
    # Running from : C:\Users\James\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-21-3655210223-2097323190-3110598458-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\my2whn7b.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1439 octets] - [26/09/2012 16:25:34]

    ########## EOF - C:\AdwCleaner[S1].txt - [1499 octets] ##########


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.