Trouble eliminating malicious adware

Solved
By Wardtg
May 4, 2014
  1. MBAM log:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/4/2014
    Scan Time: 6:16:37 PM
    Logfile: MBAM scan 2014-05-04.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.03.04.09
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Jenny

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 262598
    Time Elapsed: 59 min, 40 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 4
    PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.SkinLauncherSettings, Quarantined, [56f39f6005755cda124a3144a35faa56],
    PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.SkinLauncherSettings.1, Quarantined, [00495da2bac0b18570ec690c887a7789],
    PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.SkinLauncherSettings, Quarantined, [00495da2bac0b18570ec690c887a7789],
    PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.SkinLauncherSettings.1, Quarantined, [00495da2bac0b18570ec690c887a7789],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 15
    PUP.Optional.InstallIQ, C:\Users\Jenny\Downloads\7zip_freely_d157185.exe, Quarantined, [fe4bef10007a60d6bfad322a61a0bd43],
    PUP.Optional.OptimumInstaller.A, C:\Users\Jenny\Downloads\Setup(1).exe, Quarantined, [fa4f32cd1d5d9f97921fdeb1db2641bf],
    PUP.Optional.FunWebProducts, C:\Users\Jenny\Downloads\MyFunCards(2).exe, Quarantined, [e8612bd4661451e55ced2f31669bae52],
    PUP.Optional.FunWebProducts, C:\Users\Jenny\Downloads\MyFunCards.exe, Quarantined, [75d4cb34ef8bdb5b59f0a5bb9e6350b0],
    PUP.Optional.BundleInstaller.A, C:\Users\Jenny\Downloads\Browser_Update_V_1_295(1).exe, Quarantined, [6cdd8d72e59560d67a6f73fe857b946c],
    PUP.Optional.BundleInstaller.A, C:\Users\Jenny\Downloads\Browser_Update_V_1_295(2).exe, Quarantined, [084121de7dfdf4429d4c2b4633cda65a],
    PUP.Optional.BundleInstaller.A, C:\Users\Jenny\Downloads\Browser_Update_V_1_295.exe, Quarantined, [a3a6f50ab4c66fc7e3062a4742bed927],
    PUP.Optional.InstallIQ, C:\Users\Jenny\Downloads\coolreader_freely_d163113.exe, Quarantined, [cb7eb6497bff2115f07c71eb04fd3ec2],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2681249481.job, Quarantined, [d574d827a9d161d5149ff79fb74c8f71],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2796798091.job, Quarantined, [94b52bd4f28856e03a7990063cc7629e],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3693592337.job, Quarantined, [ab9e10efaad0bc7aedc61482689b5ea2],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3753636937.job, Quarantined, [7fca6897542643f37b381f7729dae818],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3820952810.job, Quarantined, [af9a04fb2258be78ecc70f8720e34ab6],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 4226507490.job, Quarantined, [e46578873e3cc96d9a19dabc08fb7e82],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 4281562830.job, Quarantined, [6edb9768463483b3654e4f470cf7916f],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Only one file created by DDS:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/10/2010 3:39:26 AM
    System Uptime: 5/4/2014 6:18:42 PM (0 hours ago)
    .
    Motherboard: Acer | | Aspire 5740
    Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU 1 | 2133/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 51.997 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP497: 5/3/2014 4:29:24 PM - Windows Defender Checkpoint
    RP498: 5/4/2014 11:59:01 AM - Removed League of Legends
    RP499: 5/4/2014 4:50:59 PM - avast! antivirus system restore point
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    I had a little trouble getting TDSSKiller to download and run. First time the download aborted and I had to restart. When it wouldn't run, I re-downloaded TDSSKiller. Still wouldn't run. In the process of dealing with this, I have YAC, Malwarebytes Anti-Malware, and Avast! running on this machine. TDSSKiller ran once I disabled all 3. There are two log files below from TDSSKiller. I think the second was created after the reboot because TDSSKiller restarted after the reboot and is currently running. Have to post multiple messages because more than 50,000 characters.

    Log file 1:
    17:10:33.0786 0x0634 TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
    17:11:30.0562 0x0634 ============================================================
    17:11:30.0562 0x0634 Current date / time: 2014/05/05 17:11:30.0562
    17:11:30.0565 0x0634 SystemInfo:
    17:11:30.0565 0x0634
    17:11:30.0565 0x0634 OS Version: 6.1.7601 ServicePack: 1.0
    17:11:30.0565 0x0634 Product type: Workstation
    17:11:30.0565 0x0634 ComputerName: JENNY-PC
    17:11:30.0565 0x0634 UserName: Jenny
    17:11:30.0565 0x0634 Windows directory: C:\Windows
    17:11:30.0565 0x0634 System windows directory: C:\Windows
    17:11:30.0565 0x0634 Running under WOW64
    17:11:30.0565 0x0634 Processor architecture: Intel x64
    17:11:30.0565 0x0634 Number of processors: 4
    17:11:30.0565 0x0634 Page size: 0x1000
    17:11:30.0565 0x0634 Boot type: Normal boot
    17:11:30.0565 0x0634 ============================================================
    17:11:30.0760 0x0634 KLMD registered as C:\Windows\system32\drivers\74756793.sys
    17:11:31.0435 0x0634 System UUID: {87A93001-796D-D868-1EFB-6147D587424E}
    17:11:37.0211 0x0634 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:11:37.0216 0x0634 ============================================================
    17:11:37.0216 0x0634 \Device\Harddisk0\DR0:
    17:11:37.0216 0x0634 MBR partitions:
    17:11:37.0216 0x0634 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
    17:11:37.0216 0x0634 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0
    17:11:37.0216 0x0634 ============================================================
    17:11:37.0578 0x0634 C: <-> \Device\Harddisk0\DR0\Partition2
    17:11:37.0578 0x0634 ============================================================
    17:11:37.0581 0x0634 Initialize success
    17:11:37.0581 0x0634 ============================================================
    17:11:40.0836 0x1270 ============================================================
    17:11:40.0836 0x1270 Scan started
    17:11:40.0836 0x1270 Mode: Manual;
    17:11:40.0836 0x1270 ============================================================
    17:11:40.0836 0x1270 KSN ping started
    17:11:48.0643 0x1270 KSN ping finished: true
    17:11:54.0956 0x1270 ================ Scan system memory ========================
    17:11:54.0956 0x1270 System memory - ok
    17:11:54.0961 0x1270 ================ Scan services =============================
    17:11:57.0536 0x1270 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    17:11:57.0546 0x1270 1394ohci - ok
    17:11:59.0679 0x1270 [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    17:11:59.0721 0x1270 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
    17:12:00.0009 0x1270 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    17:12:00.0016 0x1270 ACDaemon - ok
    17:12:00.0104 0x1270 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    17:12:00.0126 0x1270 ACPI - ok
    17:12:00.0229 0x1270 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    17:12:00.0231 0x1270 AcpiPmi - ok
    17:12:00.0586 0x1270 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:12:00.0591 0x1270 AdobeARMservice - ok
    17:12:01.0106 0x1270 [ 7C7E868E1D8096ED08D80FF7712BB9D8, EB4438F3CC377728173E018A763F0D0A8D5BBA4A289F554036D06B24030D2D62 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:12:01.0119 0x1270 AdobeFlashPlayerUpdateSvc - ok
    17:12:01.0396 0x1270 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    17:12:01.0424 0x1270 adp94xx - ok
    17:12:01.0586 0x1270 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    17:12:01.0601 0x1270 adpahci - ok
    17:12:01.0709 0x1270 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    17:12:01.0751 0x1270 adpu320 - ok
    17:12:01.0834 0x1270 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:12:01.0839 0x1270 AeLookupSvc - ok
    17:12:01.0994 0x1270 [ 6CCD1135320109D6B219F1A6E04AD9F6, B97D4DF46DF0EFC106BD3E248C70809F3F47DF3FD1CA039A0A3923E1FA05A969 ] Afc C:\Windows\syswow64\drivers\Afc.sys
    17:12:01.0996 0x1270 Afc - ok
    17:12:02.0301 0x1270 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
    17:12:02.0324 0x1270 AFD - ok
    17:12:03.0114 0x1270 [ B65F8DBA54F251906BBE8611B5A0E7AB, 9ADE347CB4E7C33D668DAC79A316C97C78D94D296B158F481F3E32F9DA4D647E ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
    17:12:03.0116 0x1270 AgereModemAudio - ok
    17:12:03.0204 0x1270 [ A6AB6F0ACE87DA76B4C401813D18BE95, 6AE72E0F07DF2164A3198E14A6AE7E15F0B8EB467D2D68960A006E360DBBA891 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    17:12:03.0369 0x1270 AgereSoftModem - ok
    17:12:04.0336 0x1270 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    17:12:04.0339 0x1270 agp440 - ok
    17:12:04.0389 0x1270 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    17:12:04.0394 0x1270 ALG - ok
    17:12:04.0594 0x1270 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    17:12:04.0596 0x1270 aliide - ok
    17:12:04.0626 0x1270 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    17:12:04.0629 0x1270 amdide - ok
    17:12:04.0681 0x1270 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    17:12:04.0686 0x1270 AmdK8 - ok
    17:12:04.0709 0x1270 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    17:12:04.0714 0x1270 AmdPPM - ok
    17:12:04.0786 0x1270 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    17:12:04.0791 0x1270 amdsata - ok
    17:12:04.0824 0x1270 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    17:12:04.0839 0x1270 amdsbs - ok
    17:12:04.0866 0x1270 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
    17:12:04.0871 0x1270 amdxata - ok
    17:12:04.0919 0x1270 [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
    17:12:04.0921 0x1270 AmUStor - ok
    17:12:05.0001 0x1270 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
    17:12:05.0006 0x1270 AppID - ok
    17:12:05.0046 0x1270 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:12:05.0049 0x1270 AppIDSvc - ok
    17:12:05.0101 0x1270 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
    17:12:05.0106 0x1270 Appinfo - ok
    17:12:05.0526 0x1270 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:12:05.0544 0x1270 Apple Mobile Device - ok
    17:12:05.0831 0x1270 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
    17:12:05.0836 0x1270 arc - ok
    17:12:05.0901 0x1270 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    17:12:05.0906 0x1270 arcsas - ok
    17:12:06.0716 0x1270 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    17:12:06.0779 0x1270 aspnet_state - ok
    17:12:07.0049 0x1270 [ 340B0467E98A8C92697D73034DB4BCB7, 342572B566747A05DA5391CFC027A6703AECCE29C3D288428884D8641A35D0F5 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
    17:12:07.0051 0x1270 aswHwid - ok
    17:12:07.0344 0x1270 [ ED5B09937D559FFA53FC988D20031E98, EC9E50C9BC2184AE93944EA3115A25BADF5FFB91D11776498EBC9A0D60029A84 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    17:12:07.0349 0x1270 aswMonFlt - ok
    17:12:07.0431 0x1270 [ 33C77DCB0AEC76E26BD6352A1A5281BB, CEA7BB3407C1F900DE5CB09F42AF7734811F86B7DE0085FADC7AAE8178D59665 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
    17:12:07.0436 0x1270 aswRdr - ok
    17:12:07.0529 0x1270 [ BF5B9E9E97CED45208E498D9FA73688F, BCB2CC516EAD040573D80599C2306ECB26FCCB16A97B940327CD3A3CE9077877 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
    17:12:07.0534 0x1270 aswRvrt - ok
    17:12:07.0631 0x1270 [ 1C159A357210CAB8974D5FBA068DC38F, 6FEBFCDD75F2929E47E979A32834944373EC6A7523D9C4A8722AEBCF6E4B8C8F ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    17:12:07.0679 0x1270 aswSnx - ok
    17:12:07.0934 0x1270 [ 5545FB5B49268C903F311849DB1942ED, 3C7FDD6A9A8A600F07A475595E48F947C36D9A6DAB6D3D84C44686B5A56FB40F ] aswSP C:\Windows\system32\drivers\aswSP.sys
    17:12:07.0981 0x1270 aswSP - ok
    17:12:08.0031 0x1270 [ 708689376A3FD6C6897C69D272E19F4B, 8F6151C46D8EE75872EB43E08337C7EC22EE7DD5344EA4DF33F026FE640A1336 ] aswStm C:\Windows\system32\drivers\aswStm.sys
    17:12:08.0036 0x1270 aswStm - ok
    17:12:08.0081 0x1270 [ 47CBD3F64E412FFAFD93404580A3C7B9, F9B02E232416BAFC21BCBCDC0A3D9E5E855BFAF11F29ED2C4C469692E6688278 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
    17:12:08.0094 0x1270 aswVmm - ok
    17:12:08.0134 0x1270 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:12:08.0136 0x1270 AsyncMac - ok
    17:12:08.0194 0x1270 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    17:12:08.0196 0x1270 atapi - ok
    17:12:08.0404 0x1270 [ D6CAD7E5B05055BB8226BDCB1644DA27, 053DBE95BE044C2674825561619A188660865AFCC4FD3C1D1E4F08972F5CC8DF ] athr C:\Windows\system32\DRIVERS\athrx.sys
    17:12:08.0471 0x1270 athr - ok
    17:12:09.0834 0x1270 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:12:09.0914 0x1270 AudioEndpointBuilder - ok
    17:12:09.0949 0x1270 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    17:12:09.0974 0x1270 AudioSrv - ok
    17:12:10.0401 0x1270 [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    17:12:10.0404 0x1270 avast! Antivirus - ok
    17:12:10.0624 0x1270 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:12:10.0631 0x1270 AxInstSV - ok
    17:12:11.0316 0x1270 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    17:12:11.0344 0x1270 b06bdrv - ok
    17:12:11.0549 0x1270 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:12:11.0561 0x1270 b57nd60a - ok
    17:12:11.0986 0x1270 [ 5F685973740F289BE3C809952DB8408B, 4C0A0C06BB2B6B1879A860B0D68289A55F80CF74947FCCE7815F1D8121232F62 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
    17:12:11.0994 0x1270 BBSvc - ok
    17:12:12.0066 0x1270 [ 76F78018F45E7F92164CEA5020176933, 76E1CA6E198417F3749864721C43913189A7EA07B5ED320DE543B2037CEA3D65 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
    17:12:12.0079 0x1270 BBUpdate - ok
    17:12:12.0894 0x1270 [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    17:12:12.0941 0x1270 BCM43XX - ok
    17:12:13.0329 0x1270 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    17:12:13.0334 0x1270 BDESVC - ok
    17:12:13.0411 0x1270 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    17:12:13.0414 0x1270 Beep - ok
    17:12:13.0744 0x1270 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
    17:12:13.0774 0x1270 BFE - ok
    17:12:14.0226 0x1270 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
    17:12:14.0319 0x1270 BITS - ok
    17:12:14.0366 0x1270 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    17:12:14.0369 0x1270 blbdrive - ok
    17:12:15.0434 0x1270 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    17:12:15.0454 0x1270 Bonjour Service - ok
    17:12:15.0549 0x1270 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    17:12:15.0554 0x1270 bowser - ok
    17:12:15.0634 0x1270 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:12:15.0636 0x1270 BrFiltLo - ok
    17:12:15.0679 0x1270 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:12:15.0681 0x1270 BrFiltUp - ok
    17:12:15.0761 0x1270 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
    17:12:15.0771 0x1270 Browser - ok
    17:12:15.0824 0x1270 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    17:12:15.0836 0x1270 Brserid - ok
    17:12:15.0854 0x1270 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    17:12:15.0856 0x1270 BrSerWdm - ok
    17:12:15.0906 0x1270 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:12:15.0909 0x1270 BrUsbMdm - ok
    17:12:15.0934 0x1270 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    17:12:15.0936 0x1270 BrUsbSer - ok
    17:12:15.0954 0x1270 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    17:12:15.0959 0x1270 BTHMODEM - ok
    17:12:16.0039 0x1270 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    17:12:16.0044 0x1270 bthserv - ok
    17:12:16.0091 0x1270 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    17:12:16.0096 0x1270 cdfs - ok
    17:12:16.0216 0x1270 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    17:12:16.0224 0x1270 cdrom - ok
    17:12:16.0324 0x1270 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
    17:12:16.0329 0x1270 CertPropSvc - ok
    17:12:16.0356 0x1270 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    17:12:16.0359 0x1270 circlass - ok
    17:12:16.0599 0x1270 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    17:12:16.0624 0x1270 CLFS - ok
    17:12:16.0766 0x1270 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:12:16.0771 0x1270 clr_optimization_v2.0.50727_32 - ok
    17:12:16.0861 0x1270 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:12:16.0866 0x1270 clr_optimization_v2.0.50727_64 - ok
    17:12:16.0974 0x1270 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:12:17.0061 0x1270 clr_optimization_v4.0.30319_32 - ok
    17:12:17.0124 0x1270 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:12:17.0266 0x1270 clr_optimization_v4.0.30319_64 - ok
    17:12:17.0299 0x1270 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    17:12:17.0301 0x1270 CmBatt - ok
    17:12:17.0359 0x1270 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    17:12:17.0361 0x1270 cmdide - ok
    17:12:17.0444 0x1270 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
    17:12:17.0756 0x1270 CNG - ok
    17:12:17.0796 0x1270 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    17:12:17.0799 0x1270 Compbatt - ok
    17:12:18.0779 0x1270 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    17:12:18.0781 0x1270 CompositeBus - ok
    17:12:18.0899 0x1270 COMSysApp - ok
    17:12:18.0984 0x1270 CouponXplorer_5zService - ok
    17:12:19.0026 0x1270 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    17:12:19.0031 0x1270 crcdisk - ok
    17:12:19.0174 0x1270 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
    17:12:19.0184 0x1270 CryptSvc - ok
    17:12:19.0314 0x1270 [ E6CE7188CC47AE5DAFDAF552D370C52F, D68E48F137BF8C6CD0BE4248F9F9D7C68F273C34304641756A76364E915BF428 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    17:12:19.0319 0x1270 dc3d - ok
    17:12:19.0471 0x1270 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
    17:12:19.0559 0x1270 DcomLaunch - ok
    17:12:19.0709 0x1270 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    17:12:19.0721 0x1270 defragsvc - ok
    17:12:19.0794 0x1270 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    17:12:19.0799 0x1270 DfsC - ok
    17:12:19.0919 0x1270 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    17:12:19.0934 0x1270 Dhcp - ok
    17:12:19.0986 0x1270 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    17:12:19.0989 0x1270 discache - ok
    17:12:20.0089 0x1270 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
    17:12:20.0094 0x1270 Disk - ok
    17:12:20.0521 0x1270 [ D5BCB77BE83CF99F508943945D46343D, 00C5624CE970A05075A19168643BF6E8FA60C764333ECEC088D7FFCA10547833 ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
    17:12:20.0521 0x1270 DKbFltr - ok
    17:12:20.0591 0x1270 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    17:12:20.0606 0x1270 Dnscache - ok
    17:12:20.0661 0x1270 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
    17:12:20.0676 0x1270 dot3svc - ok
    17:12:20.0754 0x1270 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
    17:12:20.0761 0x1270 DPS - ok
    17:12:20.0876 0x1270 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    17:12:21.0094 0x1270 drmkaud - ok
    17:12:21.0556 0x1270 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    17:12:21.0601 0x1270 DXGKrnl - ok
    17:12:21.0659 0x1270 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    17:12:21.0666 0x1270 EapHost - ok
    17:12:21.0869 0x1270 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    17:12:22.0096 0x1270 ebdrv - ok
    17:12:22.0166 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
    17:12:22.0171 0x1270 EFS - ok
    17:12:22.0264 0x1270 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    17:12:22.0329 0x1270 ehRecvr - ok
    17:12:22.0371 0x1270 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    17:12:22.0376 0x1270 ehSched - ok
    17:12:22.0476 0x1270 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    17:12:22.0539 0x1270 elxstor - ok
    17:12:22.0801 0x1270 [ FB67AA8AC61B9365ADD546139A21BED6, DDE2053071ED1F7E634FF1A74DB0ACC7D0D19B0AD0CF37DE989FA91B93C76452 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    17:12:22.0866 0x1270 ePowerSvc - ok
    17:12:23.0039 0x1270 [ 1E0764A8A8F39BAAEB271DA597422584, 0FEC21BF69925496E11DCDBB3409F63C0F7970FF2B68391CD6E3EF6F566FD2A3 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    17:12:23.0089 0x1270 EpsonCustomerParticipation - ok
    17:12:23.0171 0x1270 [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
    17:12:23.0179 0x1270 EpsonScanSvc - ok
    17:12:23.0239 0x1270 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    17:12:23.0241 0x1270 ErrDev - ok
    17:12:23.0344 0x1270 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    17:12:23.0364 0x1270 EventSystem - ok
    17:12:23.0506 0x1270 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    17:12:23.0516 0x1270 exfat - ok
    17:12:23.0579 0x1270 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    17:12:23.0589 0x1270 fastfat - ok
    17:12:23.0724 0x1270 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    17:12:23.0794 0x1270 Fax - ok
    17:12:24.0726 0x1270 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    17:12:24.0729 0x1270 fdc - ok
    17:12:24.0799 0x1270 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    17:12:24.0801 0x1270 fdPHost - ok
    17:12:24.0816 0x1270 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    17:12:24.0821 0x1270 FDResPub - ok
    17:12:24.0834 0x1270 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    17:12:24.0839 0x1270 FileInfo - ok
    17:12:24.0944 0x1270 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    17:12:24.0947 0x1270 Filetrace - ok
    17:12:24.0989 0x1270 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    17:12:24.0992 0x1270 flpydisk - ok
    17:12:25.0089 0x1270 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    17:12:25.0102 0x1270 FltMgr - ok
    17:12:25.0217 0x1270 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    17:12:25.0262 0x1270 FontCache - ok
    17:12:25.0387 0x1270 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:12:25.0389 0x1270 FontCache3.0.0.0 - ok
    17:12:25.0492 0x1270 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    17:12:25.0494 0x1270 FsDepends - ok
    17:12:25.0564 0x1270 [ B16B626996C74B564005BA855C5DEE90, B432C669EB610C262B18F3F8308EEE1B910DE7F7BC2A8EB5483419DC52A07AE1 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    17:12:25.0569 0x1270 fssfltr - ok
    17:12:25.0952 0x1270 [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    17:12:26.0132 0x1270 fsssvc - ok
    17:12:26.0192 0x1270 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    17:12:26.0197 0x1270 Fs_Rec - ok
    17:12:26.0354 0x1270 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    17:12:26.0364 0x1270 fvevol - ok
    17:12:26.0437 0x1270 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:12:26.0439 0x1270 gagp30kx - ok
    17:12:26.0664 0x1270 [ C44D560E441F091EA3B72F778EC60DE2, 1F90BA0E98C436B98BF6B0BC93146B52C081DF374424E2DCA270316D508A59B2 ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
    17:12:26.0699 0x1270 GameConsoleService - ok
    17:12:26.0812 0x1270 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:12:26.0814 0x1270 GEARAspiWDM - ok
    17:12:26.0992 0x1270 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    17:12:27.0032 0x1270 gpsvc - ok
    17:12:27.0997 0x1270 [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    17:12:28.0057 0x1270 Greg_Service - ok
    17:12:28.0442 0x1270 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:12:28.0447 0x1270 gupdate - ok
    17:12:28.0499 0x1270 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:12:28.0504 0x1270 gupdatem - ok
    17:12:28.0604 0x1270 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    17:12:28.0612 0x1270 gusvc - ok
    17:12:28.0769 0x1270 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    17:12:28.0772 0x1270 hcw85cir - ok
    17:12:28.0909 0x1270 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    17:12:28.0924 0x1270 HdAudAddService - ok
    17:12:29.0032 0x1270 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    17:12:29.0037 0x1270 HDAudBus - ok
    17:12:29.0092 0x1270 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    17:12:29.0097 0x1270 HECIx64 - ok
    17:12:29.0157 0x1270 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    17:12:29.0159 0x1270 HidBatt - ok
    17:12:29.0184 0x1270 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    17:12:29.0189 0x1270 HidBth - ok
    17:12:29.0197 0x1270 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    17:12:29.0199 0x1270 HidIr - ok
    17:12:29.0314 0x1270 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
    17:12:29.0319 0x1270 hidserv - ok
    17:12:29.0389 0x1270 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    17:12:29.0392 0x1270 HidUsb - ok
    17:12:29.0469 0x1270 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    17:12:29.0474 0x1270 hkmsvc - ok
  4. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    PART 2:
    17:12:29.0544 0x1270 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:12:29.0557 0x1270 HomeGroupListener - ok
    17:12:29.0654 0x1270 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:12:29.0664 0x1270 HomeGroupProvider - ok
    17:12:29.0739 0x1270 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    17:12:29.0742 0x1270 HpSAMD - ok
    17:12:30.0110 0x1270 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:12:30.0143 0x1270 HTTP - ok
    17:12:30.0238 0x1270 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:12:30.0240 0x1270 hwpolicy - ok
    17:12:30.0390 0x1270 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    17:12:30.0395 0x1270 i8042prt - ok
    17:12:30.0680 0x1270 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    17:12:30.0800 0x1270 IAANTMON - ok
    17:12:31.0718 0x1270 [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    17:12:31.0733 0x1270 iaStor - ok
    17:12:31.0958 0x1270 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    17:12:31.0975 0x1270 iaStorV - ok
    17:12:33.0378 0x1270 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:12:33.0443 0x1270 idsvc - ok
    17:12:35.0133 0x1270 [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:12:35.0850 0x1270 igfx - ok
    17:12:35.0985 0x1270 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    17:12:35.0988 0x1270 iirsp - ok
    17:12:36.0725 0x1270 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
    17:12:36.0810 0x1270 IKEEXT - ok
    17:12:36.0875 0x1270 [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    17:12:36.0883 0x1270 Impcd - ok
    17:12:37.0420 0x1270 [ 42943BB3AB7A405B30EFF7C8283CC129, B914B5610565B794BE28664DE605C5726A0587F15034A026509885771C63B0D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    17:12:37.0530 0x1270 IntcAzAudAddService - ok
    17:12:37.0690 0x1270 [ 408B401CD7CDB075C7470B0FF7BA8D0B, A3BC4ED47094D6A78732012D9020E0C31583E6132E3C0FD1FD64C80AFCC4738F ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:12:37.0733 0x1270 IntcDAud - ok
    17:12:37.0810 0x1270 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    17:12:37.0810 0x1270 intelide - ok
    17:12:37.0878 0x1270 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    17:12:37.0883 0x1270 intelppm - ok
    17:12:37.0953 0x1270 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:12:37.0960 0x1270 IPBusEnum - ok
    17:12:38.0055 0x1270 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:12:38.0060 0x1270 IpFilterDriver - ok
    17:12:38.0133 0x1270 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    17:12:38.0195 0x1270 iphlpsvc - ok
    17:12:38.0233 0x1270 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    17:12:38.0238 0x1270 IPMIDRV - ok
    17:12:38.0270 0x1270 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:12:38.0275 0x1270 IPNAT - ok
    17:12:39.0933 0x1270 [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    17:12:40.0018 0x1270 iPod Service - ok
    17:12:42.0930 0x1270 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:12:42.0933 0x1270 IRENUM - ok
    17:12:43.0163 0x1270 [ 8137E4960ACAA7292CB511A45D425D92, FDC3A015A923FF0BE2F0690B528BE1E1EEC4D6F5718FB98D529B20E6E490C690 ] iSafeKrnl C:\Program Files (x86)\iSafe\iSafeKrnl.sys
    17:12:43.0175 0x1270 iSafeKrnl - ok
    17:12:43.0228 0x1270 iSafeKrnlBoot - ok
    17:12:43.0283 0x1270 [ BCD1B1CA74071F240320CA635CDC5AFE, CE3931389483CD6DEBFE771B343163EB737C8AD7C7AA20E6651B13C7C9D40992 ] iSafeKrnlKit C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys
    17:12:43.0288 0x1270 iSafeKrnlKit - ok
    17:12:43.0383 0x1270 [ F24442AFE0A7C6A917CB6908EA521E1B, D7049BED330415B88031E930FA007E72AA3AAF73ED9B93E0A687BD47D1B86FDE ] iSafeNetFilter C:\Program Files (x86)\iSafe\iSafeNetFilter.sys
    17:12:43.0388 0x1270 iSafeNetFilter - ok
    17:12:43.0465 0x1270 [ 13E960E384369F4E32BA29B27F451C99, AE7E0E14D954ED42ECD0B5338A316407FC121314B5D8DEEC534CEB2397F8326F ] iSafeService C:\Program Files (x86)\iSafe\iSafeSvc.exe
    17:12:43.0470 0x1270 iSafeService - ok
    17:12:44.0423 0x1270 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    17:12:44.0425 0x1270 isapnp - ok
    17:12:44.0503 0x1270 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    17:12:44.0523 0x1270 iScsiPrt - ok
    17:12:44.0703 0x1270 [ D85F3F18E44F7447B5F1BA5C85BAEB7C, 0FA419F9BF061AC3F81A978FAE1523904081BA6FEA6FACEA228B20F5608FCF1E ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
    17:12:44.0718 0x1270 k57nd60a - ok
    17:12:44.0825 0x1270 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    17:12:44.0830 0x1270 kbdclass - ok
    17:12:44.0933 0x1270 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    17:12:44.0935 0x1270 kbdhid - ok
    17:12:45.0055 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
    17:12:45.0058 0x1270 KeyIso - ok
    17:12:45.0173 0x1270 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:12:45.0178 0x1270 KSecDD - ok
    17:12:45.0215 0x1270 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:12:45.0223 0x1270 KSecPkg - ok
    17:12:45.0250 0x1270 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:12:45.0253 0x1270 ksthunk - ok
    17:12:45.0428 0x1270 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:12:45.0448 0x1270 KtmRm - ok
    17:12:45.0630 0x1270 [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
    17:12:45.0633 0x1270 L1E - ok
    17:12:45.0715 0x1270 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
    17:12:45.0730 0x1270 LanmanServer - ok
    17:12:45.0855 0x1270 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:12:45.0868 0x1270 LanmanWorkstation - ok
    17:12:45.0908 0x1270 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:12:45.0910 0x1270 lltdio - ok
    17:12:45.0955 0x1270 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:12:45.0973 0x1270 lltdsvc - ok
    17:12:46.0018 0x1270 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:12:46.0020 0x1270 lmhosts - ok
    17:12:46.0300 0x1270 [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    17:12:46.0313 0x1270 LMS - ok
    17:12:46.0398 0x1270 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:12:46.0405 0x1270 LSI_FC - ok
    17:12:46.0415 0x1270 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:12:46.0420 0x1270 LSI_SAS - ok
    17:12:46.0468 0x1270 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:12:46.0470 0x1270 LSI_SAS2 - ok
    17:12:46.0505 0x1270 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:12:46.0510 0x1270 LSI_SCSI - ok
    17:12:46.0558 0x1270 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    17:12:46.0563 0x1270 luafv - ok
    17:12:46.0623 0x1270 [ FD5465B876D55534117963FAAA4B9DFC, 63A822A1EEEC42C30CCC9477431E310E3D360489A68BBCD805124681F21C0B6B ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    17:12:46.0625 0x1270 MBAMProtector - ok
    17:12:47.0123 0x1270 [ 0E08BDD7326E657D59DB40BAD23D8169, 428C6CCCC0BB540DFD35847776140D60C186B9D2D14F0ACCD1A4D42A8877BD98 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    17:12:47.0230 0x1270 MBAMScheduler - ok
    17:12:47.0443 0x1270 [ A8E7F3DB083EB0839DFC1C763CDD2594, BDF416E360A52130B23B029C89E6406A97FB0516C52C7E63B94CAECEEB431A2E ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    17:12:47.0578 0x1270 MBAMService - ok
    17:12:47.0845 0x1270 [ 49F5B235EDC9C6AC0ABA44737B190317, 096D8D583ED024F1B3AD30DD5EBA38B1FEE518166E157C0E3890D80687181F60 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
    17:12:47.0858 0x1270 McComponentHostService - ok
    17:12:47.0910 0x1270 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    17:12:47.0918 0x1270 Mcx2Svc - ok
    17:12:47.0993 0x1270 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    17:12:47.0998 0x1270 megasas - ok
    17:12:48.0198 0x1270 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    17:12:48.0225 0x1270 MegaSR - ok
    17:12:48.0550 0x1270 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    17:12:48.0555 0x1270 Microsoft Office Groove Audit Service - ok
    17:12:48.0730 0x1270 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    17:12:48.0738 0x1270 MMCSS - ok
    17:12:48.0778 0x1270 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    17:12:48.0780 0x1270 Modem - ok
    17:12:48.0825 0x1270 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:12:48.0828 0x1270 monitor - ok
    17:12:48.0923 0x1270 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:12:48.0928 0x1270 mouclass - ok
    17:12:49.0025 0x1270 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    17:12:49.0028 0x1270 mouhid - ok
    17:12:49.0108 0x1270 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:12:49.0113 0x1270 mountmgr - ok
    17:12:49.0268 0x1270 [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:12:49.0273 0x1270 MozillaMaintenance - ok
    17:12:49.0338 0x1270 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    17:12:49.0348 0x1270 mpio - ok
    17:12:49.0455 0x1270 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:12:49.0460 0x1270 mpsdrv - ok
    17:12:49.0805 0x1270 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
    17:12:49.0880 0x1270 MpsSvc - ok
    17:12:49.0998 0x1270 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:12:50.0005 0x1270 MRxDAV - ok
    17:12:50.0090 0x1270 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:12:50.0098 0x1270 mrxsmb - ok
    17:12:51.0948 0x1270 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:12:52.0060 0x1270 mrxsmb10 - ok
    17:12:52.0168 0x1270 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:12:52.0175 0x1270 mrxsmb20 - ok
    17:12:52.0250 0x1270 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    17:12:52.0253 0x1270 msahci - ok
    17:12:52.0325 0x1270 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    17:12:52.0333 0x1270 msdsm - ok
    17:12:52.0408 0x1270 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    17:12:52.0420 0x1270 MSDTC - ok
    17:12:52.0525 0x1270 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:12:52.0528 0x1270 Msfs - ok
    17:12:52.0605 0x1270 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:12:52.0608 0x1270 mshidkmdf - ok
    17:12:52.0688 0x1270 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    17:12:52.0690 0x1270 msisadrv - ok
    17:12:52.0940 0x1270 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:12:52.0950 0x1270 MSiSCSI - ok
    17:12:52.0955 0x1270 msiserver - ok
    17:12:53.0003 0x1270 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:12:53.0003 0x1270 MSKSSRV - ok
    17:12:53.0063 0x1270 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:12:53.0065 0x1270 MSPCLOCK - ok
    17:12:53.0095 0x1270 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:12:53.0098 0x1270 MSPQM - ok
    17:12:53.0193 0x1270 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:12:53.0228 0x1270 MsRPC - ok
    17:12:53.0350 0x1270 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    17:12:53.0353 0x1270 mssmbios - ok
    17:12:53.0398 0x1270 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:12:53.0403 0x1270 MSTEE - ok
    17:12:53.0430 0x1270 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    17:12:53.0433 0x1270 MTConfig - ok
    17:12:53.0505 0x1270 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    17:12:53.0510 0x1270 Mup - ok
    17:12:53.0563 0x1270 [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
    17:12:53.0565 0x1270 mwlPSDFilter - ok
    17:12:53.0583 0x1270 [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
    17:12:53.0585 0x1270 mwlPSDNServ - ok
    17:12:53.0603 0x1270 [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
    17:12:53.0605 0x1270 mwlPSDVDisk - ok
    17:12:53.0880 0x1270 [ 2F139207F618EC2933830227EEFFDDB4, 2942452EC631BF11CCCDA397C756CBBC0337F58B215A3F02DA263818CB3BE9A9 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    17:12:53.0925 0x1270 MWLService - ok
    17:12:54.0078 0x1270 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    17:12:54.0158 0x1270 napagent - ok
    17:12:54.0230 0x1270 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:12:54.0295 0x1270 NativeWifiP - ok
    17:12:54.0523 0x1270 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:12:54.0603 0x1270 NDIS - ok
    17:12:54.0733 0x1270 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    17:12:54.0735 0x1270 NdisCap - ok
    17:12:54.0760 0x1270 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:12:54.0765 0x1270 NdisTapi - ok
    17:12:54.0878 0x1270 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:12:54.0880 0x1270 Ndisuio - ok
    17:12:54.0963 0x1270 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:12:54.0973 0x1270 NdisWan - ok
    17:12:55.0065 0x1270 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:12:55.0070 0x1270 NDProxy - ok
    17:12:57.0936 0x1270 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:12:57.0946 0x1270 NetBIOS - ok
    17:12:58.0016 0x1270 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:12:58.0051 0x1270 NetBT - ok
    17:12:58.0088 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
    17:12:58.0093 0x1270 Netlogon - ok
    17:12:58.0378 0x1270 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    17:12:58.0598 0x1270 Netman - ok
    17:12:58.0891 0x1270 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:12:58.0918 0x1270 NetMsmqActivator - ok
    17:12:58.0928 0x1270 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:12:58.0936 0x1270 NetPipeActivator - ok
    17:12:58.0993 0x1270 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    17:12:59.0088 0x1270 netprofm - ok
    17:12:59.0126 0x1270 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:12:59.0131 0x1270 NetTcpActivator - ok
    17:12:59.0146 0x1270 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:12:59.0153 0x1270 NetTcpPortSharing - ok
    17:12:59.0228 0x1270 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    17:12:59.0233 0x1270 nfrd960 - ok
    17:12:59.0631 0x1270 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:12:59.0666 0x1270 NlaSvc - ok
    17:12:59.0731 0x1270 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:12:59.0733 0x1270 Npfs - ok
    17:12:59.0763 0x1270 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    17:12:59.0768 0x1270 nsi - ok
    17:12:59.0776 0x1270 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:12:59.0778 0x1270 nsiproxy - ok
    17:12:59.0996 0x1270 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:13:00.0111 0x1270 Ntfs - ok
    17:13:00.0253 0x1270 [ 14E66F603FB187713AEB02AD3B0390CF, E4025ECBEC50B85E3A860763053243C47E3FCE76F2348429C03827240A8DF3B6 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    17:13:00.0258 0x1270 NTI IScheduleSvc - ok
    17:13:00.0318 0x1270 [ FD324CCE1D4D5BB5AF65F8E55B462C7E, 901287499F33EFD3B1EE6CBDAD4E4DD342DC62FCDCCEF5375CB9D7B0673EE1E6 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    17:13:00.0323 0x1270 NTIBackupSvc - ok
    17:13:00.0366 0x1270 [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
    17:13:00.0371 0x1270 NTIDrvr - ok
    17:13:00.0411 0x1270 [ 3F6268A2EC33CD38CF75C880AF8DED42, 6CA4A527878042C3BB40A7C0F4F9434827C7E60F989EB7C39BBAD0F270404EEE ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    17:13:00.0473 0x1270 NTISchedulerSvc - ok
    17:13:00.0523 0x1270 [ 4C08A14D04E62963E96E0BB57BBC953B, AACBD606F31532F49C516751D934E1B3C167C99195B6E3B582CFF5F5FFB420CB ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
    17:13:00.0528 0x1270 NuidFltr - ok
    17:13:00.0556 0x1270 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    17:13:00.0558 0x1270 Null - ok
    17:13:00.0638 0x1270 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    17:13:00.0646 0x1270 nvraid - ok
    17:13:00.0686 0x1270 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    17:13:00.0696 0x1270 nvstor - ok
    17:13:00.0743 0x1270 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    17:13:00.0751 0x1270 nv_agp - ok
    17:13:00.0873 0x1270 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    17:13:00.0938 0x1270 odserv - ok
    17:13:00.0996 0x1270 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    17:13:00.0998 0x1270 ohci1394 - ok
    17:13:01.0183 0x1270 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:13:01.0191 0x1270 ose - ok
    17:13:01.0333 0x1270 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:13:01.0368 0x1270 p2pimsvc - ok
    17:13:01.0443 0x1270 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    17:13:01.0491 0x1270 p2psvc - ok
    17:13:01.0528 0x1270 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    17:13:01.0533 0x1270 Parport - ok
    17:13:01.0578 0x1270 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:13:01.0583 0x1270 partmgr - ok
    17:13:01.0616 0x1270 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:13:01.0628 0x1270 PcaSvc - ok
    17:13:01.0651 0x1270 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    17:13:02.0546 0x1270 pci - ok
    17:13:02.0586 0x1270 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    17:13:02.0588 0x1270 pciide - ok
    17:13:02.0681 0x1270 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    17:13:02.0851 0x1270 pcmcia - ok
    17:13:02.0933 0x1270 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:13:02.0936 0x1270 pcw - ok
    17:13:03.0133 0x1270 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:13:03.0163 0x1270 PEAUTH - ok
    17:13:06.0641 0x1270 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:13:06.0646 0x1270 PerfHost - ok
    17:13:07.0118 0x1270 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    17:13:07.0238 0x1270 pla - ok
    17:13:07.0493 0x1270 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:13:07.0548 0x1270 PlugPlay - ok
    17:13:07.0601 0x1270 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:13:07.0623 0x1270 PNRPAutoReg - ok
    17:13:07.0921 0x1270 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:13:07.0936 0x1270 PNRPsvc - ok
    17:13:08.0703 0x1270 [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    17:13:08.0706 0x1270 Point64 - ok
    17:13:11.0431 0x1270 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:13:11.0453 0x1270 PolicyAgent - ok
    17:13:14.0286 0x1270 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    17:13:14.0298 0x1270 Power - ok
    17:13:14.0711 0x1270 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:13:14.0723 0x1270 PptpMiniport - ok
    17:13:14.0781 0x1270 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    17:13:14.0786 0x1270 Processor - ok
    17:13:14.0861 0x1270 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
    17:13:14.0876 0x1270 ProfSvc - ok
    17:13:14.0898 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:13:14.0903 0x1270 ProtectedStorage - ok
    17:13:14.0966 0x1270 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:13:14.0973 0x1270 Psched - ok
    17:13:15.0206 0x1270 [ 3F3666623ED2CB80496599A4FAB84B5F, 54547A930542F391DDD618AA10AD4D6A5A5D39818CCAF8B2B9B1FB9FE5425B74 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    17:13:15.0208 0x1270 QBCFMonitorService - ok
    17:13:15.0583 0x1270 [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    17:13:15.0588 0x1270 QBFCService - ok
    17:13:15.0741 0x1270 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    17:13:15.0848 0x1270 ql2300 - ok
    17:13:15.0881 0x1270 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    17:13:15.0888 0x1270 ql40xx - ok
    17:13:15.0923 0x1270 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    17:13:15.0993 0x1270 QWAVE - ok
    17:13:16.0071 0x1270 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:13:16.0073 0x1270 QWAVEdrv - ok
    17:13:16.0088 0x1270 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:13:16.0091 0x1270 RasAcd - ok
    17:13:16.0178 0x1270 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:13:16.0183 0x1270 RasAgileVpn - ok
    17:13:16.0216 0x1270 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    17:13:16.0226 0x1270 RasAuto - ok
    17:13:16.0273 0x1270 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:13:16.0281 0x1270 Rasl2tp - ok
    17:13:16.0356 0x1270 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    17:13:16.0386 0x1270 RasMan - ok
    17:13:16.0408 0x1270 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:13:16.0413 0x1270 RasPppoe - ok
    17:13:16.0448 0x1270 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:13:16.0453 0x1270 RasSstp - ok
    17:13:16.0561 0x1270 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:13:16.0576 0x1270 rdbss - ok
    17:13:16.0606 0x1270 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    17:13:16.0611 0x1270 rdpbus - ok
    17:13:16.0646 0x1270 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:13:16.0648 0x1270 RDPCDD - ok
    17:13:16.0741 0x1270 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:13:16.0743 0x1270 RDPENCDD - ok
    17:13:16.0758 0x1270 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:13:16.0761 0x1270 RDPREFMP - ok
    17:13:16.0816 0x1270 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:13:16.0826 0x1270 RDPWD - ok
    17:13:16.0898 0x1270 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:13:16.0908 0x1270 rdyboost - ok
    17:13:16.0961 0x1270 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:13:16.0971 0x1270 RemoteAccess - ok
    17:13:17.0031 0x1270 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:13:17.0043 0x1270 RemoteRegistry - ok
    17:13:17.0101 0x1270 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:13:17.0111 0x1270 RpcEptMapper - ok
    17:13:17.0181 0x1270 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    17:13:17.0183 0x1270 RpcLocator - ok
    17:13:17.0258 0x1270 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
    17:13:17.0288 0x1270 RpcSs - ok
    17:13:17.0376 0x1270 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:13:17.0381 0x1270 rspndr - ok
    17:13:17.0436 0x1270 [ FF2D7435C79B273752F0912FEAB839C0, 1C065D5678964980506F3ADCBB274295DDFFE9099090FFD2F39C6AC3FB4D37D3 ] SaiU0CCB C:\Windows\system32\DRIVERS\SaiU0CCB.sys
    17:13:17.0441 0x1270 SaiU0CCB - ok
    17:13:17.0488 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
    17:13:17.0491 0x1270 SamSs - ok
    17:13:17.0533 0x1270 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    17:13:17.0541 0x1270 sbp2port - ok
    17:13:17.0583 0x1270 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:13:17.0628 0x1270 SCardSvr - ok
    17:13:17.0696 0x1270 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D, 64A07303E538A1EE439D4AAD0DEBBD6037219D37B884026701A06E59A729E9C9 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    17:13:17.0701 0x1270 SCDEmu - ok
    17:13:17.0751 0x1270 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:13:17.0753 0x1270 scfilter - ok
    17:13:17.0856 0x1270 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    17:13:17.0986 0x1270 Schedule - ok
    17:13:18.0068 0x1270 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:13:18.0073 0x1270 SCPolicySvc - ok
    17:13:18.0121 0x1270 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:13:18.0133 0x1270 SDRSVC - ok
    17:13:18.0511 0x1270 [ 7BBF467A0D1853B1A6796ABDC3A60F81, 28751E410F133878B5D2676AEECE02E5DEB6C6DB722F2B7D3E00042D232E03B8 ] Seagate Dashboard Services C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    17:13:18.0516 0x1270 Seagate Dashboard Services - ok
    17:13:20.0333 0x1270 [ 2C542FB84B26459D437B22A9BC63C14D, 7EF3444160218F0FE647FAA2826329B367BF7F33616DF0A4479C4EF5A9EB75E0 ] SeagateDashboardService C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    17:13:20.0333 0x1270 SeagateDashboardService - ok
    17:13:20.0681 0x1270 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    17:13:20.0683 0x1270 secdrv - ok
    17:13:20.0821 0x1270 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    17:13:21.0038 0x1270 seclogon - ok
    17:13:21.0621 0x1270 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
    17:13:21.0628 0x1270 SENS - ok
    17:13:24.0653 0x1270 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:13:24.0661 0x1270 SensrSvc - ok
    17:13:24.0946 0x1270 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    17:13:24.0956 0x1270 Serenum - ok
    17:13:24.0966 0x1270 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
    17:13:24.0973 0x1270 Serial - ok
    17:13:25.0026 0x1270 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    17:13:25.0028 0x1270 sermouse - ok
    17:13:25.0088 0x1270 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    17:13:25.0098 0x1270 SessionEnv - ok
    17:13:25.0153 0x1270 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    17:13:25.0156 0x1270 sffdisk - ok
    17:13:25.0196 0x1270 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    17:13:25.0198 0x1270 sffp_mmc - ok
    17:13:25.0223 0x1270 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    17:13:25.0226 0x1270 sffp_sd - ok
  5. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    PART 2:
    17:12:29.0544 0x1270 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:12:29.0557 0x1270 HomeGroupListener - ok
    17:12:29.0654 0x1270 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:12:29.0664 0x1270 HomeGroupProvider - ok
    17:12:29.0739 0x1270 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    17:12:29.0742 0x1270 HpSAMD - ok
    17:12:30.0110 0x1270 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:12:30.0143 0x1270 HTTP - ok
    17:12:30.0238 0x1270 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:12:30.0240 0x1270 hwpolicy - ok
    17:12:30.0390 0x1270 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    17:12:30.0395 0x1270 i8042prt - ok
    17:12:30.0680 0x1270 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    17:12:30.0800 0x1270 IAANTMON - ok
    17:12:31.0718 0x1270 [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    17:12:31.0733 0x1270 iaStor - ok
    17:12:31.0958 0x1270 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    17:12:31.0975 0x1270 iaStorV - ok
    17:12:33.0378 0x1270 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:12:33.0443 0x1270 idsvc - ok
    17:12:35.0133 0x1270 [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:12:35.0850 0x1270 igfx - ok
    17:12:35.0985 0x1270 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    17:12:35.0988 0x1270 iirsp - ok
    17:12:36.0725 0x1270 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
    17:12:36.0810 0x1270 IKEEXT - ok
    17:12:36.0875 0x1270 [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    17:12:36.0883 0x1270 Impcd - ok
    17:12:37.0420 0x1270 [ 42943BB3AB7A405B30EFF7C8283CC129, B914B5610565B794BE28664DE605C5726A0587F15034A026509885771C63B0D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    17:12:37.0530 0x1270 IntcAzAudAddService - ok
    17:12:37.0690 0x1270 [ 408B401CD7CDB075C7470B0FF7BA8D0B, A3BC4ED47094D6A78732012D9020E0C31583E6132E3C0FD1FD64C80AFCC4738F ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:12:37.0733 0x1270 IntcDAud - ok
    17:12:37.0810 0x1270 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    17:12:37.0810 0x1270 intelide - ok
    17:12:37.0878 0x1270 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    17:12:37.0883 0x1270 intelppm - ok
    17:12:37.0953 0x1270 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:12:37.0960 0x1270 IPBusEnum - ok
    17:12:38.0055 0x1270 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:12:38.0060 0x1270 IpFilterDriver - ok
    17:12:38.0133 0x1270 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    17:12:38.0195 0x1270 iphlpsvc - ok
    17:12:38.0233 0x1270 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    17:12:38.0238 0x1270 IPMIDRV - ok
    17:12:38.0270 0x1270 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:12:38.0275 0x1270 IPNAT - ok
    17:12:39.0933 0x1270 [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    17:12:40.0018 0x1270 iPod Service - ok
    17:12:42.0930 0x1270 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:12:42.0933 0x1270 IRENUM - ok
    17:12:43.0163 0x1270 [ 8137E4960ACAA7292CB511A45D425D92, FDC3A015A923FF0BE2F0690B528BE1E1EEC4D6F5718FB98D529B20E6E490C690 ] iSafeKrnl C:\Program Files (x86)\iSafe\iSafeKrnl.sys
    17:12:43.0175 0x1270 iSafeKrnl - ok
    17:12:43.0228 0x1270 iSafeKrnlBoot - ok
    17:12:43.0283 0x1270 [ BCD1B1CA74071F240320CA635CDC5AFE, CE3931389483CD6DEBFE771B343163EB737C8AD7C7AA20E6651B13C7C9D40992 ] iSafeKrnlKit C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys
    17:12:43.0288 0x1270 iSafeKrnlKit - ok
    17:12:43.0383 0x1270 [ F24442AFE0A7C6A917CB6908EA521E1B, D7049BED330415B88031E930FA007E72AA3AAF73ED9B93E0A687BD47D1B86FDE ] iSafeNetFilter C:\Program Files (x86)\iSafe\iSafeNetFilter.sys
    17:12:43.0388 0x1270 iSafeNetFilter - ok
    17:12:43.0465 0x1270 [ 13E960E384369F4E32BA29B27F451C99, AE7E0E14D954ED42ECD0B5338A316407FC121314B5D8DEEC534CEB2397F8326F ] iSafeService C:\Program Files (x86)\iSafe\iSafeSvc.exe
    17:12:43.0470 0x1270 iSafeService - ok
    17:12:44.0423 0x1270 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    17:12:44.0425 0x1270 isapnp - ok
    17:12:44.0503 0x1270 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    17:12:44.0523 0x1270 iScsiPrt - ok
    17:12:44.0703 0x1270 [ D85F3F18E44F7447B5F1BA5C85BAEB7C, 0FA419F9BF061AC3F81A978FAE1523904081BA6FEA6FACEA228B20F5608FCF1E ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
    17:12:44.0718 0x1270 k57nd60a - ok
    17:12:44.0825 0x1270 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    17:12:44.0830 0x1270 kbdclass - ok
    17:12:44.0933 0x1270 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    17:12:44.0935 0x1270 kbdhid - ok
    17:12:45.0055 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
    17:12:45.0058 0x1270 KeyIso - ok
    17:12:45.0173 0x1270 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:12:45.0178 0x1270 KSecDD - ok
    17:12:45.0215 0x1270 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:12:45.0223 0x1270 KSecPkg - ok
    17:12:45.0250 0x1270 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:12:45.0253 0x1270 ksthunk - ok
    17:12:45.0428 0x1270 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:12:45.0448 0x1270 KtmRm - ok
    17:12:45.0630 0x1270 [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
    17:12:45.0633 0x1270 L1E - ok
    17:12:45.0715 0x1270 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
    17:12:45.0730 0x1270 LanmanServer - ok
    17:12:45.0855 0x1270 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:12:45.0868 0x1270 LanmanWorkstation - ok
    17:12:45.0908 0x1270 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:12:45.0910 0x1270 lltdio - ok
    17:12:45.0955 0x1270 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:12:45.0973 0x1270 lltdsvc - ok
    17:12:46.0018 0x1270 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:12:46.0020 0x1270 lmhosts - ok
    17:12:46.0300 0x1270 [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    17:12:46.0313 0x1270 LMS - ok
    17:12:46.0398 0x1270 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:12:46.0405 0x1270 LSI_FC - ok
    17:12:46.0415 0x1270 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:12:46.0420 0x1270 LSI_SAS - ok
    17:12:46.0468 0x1270 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:12:46.0470 0x1270 LSI_SAS2 - ok
    17:12:46.0505 0x1270 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:12:46.0510 0x1270 LSI_SCSI - ok
    17:12:46.0558 0x1270 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    17:12:46.0563 0x1270 luafv - ok
    17:12:46.0623 0x1270 [ FD5465B876D55534117963FAAA4B9DFC, 63A822A1EEEC42C30CCC9477431E310E3D360489A68BBCD805124681F21C0B6B ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    17:12:46.0625 0x1270 MBAMProtector - ok
    17:12:47.0123 0x1270 [ 0E08BDD7326E657D59DB40BAD23D8169, 428C6CCCC0BB540DFD35847776140D60C186B9D2D14F0ACCD1A4D42A8877BD98 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    17:12:47.0230 0x1270 MBAMScheduler - ok
    17:12:47.0443 0x1270 [ A8E7F3DB083EB0839DFC1C763CDD2594, BDF416E360A52130B23B029C89E6406A97FB0516C52C7E63B94CAECEEB431A2E ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    17:12:47.0578 0x1270 MBAMService - ok
    17:12:47.0845 0x1270 [ 49F5B235EDC9C6AC0ABA44737B190317, 096D8D583ED024F1B3AD30DD5EBA38B1FEE518166E157C0E3890D80687181F60 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
    17:12:47.0858 0x1270 McComponentHostService - ok
    17:12:47.0910 0x1270 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    17:12:47.0918 0x1270 Mcx2Svc - ok
    17:12:47.0993 0x1270 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    17:12:47.0998 0x1270 megasas - ok
    17:12:48.0198 0x1270 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    17:12:48.0225 0x1270 MegaSR - ok
    17:12:48.0550 0x1270 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    17:12:48.0555 0x1270 Microsoft Office Groove Audit Service - ok
    17:12:48.0730 0x1270 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    17:12:48.0738 0x1270 MMCSS - ok
    17:12:48.0778 0x1270 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    17:12:48.0780 0x1270 Modem - ok
    17:12:48.0825 0x1270 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:12:48.0828 0x1270 monitor - ok
    17:12:48.0923 0x1270 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:12:48.0928 0x1270 mouclass - ok
    17:12:49.0025 0x1270 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    17:12:49.0028 0x1270 mouhid - ok
    17:12:49.0108 0x1270 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:12:49.0113 0x1270 mountmgr - ok
    17:12:49.0268 0x1270 [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:12:49.0273 0x1270 MozillaMaintenance - ok
    17:12:49.0338 0x1270 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    17:12:49.0348 0x1270 mpio - ok
    17:12:49.0455 0x1270 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:12:49.0460 0x1270 mpsdrv - ok
    17:12:49.0805 0x1270 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
    17:12:49.0880 0x1270 MpsSvc - ok
    17:12:49.0998 0x1270 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:12:50.0005 0x1270 MRxDAV - ok
    17:12:50.0090 0x1270 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:12:50.0098 0x1270 mrxsmb - ok
    17:12:51.0948 0x1270 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:12:52.0060 0x1270 mrxsmb10 - ok
    17:12:52.0168 0x1270 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:12:52.0175 0x1270 mrxsmb20 - ok
    17:12:52.0250 0x1270 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    17:12:52.0253 0x1270 msahci - ok
    17:12:52.0325 0x1270 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    17:12:52.0333 0x1270 msdsm - ok
    17:12:52.0408 0x1270 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    17:12:52.0420 0x1270 MSDTC - ok
    17:12:52.0525 0x1270 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:12:52.0528 0x1270 Msfs - ok
    17:12:52.0605 0x1270 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:12:52.0608 0x1270 mshidkmdf - ok
    17:12:52.0688 0x1270 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    17:12:52.0690 0x1270 msisadrv - ok
    17:12:52.0940 0x1270 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:12:52.0950 0x1270 MSiSCSI - ok
    17:12:52.0955 0x1270 msiserver - ok
    17:12:53.0003 0x1270 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:12:53.0003 0x1270 MSKSSRV - ok
    17:12:53.0063 0x1270 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:12:53.0065 0x1270 MSPCLOCK - ok
    17:12:53.0095 0x1270 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:12:53.0098 0x1270 MSPQM - ok
    17:12:53.0193 0x1270 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:12:53.0228 0x1270 MsRPC - ok
    17:12:53.0350 0x1270 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    17:12:53.0353 0x1270 mssmbios - ok
    17:12:53.0398 0x1270 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:12:53.0403 0x1270 MSTEE - ok
    17:12:53.0430 0x1270 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    17:12:53.0433 0x1270 MTConfig - ok
    17:12:53.0505 0x1270 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    17:12:53.0510 0x1270 Mup - ok
    17:12:53.0563 0x1270 [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
    17:12:53.0565 0x1270 mwlPSDFilter - ok
    17:12:53.0583 0x1270 [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
    17:12:53.0585 0x1270 mwlPSDNServ - ok
    17:12:53.0603 0x1270 [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
    17:12:53.0605 0x1270 mwlPSDVDisk - ok
    17:12:53.0880 0x1270 [ 2F139207F618EC2933830227EEFFDDB4, 2942452EC631BF11CCCDA397C756CBBC0337F58B215A3F02DA263818CB3BE9A9 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    17:12:53.0925 0x1270 MWLService - ok
    17:12:54.0078 0x1270 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    17:12:54.0158 0x1270 napagent - ok
    17:12:54.0230 0x1270 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:12:54.0295 0x1270 NativeWifiP - ok
    17:12:54.0523 0x1270 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:12:54.0603 0x1270 NDIS - ok
    17:12:54.0733 0x1270 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    17:12:54.0735 0x1270 NdisCap - ok
    17:12:54.0760 0x1270 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:12:54.0765 0x1270 NdisTapi - ok
    17:12:54.0878 0x1270 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:12:54.0880 0x1270 Ndisuio - ok
    17:12:54.0963 0x1270 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:12:54.0973 0x1270 NdisWan - ok
    17:12:55.0065 0x1270 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:12:55.0070 0x1270 NDProxy - ok
    17:12:57.0936 0x1270 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:12:57.0946 0x1270 NetBIOS - ok
    17:12:58.0016 0x1270 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:12:58.0051 0x1270 NetBT - ok
    17:12:58.0088 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
    17:12:58.0093 0x1270 Netlogon - ok
    17:12:58.0378 0x1270 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    17:12:58.0598 0x1270 Netman - ok
    17:12:58.0891 0x1270 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:12:58.0918 0x1270 NetMsmqActivator - ok
    17:12:58.0928 0x1270 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:12:58.0936 0x1270 NetPipeActivator - ok
    17:12:58.0993 0x1270 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    17:12:59.0088 0x1270 netprofm - ok
    17:12:59.0126 0x1270 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:12:59.0131 0x1270 NetTcpActivator - ok
    17:12:59.0146 0x1270 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:12:59.0153 0x1270 NetTcpPortSharing - ok
    17:12:59.0228 0x1270 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    17:12:59.0233 0x1270 nfrd960 - ok
    17:12:59.0631 0x1270 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:12:59.0666 0x1270 NlaSvc - ok
    17:12:59.0731 0x1270 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:12:59.0733 0x1270 Npfs - ok
    17:12:59.0763 0x1270 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    17:12:59.0768 0x1270 nsi - ok
    17:12:59.0776 0x1270 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:12:59.0778 0x1270 nsiproxy - ok
    17:12:59.0996 0x1270 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:13:00.0111 0x1270 Ntfs - ok
    17:13:00.0253 0x1270 [ 14E66F603FB187713AEB02AD3B0390CF, E4025ECBEC50B85E3A860763053243C47E3FCE76F2348429C03827240A8DF3B6 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    17:13:00.0258 0x1270 NTI IScheduleSvc - ok
    17:13:00.0318 0x1270 [ FD324CCE1D4D5BB5AF65F8E55B462C7E, 901287499F33EFD3B1EE6CBDAD4E4DD342DC62FCDCCEF5375CB9D7B0673EE1E6 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    17:13:00.0323 0x1270 NTIBackupSvc - ok
    17:13:00.0366 0x1270 [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
    17:13:00.0371 0x1270 NTIDrvr - ok
    17:13:00.0411 0x1270 [ 3F6268A2EC33CD38CF75C880AF8DED42, 6CA4A527878042C3BB40A7C0F4F9434827C7E60F989EB7C39BBAD0F270404EEE ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    17:13:00.0473 0x1270 NTISchedulerSvc - ok
    17:13:00.0523 0x1270 [ 4C08A14D04E62963E96E0BB57BBC953B, AACBD606F31532F49C516751D934E1B3C167C99195B6E3B582CFF5F5FFB420CB ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
    17:13:00.0528 0x1270 NuidFltr - ok
    17:13:00.0556 0x1270 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    17:13:00.0558 0x1270 Null - ok
    17:13:00.0638 0x1270 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    17:13:00.0646 0x1270 nvraid - ok
    17:13:00.0686 0x1270 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    17:13:00.0696 0x1270 nvstor - ok
    17:13:00.0743 0x1270 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    17:13:00.0751 0x1270 nv_agp - ok
    17:13:00.0873 0x1270 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    17:13:00.0938 0x1270 odserv - ok
    17:13:00.0996 0x1270 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    17:13:00.0998 0x1270 ohci1394 - ok
    17:13:01.0183 0x1270 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:13:01.0191 0x1270 ose - ok
    17:13:01.0333 0x1270 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:13:01.0368 0x1270 p2pimsvc - ok
    17:13:01.0443 0x1270 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    17:13:01.0491 0x1270 p2psvc - ok
    17:13:01.0528 0x1270 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    17:13:01.0533 0x1270 Parport - ok
    17:13:01.0578 0x1270 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:13:01.0583 0x1270 partmgr - ok
    17:13:01.0616 0x1270 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:13:01.0628 0x1270 PcaSvc - ok
    17:13:01.0651 0x1270 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    17:13:02.0546 0x1270 pci - ok
    17:13:02.0586 0x1270 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    17:13:02.0588 0x1270 pciide - ok
    17:13:02.0681 0x1270 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    17:13:02.0851 0x1270 pcmcia - ok
    17:13:02.0933 0x1270 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:13:02.0936 0x1270 pcw - ok
    17:13:03.0133 0x1270 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:13:03.0163 0x1270 PEAUTH - ok
    17:13:06.0641 0x1270 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:13:06.0646 0x1270 PerfHost - ok
    17:13:07.0118 0x1270 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    17:13:07.0238 0x1270 pla - ok
    17:13:07.0493 0x1270 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:13:07.0548 0x1270 PlugPlay - ok
    17:13:07.0601 0x1270 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:13:07.0623 0x1270 PNRPAutoReg - ok
    17:13:07.0921 0x1270 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:13:07.0936 0x1270 PNRPsvc - ok
    17:13:08.0703 0x1270 [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    17:13:08.0706 0x1270 Point64 - ok
    17:13:11.0431 0x1270 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:13:11.0453 0x1270 PolicyAgent - ok
    17:13:14.0286 0x1270 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    17:13:14.0298 0x1270 Power - ok
    17:13:14.0711 0x1270 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:13:14.0723 0x1270 PptpMiniport - ok
    17:13:14.0781 0x1270 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    17:13:14.0786 0x1270 Processor - ok
    17:13:14.0861 0x1270 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
    17:13:14.0876 0x1270 ProfSvc - ok
    17:13:14.0898 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:13:14.0903 0x1270 ProtectedStorage - ok
    17:13:14.0966 0x1270 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:13:14.0973 0x1270 Psched - ok
    17:13:15.0206 0x1270 [ 3F3666623ED2CB80496599A4FAB84B5F, 54547A930542F391DDD618AA10AD4D6A5A5D39818CCAF8B2B9B1FB9FE5425B74 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    17:13:15.0208 0x1270 QBCFMonitorService - ok
    17:13:15.0583 0x1270 [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    17:13:15.0588 0x1270 QBFCService - ok
    17:13:15.0741 0x1270 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    17:13:15.0848 0x1270 ql2300 - ok
    17:13:15.0881 0x1270 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    17:13:15.0888 0x1270 ql40xx - ok
    17:13:15.0923 0x1270 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    17:13:15.0993 0x1270 QWAVE - ok
    17:13:16.0071 0x1270 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:13:16.0073 0x1270 QWAVEdrv - ok
    17:13:16.0088 0x1270 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:13:16.0091 0x1270 RasAcd - ok
    17:13:16.0178 0x1270 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:13:16.0183 0x1270 RasAgileVpn - ok
    17:13:16.0216 0x1270 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    17:13:16.0226 0x1270 RasAuto - ok
    17:13:16.0273 0x1270 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:13:16.0281 0x1270 Rasl2tp - ok
    17:13:16.0356 0x1270 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    17:13:16.0386 0x1270 RasMan - ok
    17:13:16.0408 0x1270 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:13:16.0413 0x1270 RasPppoe - ok
    17:13:16.0448 0x1270 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:13:16.0453 0x1270 RasSstp - ok
    17:13:16.0561 0x1270 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:13:16.0576 0x1270 rdbss - ok
    17:13:16.0606 0x1270 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    17:13:16.0611 0x1270 rdpbus - ok
    17:13:16.0646 0x1270 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:13:16.0648 0x1270 RDPCDD - ok
    17:13:16.0741 0x1270 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:13:16.0743 0x1270 RDPENCDD - ok
    17:13:16.0758 0x1270 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:13:16.0761 0x1270 RDPREFMP - ok
    17:13:16.0816 0x1270 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:13:16.0826 0x1270 RDPWD - ok
    17:13:16.0898 0x1270 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:13:16.0908 0x1270 rdyboost - ok
    17:13:16.0961 0x1270 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:13:16.0971 0x1270 RemoteAccess - ok
    17:13:17.0031 0x1270 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:13:17.0043 0x1270 RemoteRegistry - ok
    17:13:17.0101 0x1270 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:13:17.0111 0x1270 RpcEptMapper - ok
    17:13:17.0181 0x1270 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    17:13:17.0183 0x1270 RpcLocator - ok
    17:13:17.0258 0x1270 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
    17:13:17.0288 0x1270 RpcSs - ok
    17:13:17.0376 0x1270 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:13:17.0381 0x1270 rspndr - ok
    17:13:17.0436 0x1270 [ FF2D7435C79B273752F0912FEAB839C0, 1C065D5678964980506F3ADCBB274295DDFFE9099090FFD2F39C6AC3FB4D37D3 ] SaiU0CCB C:\Windows\system32\DRIVERS\SaiU0CCB.sys
    17:13:17.0441 0x1270 SaiU0CCB - ok
    17:13:17.0488 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
    17:13:17.0491 0x1270 SamSs - ok
    17:13:17.0533 0x1270 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    17:13:17.0541 0x1270 sbp2port - ok
    17:13:17.0583 0x1270 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:13:17.0628 0x1270 SCardSvr - ok
    17:13:17.0696 0x1270 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D, 64A07303E538A1EE439D4AAD0DEBBD6037219D37B884026701A06E59A729E9C9 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    17:13:17.0701 0x1270 SCDEmu - ok
    17:13:17.0751 0x1270 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:13:17.0753 0x1270 scfilter - ok
    17:13:17.0856 0x1270 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    17:13:17.0986 0x1270 Schedule - ok
    17:13:18.0068 0x1270 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:13:18.0073 0x1270 SCPolicySvc - ok
    17:13:18.0121 0x1270 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:13:18.0133 0x1270 SDRSVC - ok
    17:13:18.0511 0x1270 [ 7BBF467A0D1853B1A6796ABDC3A60F81, 28751E410F133878B5D2676AEECE02E5DEB6C6DB722F2B7D3E00042D232E03B8 ] Seagate Dashboard Services C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    17:13:18.0516 0x1270 Seagate Dashboard Services - ok
    17:13:20.0333 0x1270 [ 2C542FB84B26459D437B22A9BC63C14D, 7EF3444160218F0FE647FAA2826329B367BF7F33616DF0A4479C4EF5A9EB75E0 ] SeagateDashboardService C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    17:13:20.0333 0x1270 SeagateDashboardService - ok
    17:13:20.0681 0x1270 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    17:13:20.0683 0x1270 secdrv - ok
    17:13:20.0821 0x1270 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    17:13:21.0038 0x1270 seclogon - ok
    17:13:21.0621 0x1270 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
    17:13:21.0628 0x1270 SENS - ok
    17:13:24.0653 0x1270 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:13:24.0661 0x1270 SensrSvc - ok
    17:13:24.0946 0x1270 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    17:13:24.0956 0x1270 Serenum - ok
    17:13:24.0966 0x1270 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
    17:13:24.0973 0x1270 Serial - ok
    17:13:25.0026 0x1270 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    17:13:25.0028 0x1270 sermouse - ok
    17:13:25.0088 0x1270 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    17:13:25.0098 0x1270 SessionEnv - ok
    17:13:25.0153 0x1270 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    17:13:25.0156 0x1270 sffdisk - ok
    17:13:25.0196 0x1270 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    17:13:25.0198 0x1270 sffp_mmc - ok
    17:13:25.0223 0x1270 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    17:13:25.0226 0x1270 sffp_sd - ok
  6. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    PART 3:
    17:13:25.0271 0x1270 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    17:13:25.0276 0x1270 sfloppy - ok
    17:13:25.0363 0x1270 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    17:13:25.0396 0x1270 SharedAccess - ok
    17:13:25.0466 0x1270 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    17:13:25.0498 0x1270 ShellHWDetection - ok
    17:13:25.0536 0x1270 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:13:25.0538 0x1270 SiSRaid2 - ok
    17:13:25.0556 0x1270 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    17:13:25.0561 0x1270 SiSRaid4 - ok
    17:13:25.0663 0x1270 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:13:25.0671 0x1270 SkypeUpdate - ok
    17:13:25.0681 0x1270 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    17:13:25.0686 0x1270 Smb - ok
    17:13:26.0133 0x1270 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    17:13:26.0138 0x1270 SNMPTRAP - ok
    17:13:26.0243 0x1270 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    17:13:26.0246 0x1270 spldr - ok
    17:13:26.0316 0x1270 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
    17:13:26.0371 0x1270 Spooler - ok
    17:13:27.0326 0x1270 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
    17:13:27.0571 0x1270 sppsvc - ok
    17:13:27.0616 0x1270 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    17:13:27.0626 0x1270 sppuinotify - ok
    17:13:27.0691 0x1270 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
    17:13:27.0736 0x1270 srv - ok
    17:13:27.0768 0x1270 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    17:13:27.0801 0x1270 srv2 - ok
    17:13:27.0818 0x1270 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    17:13:27.0826 0x1270 srvnet - ok
    17:13:27.0853 0x1270 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    17:13:27.0868 0x1270 SSDPSRV - ok
    17:13:27.0913 0x1270 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    17:13:27.0921 0x1270 SstpSvc - ok
    17:13:28.0001 0x1270 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    17:13:28.0003 0x1270 stexstor - ok
    17:13:28.0128 0x1270 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
    17:13:28.0178 0x1270 stisvc - ok
    17:13:29.0623 0x1270 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
    17:13:29.0638 0x1270 swenum - ok
    17:13:29.0783 0x1270 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    17:13:29.0853 0x1270 swprv - ok
    17:13:29.0933 0x1270 [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    17:13:29.0971 0x1270 SynTP - ok
    17:13:30.0116 0x1270 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
    17:13:30.0246 0x1270 SysMain - ok
    17:13:30.0286 0x1270 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    17:13:30.0296 0x1270 TabletInputService - ok
    17:13:30.0329 0x1270 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
    17:13:30.0366 0x1270 TapiSrv - ok
    17:13:30.0434 0x1270 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    17:13:30.0441 0x1270 TBS - ok
    17:13:30.0604 0x1270 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    17:13:30.0766 0x1270 Tcpip - ok
    17:13:30.0951 0x1270 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    17:13:31.0106 0x1270 TCPIP6 - ok
    17:13:31.0204 0x1270 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    17:13:31.0209 0x1270 tcpipreg - ok
    17:13:31.0254 0x1270 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    17:13:31.0256 0x1270 TDPIPE - ok
    17:13:31.0396 0x1270 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    17:13:31.0401 0x1270 TDTCP - ok
    17:13:31.0521 0x1270 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    17:13:31.0526 0x1270 tdx - ok
    17:13:31.0596 0x1270 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
    17:13:31.0601 0x1270 TermDD - ok
    17:13:32.0119 0x1270 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
    17:13:32.0156 0x1270 TermService - ok
    17:13:32.0211 0x1270 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    17:13:32.0219 0x1270 Themes - ok
    17:13:32.0296 0x1270 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    17:13:32.0304 0x1270 THREADORDER - ok
    17:13:32.0334 0x1270 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    17:13:32.0344 0x1270 TrkWks - ok
    17:13:32.0511 0x1270 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    17:13:32.0546 0x1270 TrustedInstaller - ok
    17:13:32.0596 0x1270 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:13:32.0599 0x1270 tssecsrv - ok
    17:13:32.0656 0x1270 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    17:13:32.0661 0x1270 TsUsbFlt - ok
    17:13:32.0751 0x1270 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    17:13:32.0759 0x1270 tunnel - ok
    17:13:32.0916 0x1270 [ 711561440FDC396CB6E4C69C13375A38, 42489100F9E0CCED6CC3C7A6CCE6FDF4EF31A773D7D39A24F06DB2DCBAAA1E87 ] tvnserver C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
    17:13:32.0994 0x1270 tvnserver - ok
    17:13:33.0096 0x1270 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    17:13:33.0099 0x1270 uagp35 - ok
    17:13:34.0104 0x1270 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
    17:13:34.0106 0x1270 UBHelper - ok
    17:13:34.0384 0x1270 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    17:13:34.0396 0x1270 udfs - ok
    17:13:34.0506 0x1270 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    17:13:34.0514 0x1270 UI0Detect - ok
    17:13:34.0659 0x1270 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    17:13:34.0664 0x1270 uliagpkx - ok
    17:13:34.0744 0x1270 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
    17:13:34.0749 0x1270 umbus - ok
    17:13:34.0834 0x1270 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    17:13:34.0836 0x1270 UmPass - ok
    17:13:35.0784 0x1270 [ 765F2DD351BA064F657751D8D75E58C0, 954834FF6F05E065C2BE6CEC22136A0399026BFF9D91BE859E8E047C3ED8267F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    17:13:35.0941 0x1270 UNS - ok
    17:13:37.0751 0x1270 [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    17:13:37.0791 0x1270 Updater Service - ok
    17:13:38.0151 0x1270 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    17:13:38.0184 0x1270 upnphost - ok
    17:13:38.0391 0x1270 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    17:13:38.0394 0x1270 USBAAPL64 - ok
    17:13:38.0479 0x1270 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    17:13:38.0486 0x1270 usbccgp - ok
    17:13:38.0641 0x1270 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
    17:13:38.0649 0x1270 usbcir - ok
    17:13:38.0691 0x1270 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
    17:13:38.0696 0x1270 usbehci - ok
    17:13:38.0846 0x1270 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    17:13:38.0924 0x1270 usbhub - ok
    17:13:38.0971 0x1270 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
    17:13:38.0974 0x1270 usbohci - ok
    17:13:39.0034 0x1270 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    17:13:39.0036 0x1270 usbprint - ok
    17:13:39.0104 0x1270 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    17:13:39.0109 0x1270 usbscan - ok
    17:13:39.0176 0x1270 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:13:39.0181 0x1270 USBSTOR - ok
    17:13:39.0344 0x1270 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    17:13:39.0349 0x1270 usbuhci - ok
    17:13:39.0681 0x1270 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    17:13:39.0691 0x1270 usbvideo - ok
    17:13:39.0759 0x1270 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    17:13:39.0766 0x1270 UxSms - ok
    17:13:39.0786 0x1270 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
    17:13:39.0791 0x1270 VaultSvc - ok
    17:13:39.0839 0x1270 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    17:13:39.0841 0x1270 vdrvroot - ok
    17:13:40.0024 0x1270 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
    17:13:40.0126 0x1270 vds - ok
    17:13:40.0201 0x1270 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    17:13:40.0204 0x1270 vga - ok
    17:13:40.0224 0x1270 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    17:13:40.0229 0x1270 VgaSave - ok
    17:13:40.0344 0x1270 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    17:13:40.0354 0x1270 vhdmp - ok
    17:13:40.0451 0x1270 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    17:13:40.0481 0x1270 viaide - ok
    17:13:40.0601 0x1270 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    17:13:40.0606 0x1270 volmgr - ok
    17:13:40.0719 0x1270 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    17:13:40.0749 0x1270 volmgrx - ok
    17:13:40.0864 0x1270 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
    17:13:40.0879 0x1270 volsnap - ok
    17:13:40.0949 0x1270 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    17:13:40.0959 0x1270 vsmraid - ok
    17:13:41.0256 0x1270 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
    17:13:42.0491 0x1270 VSS - ok
    17:13:42.0959 0x1270 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    17:13:43.0004 0x1270 vwifibus - ok
    17:13:43.0044 0x1270 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    17:13:43.0049 0x1270 vwififlt - ok
    17:13:43.0086 0x1270 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    17:13:43.0089 0x1270 vwifimp - ok
    17:13:43.0139 0x1270 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    17:13:43.0261 0x1270 W32Time - ok
    17:13:43.0366 0x1270 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    17:13:43.0369 0x1270 WacomPen - ok
    17:13:43.0459 0x1270 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    17:13:43.0466 0x1270 WANARP - ok
    17:13:43.0519 0x1270 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    17:13:43.0524 0x1270 Wanarpv6 - ok
    17:13:44.0266 0x1270 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    17:13:44.0316 0x1270 WatAdminSvc - ok
    17:13:44.0911 0x1270 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
    17:13:45.0046 0x1270 wbengine - ok
    17:13:46.0309 0x1270 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    17:13:46.0321 0x1270 WbioSrvc - ok
    17:13:46.0569 0x1270 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    17:13:46.0634 0x1270 wcncsvc - ok
    17:13:46.0749 0x1270 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    17:13:46.0756 0x1270 WcsPlugInService - ok
    17:13:46.0844 0x1270 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
    17:13:46.0846 0x1270 Wd - ok
    17:13:47.0096 0x1270 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    17:13:47.0151 0x1270 Wdf01000 - ok
    17:13:48.0791 0x1270 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
    17:13:48.0801 0x1270 WdiServiceHost - ok
    17:13:48.0861 0x1270 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
    17:13:48.0871 0x1270 WdiSystemHost - ok
    17:13:48.0941 0x1270 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
    17:13:48.0964 0x1270 WebClient - ok
    17:13:49.0894 0x1270 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    17:13:49.0916 0x1270 Wecsvc - ok
    17:13:50.0074 0x1270 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    17:13:50.0081 0x1270 wercplsupport - ok
    17:13:50.0199 0x1270 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    17:13:50.0209 0x1270 WerSvc - ok
    17:13:50.0256 0x1270 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    17:13:50.0259 0x1270 WfpLwf - ok
    17:13:50.0284 0x1270 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    17:13:50.0286 0x1270 WIMMount - ok
    17:13:50.0329 0x1270 WinDefend - ok
    17:13:50.0349 0x1270 WinHttpAutoProxySvc - ok
    17:13:50.0469 0x1270 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    17:13:50.0481 0x1270 Winmgmt - ok
    17:13:50.0699 0x1270 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
    17:13:50.0844 0x1270 WinRM - ok
    17:13:50.0934 0x1270 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    17:13:50.0936 0x1270 WinUsb - ok
    17:13:51.0021 0x1270 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    17:13:51.0149 0x1270 Wlansvc - ok
    17:13:51.0379 0x1270 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:13:51.0531 0x1270 wlidsvc - ok
    17:13:51.0604 0x1270 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    17:13:51.0606 0x1270 WmiAcpi - ok
    17:13:51.0659 0x1270 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    17:13:51.0694 0x1270 wmiApSrv - ok
    17:13:51.0754 0x1270 WMPNetworkSvc - ok
    17:13:51.0791 0x1270 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    17:13:51.0799 0x1270 WPCSvc - ok
    17:13:51.0849 0x1270 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    17:13:51.0859 0x1270 WPDBusEnum - ok
    17:13:51.0899 0x1270 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    17:13:51.0901 0x1270 ws2ifsl - ok
    17:13:51.0919 0x1270 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
    17:13:51.0929 0x1270 wscsvc - ok
    17:13:51.0936 0x1270 WSearch - ok
    17:13:52.0109 0x1270 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
    17:13:52.0254 0x1270 wuauserv - ok
    17:13:52.0454 0x1270 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    17:13:52.0459 0x1270 WudfPf - ok
    17:13:52.0521 0x1270 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:13:52.0531 0x1270 WUDFRd - ok
    17:13:52.0581 0x1270 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    17:13:52.0591 0x1270 wudfsvc - ok
    17:13:52.0654 0x1270 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
    17:13:52.0674 0x1270 WwanSvc - ok
    17:13:52.0736 0x1270 ================ Scan global ===============================
    17:13:52.0759 0x1270 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    17:13:52.0816 0x1270 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    17:13:52.0846 0x1270 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    17:13:52.0906 0x1270 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    17:13:52.0964 0x1270 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    17:13:52.0999 0x1270 [ Global ] - ok
    17:13:52.0999 0x1270 ================ Scan MBR ==================================
    17:13:53.0031 0x1270 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    17:13:54.0841 0x1270 \Device\Harddisk0\DR0 - ok
    17:13:54.0841 0x1270 ================ Scan VBR ==================================
    17:13:54.0844 0x1270 [ 0B1B44D3E7AF6F9C1B593E290209C2AA ] \Device\Harddisk0\DR0\Partition1
    17:13:54.0846 0x1270 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
    17:13:54.0846 0x1270 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
    17:13:54.0864 0x1270 [ 9698EB8658729250205A705992DF4C26 ] \Device\Harddisk0\DR0\Partition2
    17:13:54.0866 0x1270 \Device\Harddisk0\DR0\Partition2 - ok
    17:13:56.0346 0x1270 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2018.391 ), 0x42000 ( disabled : updated )
    17:13:57.0899 0x1270 Win FW state via NFP2: enabled
    17:13:58.0031 0x1270 ============================================================
    17:13:58.0031 0x1270 Scan finished
    17:13:58.0031 0x1270 ============================================================
    17:13:58.0044 0x0bd8 Detected object count: 1
    17:13:58.0044 0x0bd8 Actual detected object count: 1
    17:14:07.0999 0x0bd8 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
    17:14:08.0004 0x0bd8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
    17:14:08.0034 0x0bd8 \Device\Harddisk0\DR0\Partition1 - ok
    17:14:08.0034 0x0bd8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
    17:14:08.0084 0x0bd8 KLMD registered as C:\Windows\system32\drivers\97244199.sys
    17:14:21.0922 0x0640 Deinitialize success

    Second log file:
    17:20:03.0136 0x1388 TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
    17:20:04.0259 0x1388 ============================================================
    17:20:04.0259 0x1388 Current date / time: 2014/05/05 17:20:04.0259
    17:20:04.0259 0x1388 SystemInfo:
    17:20:04.0259 0x1388
    17:20:04.0259 0x1388 OS Version: 6.1.7601 ServicePack: 1.0
    17:20:04.0259 0x1388 Product type: Workstation
    17:20:04.0259 0x1388 ComputerName: JENNY-PC
    17:20:04.0259 0x1388 UserName: Jenny
    17:20:04.0259 0x1388 Windows directory: C:\Windows
    17:20:04.0259 0x1388 System windows directory: C:\Windows
    17:20:04.0259 0x1388 Running under WOW64
    17:20:04.0259 0x1388 Processor architecture: Intel x64
    17:20:04.0259 0x1388 Number of processors: 4
    17:20:04.0259 0x1388 Page size: 0x1000
    17:20:04.0259 0x1388 Boot type: Normal boot
    17:20:04.0259 0x1388 ============================================================
    17:20:04.0259 0x1388 BG loaded
    17:20:04.0571 0x1388 System UUID: {87A93001-796D-D868-1EFB-6147D587424E}
    17:20:05.0913 0x1388 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:20:05.0944 0x1388 ============================================================
    17:20:05.0944 0x1388 \Device\Harddisk0\DR0:
    17:20:05.0944 0x1388 MBR partitions:
    17:20:05.0944 0x1388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
    17:20:05.0944 0x1388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0
    17:20:05.0944 0x1388 ============================================================
    17:20:06.0131 0x1388 C: <-> \Device\Harddisk0\DR0\Partition2
    17:20:06.0131 0x1388 ============================================================
    17:20:06.0131 0x1388 Initialize success
    17:20:06.0131 0x1388 ============================================================
  7. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Very good :)

    [​IMG] Re-run DDS and see if it'll produce the other log.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  8. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    I only see one log file in the mbar folder. No Cleanup button or reboot. Here are all the logs in batches again:

    dds.log:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.25.2
    Run by Jenny at 21:56:54 on 2014-05-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3764.1749 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Program Files (x86)\iSafe\iSafeSvc.exe
    C:\Program Files (x86)\iSafe\iSafeSvc2.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\iSafe\iSafeTray.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\EscSvc64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
    C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
    C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Windows\system32\prevhost.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = Preserve
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = about:blank
    mStart Page = about:blank
    mDefault_Page_URL = about:blank
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe,
    BHO: {0297a026-3011-46d3-ad62-bb9a7612aea7} - <orphaned>
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
    BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
    uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series" /EF "HKCU"
    uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2540 Series" /EF "HKCU"
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    uRun: [Ezvaxialermi] C:\Users\Jenny\AppData\Roaming\Oxakvia\folun.exe
    uRun: [Emmomo] C:\Users\Jenny\AppData\Roaming\Huakilxo\funyy.exe
    uRun: [Mifavyefxiubu] C:\Users\Jenny\AppData\Roaming\Ogcixaz\fyubho.exe
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [tvncontrol] "C:\Program Files (x86)\ShowMyPCService\tvnserver.exe" -controlservice -slave
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
    mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
    mRun: [Price Finder] C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe /check
    mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    TCP: NameServer = 68.116.46.115 24.205.192.61 24.205.224.36
    TCP: Interfaces\{CC19F90F-E0B6-4315-A739-13CADE16DC66} : DHCPNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
    TCP: Interfaces\{CC19F90F-E0B6-4315-A739-13CADE16DC66}\07275637A7C65627C61677 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{CC19F90F-E0B6-4315-A739-13CADE16DC66}\35343414 : DHCPNameServer = 68.87.69.146 68.87.69.146
    TCP: Interfaces\{CC19F90F-E0B6-4315-A739-13CADE16DC66}\358494D494A555 : DHCPNameServer = 68.87.69.150 68.87.85.102
    TCP: Interfaces\{CC19F90F-E0B6-4315-A739-13CADE16DC66}\4524C4E475 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{CC19F90F-E0B6-4315-A739-13CADE16DC66}\457486F6D656E65647 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{CC19F90F-E0B6-4315-A739-13CADE16DC66}\45D454358494D494A555 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{CC19F90F-E0B6-4315-A739-13CADE16DC66}\4646D2772747 : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = about:blank
    x64-mDefault_Page_URL = about:blank
    x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
    x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
    x64-BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
    x64-BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
    x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\jeriesnp.default-1386738701148\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
    FF - plugin: C:\Users\Jenny\AppData\Local\Citrix\Plugins\104\npappdetector.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-4 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-4 208416]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-5-4 1039096]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-5-4 423240]
    R1 iSafeKrnlKit;iSafeKrnl Kit Driver;C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [2014-5-3 66048]
    R1 iSafeNetFilter;iSafeNetFilter;C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [2014-5-3 48128]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-4 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-4 79184]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-5-4 85328]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-4 50344]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-2-6 844320]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
    R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-2-18 135824]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 iSafeService;iSafeService;C:\Program Files (x86)\iSafe\iSafeSvc.exe [2014-5-3 118056]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-4 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-4 857912]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-24 62720]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
    R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-10-18 16000]
    R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
    R2 tvnserver;TightVNC Server;C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [2010-7-8 815704]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-4 2320920]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-4 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-6 151936]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-6 244736]
    R3 iSafeKrnl;iSafeKrnl;C:\Program Files (x86)\iSafe\iSafeKrnl.sys [2014-5-3 232960]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-4 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-4 119512]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-4 63192]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 CouponXplorer_5zService;CouponXplorerService;C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe --> C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-22 40448]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-22 57856]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
    S3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2010-4-22 41096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
    S3 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-4 240160]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-27 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-05-06 00:14:07 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-05-05 14:41:45 95084 ----a-w- C:\Users\Jenny\AppData\Local\achfenbh.exe
    2014-05-05 02:31:55 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3CC1A175-4C9E-4C38-89CA-27963094E878}\offreg.dll
    2014-05-05 00:16:03 -------- d-----w- C:\Users\Jenny\AppData\Roaming\DropboxMaster
    2014-05-05 00:15:42 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-05-05 00:14:29 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-05-05 00:14:29 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-05-05 00:14:29 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-05-05 00:14:29 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-05-05 00:14:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-05 00:13:00 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Dropbox
    2014-05-05 00:08:07 -------- d-----w- C:\Users\Jenny\AppData\Roaming\AVAST Software
    2014-05-05 00:05:12 85328 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-05-05 00:05:12 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-05-05 00:05:12 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-05-05 00:05:12 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-05-05 00:05:09 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-05-05 00:05:09 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-05-05 00:05:09 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-05-05 00:04:50 43152 ----a-w- C:\Windows\avastSS.scr
    2014-05-04 23:53:35 -------- d-----w- C:\Program Files\AVAST Software
    2014-05-04 23:50:22 -------- d-----w- C:\ProgramData\AVAST Software
    2014-05-04 22:19:48 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Veitunm
    2014-05-04 21:23:48 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Lehezao
    2014-05-04 13:49:07 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Alezda
    2014-05-04 12:05:14 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Huakilxo
    2014-05-04 06:32:44 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Uxzoih
    2014-05-04 06:15:22 -------- d-----w- C:\Users\Jenny\AppData\Roaming\eCyber
    2014-05-04 06:14:10 43520 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
    2014-05-04 06:14:09 -------- d-----w- C:\Windows\System32\log
    2014-05-04 06:13:35 -------- d-----w- C:\Program Files (x86)\iSafe
    2014-05-04 06:13:29 -------- d-----w- C:\Users\Jenny\AppData\Roaming\iSafe
    2014-05-04 03:56:57 -------- d-----w- C:\Windows\ERUNT
    2014-05-04 03:35:29 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-05-04 03:26:32 -------- d-----w- C:\AdwCleaner
    2014-05-04 02:38:06 -------- d-----w- C:\Program Files\CCleaner
    2014-05-04 02:37:56 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Ogcixaz
    2014-05-03 21:41:33 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Mixauq
    2014-05-03 17:47:02 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Wiasno
    2014-05-03 15:15:41 -------- d-----w- C:\Users\Jenny\AppData\Roaming\Oxakvia
    2014-05-02 16:58:52 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3CC1A175-4C9E-4C38-89CA-27963094E878}\mpengine.dll
    2014-04-30 10:01:49 -------- d-s---w- C:\Windows\System32\CompatTel
    2014-04-30 00:06:26 465408 ----a-w- C:\Windows\System32\aepdu.dll
    2014-04-30 00:06:26 424448 ----a-w- C:\Windows\System32\aeinv.dll
    .
    ==================== Find3M ====================
    .
    2014-04-29 09:52:21 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-04-29 09:52:21 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-31 16:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
    2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 22:00:47.43 ===============

    attach log:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/10/2010 3:39:26 AM
    System Uptime: 5/5/2014 5:15:17 PM (5 hours ago)
    .
    Motherboard: Acer | | Aspire 5740
    Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU 1 | 2133/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 51.075 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP497: 5/3/2014 4:29:24 PM - Windows Defender Checkpoint
    RP498: 5/4/2014 11:59:01 AM - Removed League of Legends
    RP499: 5/4/2014 4:50:59 PM - avast! antivirus system restore point
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ABBYY FineReader 9.0 Sprint
    Acer Arcade Deluxe
    Acer Assist
    Acer Backup Manager
    Acer Crystal Eye webcam Ver:1.1.124.1120
    Acer ePower Management
    Acer eRecovery Management
    Acer Games
    Acer GridVista
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 13 Plugin
    Adobe Reader XI (11.0.06)
    Alcor Micro USB Card Reader
    Amazon MP3 Downloader 1.0.12
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audible Download Manager
    avast! Free Antivirus
    Backup Manager Basic
    Bing Bar
    Bonjour
    Broadcom Gigabit NetLink Controller
    CCleaner
    Citrix Online Launcher
    Compatibility Pack for the 2007 Office system
    Cook'n
    Cook'n Recipe Browser
    Coupon Printer for Windows
    CouponBar
    D3DX10
    Dropbox
    eBay Worldwide
    emWave PC
    Epson Connect Printer Setup
    EPSON Connect version 1.0
    Epson Customer Participation
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WF-2540 Series Printer Uninstall
    EpsonNet Print
    eSobi v2
    Finale NotePad 2012
    Freedom
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google+ Auto Backup
    GoToMeeting 6.2.0.1350
    iCloud
    Identity Card
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel® Matrix Storage Manager
    iTunes
    Java 7 Update 25
    Java 7 Update 9 (64-bit)
    Java Auto Updater
    Junk Mail filter update
    KODAK Share Button App
    Launch Manager
    Living Cookbook 2011
    LTCM Client
    Malwarebytes Anti-Malware version 2.0.1.1004
    McAfee Security Scan Plus
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Works
    MobileMe Control Panel
    Movie Maker
    Mozilla Firefox 28.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MyWinLocker
    Norton Online Backup
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    Pando Media Booster
    Photo Common
    Photo Gallery
    Picasa 3
    PowerISO
    QuickBooks
    QuickBooks Pro 2010
    QuickTime
    Realtek High Definition Audio Driver
    Safari
    Seagate Dashboard
    Seagate Dashboard 2.0
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
    Skype Click to Call
    Skype™ 6.14
    Software Updater
    Synaptics Pointing Device Driver
    Times Reader
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Welcome Center
    Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yet Another Cleaner!
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/5/2014 5:18:19 PM, Error: Service Control Manager [7000] - The CouponXplorerService service failed to start due to the following error: The system cannot find the file specified.
    5/4/2014 7:56:39 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    5/4/2014 7:56:37 PM, Error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    5/4/2014 7:52:30 PM, Error: Service Control Manager [7023] - The Epson Scanner Service service terminated with the following error: %%-2147467243
    5/4/2014 7:22:22 AM, Error: Service Control Manager [7034] - The iSafeService service terminated unexpectedly. It has done this 1 time(s).
    5/4/2014 5:03:57 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    5/4/2014 5:03:57 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/4/2014 4:55:10 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    5/4/2014 4:48:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    5/4/2014 4:48:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/4/2014 4:48:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    5/4/2014 4:48:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    5/4/2014 4:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/4/2014 4:48:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    5/4/2014 4:47:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache iSafeNetFilter mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The Epson Scanner Service service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: The dependency service or group failed to start.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2014 4:47:32 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2014 4:33:15 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    5/4/2014 2:46:07 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    5/4/2014 2:23:33 PM, Error: Service Control Manager [7022] - The Intel(R) Management & Security Application User Notification Service service hung on starting.
    5/3/2014 7:26:50 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
    5/3/2014 7:25:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    5/3/2014 7:22:05 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
    5/3/2014 7:06:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
    5/3/2014 2:54:22 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    5/3/2014 11:17:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    5/3/2014 11:02:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    5/3/2014 11:02:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    5/3/2014 11:01:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    5/3/2014 11:01:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk SCDEmu spldr Wanarpv6
    .
    ==== End Of File ===========================

    RKreport:
    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jenny [Admin rights]
    Mode : Remove -- Date : 05/05/2014 22:09:00
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Ezvaxialermi (C:\Users\Jenny\AppData\Roaming\Oxakvia\folun.exe [x]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : Emmomo (C:\Users\Jenny\AppData\Roaming\Huakilxo\funyy.exe [x]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : Mifavyefxiubu (C:\Users\Jenny\AppData\Roaming\Ogcixaz\fyubho.exe [x]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-3629618385-350920163-1134759032-1000\[...]\Run : Ezvaxialermi (C:\Users\Jenny\AppData\Roaming\Oxakvia\folun.exe [x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-3629618385-350920163-1134759032-1000\[...]\Run : Emmomo (C:\Users\Jenny\AppData\Roaming\Huakilxo\funyy.exe [x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-3629618385-350920163-1134759032-1000\[...]\Run : Mifavyefxiubu (C:\Users\Jenny\AppData\Roaming\Ogcixaz\fyubho.exe [x]) -> [0x2] The system cannot find the file specified.
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] Jenny1 : C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe - "C:\Users\Jenny\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Jenny1.nji" [7][-] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-22A23T0 +++++
    --- User ---
    [MBR] 5fafd77103b092997ca0237886565dc6
    [BSP] 981b49da436a2d1d6807fba0003b1c5c : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 MB
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 MB
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 292143 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_05052014_220900.txt >>
    RKreport[0]_S_05052014_220824.txt
  9. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    Mbar system_log:
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16736

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.128000 GHz
    Memory total: 3947364352, free: 1705050112

    Downloaded database version: v2014.05.06.03
    Downloaded database version: v2014.03.27.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    05/06/2014 03:19:49
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\97244199.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\System32\Drivers\SCDEmu.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
    \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Impcd.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\agrsm64.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\NuidFltr.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files (x86)\iSafe\iSafeKrnl.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004bf1060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800493c050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004bf1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004a76960, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004bf1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800493c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 90E590E5

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 26624000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 26626048 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 26830848 Numsec = 598309552

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
  10. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    Now that I go back and look, it doesn't look like the mbar scan finished. I was fooled by the Done! message and I didn't see anything happening. Now the scan is running again. I repost the mbar logs when it is done.
  11. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    Here are the mbar log files after Cleanup and reboot:

    system_log:
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16736

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.128000 GHz
    Memory total: 3947364352, free: 1705050112

    Downloaded database version: v2014.05.06.03
    Downloaded database version: v2014.03.27.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    05/06/2014 03:19:49
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\97244199.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\System32\Drivers\SCDEmu.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
    \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Impcd.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\agrsm64.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\NuidFltr.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files (x86)\iSafe\iSafeKrnl.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004bf1060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800493c050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004bf1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004a76960, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004bf1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800493c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 90E590E5

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 26624000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 26626048 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 26830848 Numsec = 598309552

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Infected: C:\Users\Jenny\AppData\Local\Temp\UpdateFlashPlayer_57bd6d67.exe --> [Spyware.Zbot.ED]
    Infected: C:\Users\Jenny\AppData\Local\Temp\UpdateFlashPlayer_13426b43.exe --> [Spyware.Zbot.ED]
    Infected: C:\Users\Jenny\AppData\Local\achfenbh.exe --> [Spyware.Zbot.ED]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-26626048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished

    mbar log:
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.05.06.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16736
    Jenny :: JENNY-PC [administrator]

    5/6/2014 3:19:55 AM
    mbar-log-2014-05-06 (03-19-55).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 280814
    Time elapsed: 1 hour(s), 1 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Jenny\AppData\Local\Temp\UpdateFlashPlayer_57bd6d67.exe (Spyware.Zbot.ED) -> Delete on reboot.
    C:\Users\Jenny\AppData\Local\Temp\UpdateFlashPlayer_13426b43.exe (Spyware.Zbot.ED) -> Delete on reboot.
    C:\Users\Jenny\AppData\Local\achfenbh.exe (Spyware.Zbot.ED) -> Delete on reboot.

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    Last edited: May 6, 2014
     
  12. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Please re-run MBAR one more time.
  13. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    Congratulations, no cleanup is required!
    Scan finished: No malware found!

    What do recommend continue running for protection? Right now I have Avast!, YAC, Malwarebytes Anti-Malware, and CCleaner (installed not running). Probably overkill?
  14. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    We're not done yet :)
    By YAC do you mean Yet Another PC Cleaner?
    If so uninstall it.
    The others are fine.

    [​IMG]
    Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  15. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    YAC is Yet Another PC Cleaner and it is gone.

    I will be gone for a couple days, so it will be Friday before I can perform the next steps.

    Here is the ComboFix log:
    ComboFix 14-05-07.03 - Jenny 05/07/2014 6:58.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3764.2324 [GMT -7:00]
    Running from: c:\users\Jenny\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jenny\AppData\Local\Temp\_@8010.tmp
    c:\users\Jenny\AppData\Local\Temp\_@8036.tmp
    c:\users\Jenny\Documents\~WRL0371.tmp
    c:\users\Jenny\Documents\~WRL0804.tmp
    c:\users\Jenny\Documents\~WRL0877.tmp
    c:\users\Jenny\Documents\~WRL1203.tmp
    c:\users\Jenny\Documents\~WRL1225.tmp
    c:\users\Jenny\Documents\~WRL1290.tmp
    c:\users\Jenny\Documents\~WRL1689.tmp
    c:\users\Jenny\Documents\~WRL3704.tmp
    c:\users\Jenny\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-04-07 to 2014-05-07 )))))))))))))))))))))))))))))))
    .
    .
    2014-05-07 14:11 . 2014-05-07 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-05-07 04:38 . 2014-05-07 04:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A88AE75-5EDB-48D2-8035-C3CE988E574D}\offreg.dll
    2014-05-06 10:25 . 2014-04-17 12:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A88AE75-5EDB-48D2-8035-C3CE988E574D}\mpengine.dll
    2014-05-06 10:19 . 2014-05-07 03:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-05-06 00:14 . 2014-05-06 00:14 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-05-05 00:15 . 2014-05-06 11:37 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-05 00:14 . 2014-05-07 02:04 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-05 00:14 . 2014-05-05 00:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-05-05 00:14 . 2014-05-05 00:14 -------- d-----w- c:\programdata\Malwarebytes
    2014-05-05 00:14 . 2014-04-03 16:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-05 00:14 . 2014-04-03 16:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-05-05 00:13 . 2014-05-05 00:16 -------- d-----w- c:\users\Jenny\AppData\Roaming\Dropbox
    2014-05-05 00:08 . 2014-05-05 00:08 -------- d-----w- c:\users\Jenny\AppData\Roaming\AVAST Software
    2014-05-05 00:05 . 2014-05-05 00:04 85328 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-05-05 00:05 . 2014-05-05 00:04 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-05-05 00:05 . 2014-05-05 00:04 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-05-05 00:05 . 2014-05-05 00:04 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-05-05 00:05 . 2014-05-05 00:04 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-05-05 00:05 . 2014-05-05 00:04 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-05-05 00:05 . 2014-05-05 00:04 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-05 00:05 . 2014-05-05 00:04 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-05-05 00:05 . 2014-05-05 00:04 334648 ----a-w- c:\windows\system32\aswBoot.exe
    2014-05-05 00:04 . 2014-05-05 00:04 43152 ----a-w- c:\windows\avastSS.scr
    2014-05-04 23:53 . 2014-05-04 23:53 -------- d-----w- c:\program files\AVAST Software
    2014-05-04 23:50 . 2014-05-04 23:50 -------- d-----w- c:\programdata\AVAST Software
    2014-05-04 22:19 . 2014-05-05 01:01 -------- d-----w- c:\users\Jenny\AppData\Roaming\Veitunm
    2014-05-04 21:23 . 2014-05-05 01:01 -------- d-----w- c:\users\Jenny\AppData\Roaming\Lehezao
    2014-05-04 13:49 . 2014-05-05 01:01 -------- d-----w- c:\users\Jenny\AppData\Roaming\Alezda
    2014-05-04 12:05 . 2014-05-05 00:22 -------- d-----w- c:\users\Jenny\AppData\Roaming\Huakilxo
    2014-05-04 06:32 . 2014-05-05 01:01 -------- d-----w- c:\users\Jenny\AppData\Roaming\Uxzoih
    2014-05-04 06:15 . 2014-05-04 06:15 -------- d-----w- c:\users\Jenny\AppData\Roaming\eCyber
    2014-05-04 06:14 . 2014-04-23 10:19 43520 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
    2014-05-04 06:14 . 2014-05-04 06:14 -------- d-----w- c:\windows\system32\log
    2014-05-04 06:13 . 2014-05-07 04:39 -------- d-----w- c:\users\Jenny\AppData\Roaming\iSafe
    2014-05-04 03:56 . 2014-05-04 03:56 -------- d-----w- c:\windows\ERUNT
    2014-05-04 03:35 . 2010-08-30 15:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-05-04 03:26 . 2014-05-04 03:37 -------- d-----w- C:\AdwCleaner
    2014-05-04 02:38 . 2014-05-04 02:38 -------- d-----w- c:\program files\CCleaner
    2014-05-04 02:37 . 2014-05-05 01:01 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ogcixaz
    2014-05-03 21:41 . 2014-05-05 01:01 -------- d-----w- c:\users\Jenny\AppData\Roaming\Mixauq
    2014-05-03 17:47 . 2014-05-05 01:01 -------- d-----w- c:\users\Jenny\AppData\Roaming\Wiasno
    2014-05-03 15:15 . 2014-05-05 00:17 -------- d-----w- c:\users\Jenny\AppData\Roaming\Oxakvia
    2014-04-30 10:01 . 2014-04-30 10:01 -------- d-s---w- c:\windows\system32\CompatTel
    2014-04-30 00:06 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
    2014-04-30 00:06 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-04-29 09:52 . 2012-10-23 00:56 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-04-29 09:52 . 2012-03-17 17:59 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-04-09 10:03 . 2013-01-22 06:51 90655440 ----a-w- c:\windows\system32\MRT.exe
    2014-03-31 16:35 . 2010-08-10 23:10 270496 ------w- c:\windows\system32\MpSigStub.exe
    2014-03-04 09:17 . 2014-04-09 04:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2014-02-07 01:23 . 2014-03-12 11:58 3156480 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-02-23 01:05 222712 ----a-w- c:\users\Jenny\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-02-23 01:05 222712 ----a-w- c:\users\Jenny\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-02-23 01:05 222712 ----a-w- c:\users\Jenny\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-20 3077528]
    "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-10-11 394752]
    "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE" [2013-02-18 283232]
    "EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE" [2013-02-18 283232]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
    "Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2013-10-19 122984]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
    "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
    "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
    "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "tvncontrol"="c:\program files (x86)\ShowMyPCService\tvnserver.exe" [2010-07-08 815704]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-16 80448]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-03-01 502912]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-03-01 863360]
    "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
    "DBAgent"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2013-10-19 1517128]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-05 3873704]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2009-12-17 1795488]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-8-6 1154848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 CouponXplorer_5zService;CouponXplorerService;c:\progra~2\COUPON~2\bar\1.bin\5zbarsvc.exe;c:\progra~2\COUPON~2\bar\1.bin\5zbarsvc.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
    R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CCB.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
    S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
    S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
    S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
    S2 tvnserver;TightVNC Server;c:\program files (x86)\ShowMyPCService\tvnserver.exe;c:\program files (x86)\ShowMyPCService\tvnserver.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMWEBACCESSCONTROL
    *Deregistered* - iSafeKrnlKit
    *Deregistered* - iSafeNetFilter
    *Deregistered* - MBAMWebAccessControl
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-11-15 02:01 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-23 09:52]
    .
    2014-05-07 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3629618385-350920163-1134759032-1000.job
    - c:\users\Jenny\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-29 18:02]
    .
    2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 23:15]
    .
    2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 23:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-02-23 01:05 261624 ----a-w- c:\users\Jenny\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-02-23 01:05 261624 ----a-w- c:\users\Jenny\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-02-23 01:05 261624 ----a-w- c:\users\Jenny\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-05 00:04 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 2327952]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
    FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\jeriesnp.default-1386738701148\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:blank
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{0297a026-3011-46d3-ad62-bb9a7612aea7} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-Price Finder - c:\program files (x86)\Price Finder\PriceFinderHelper.exe
    SafeBoot-13590742.sys
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-05-07 07:15:33
    ComboFix-quarantined-files.txt 2014-05-07 14:15
    .
    Pre-Run: 54,894,063,616 bytes free
    Post-Run: 54,507,663,360 bytes free
    .
    - - End Of File - - 312F1C347AB0E70CC33EB70252771A7F
    5C616939100B85E558DA92B899A0FC36
  16. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    AdwCleaner log:
    # AdwCleaner v3.207 - Report created 10/05/2014 at 04:39:20
    # Updated 05/05/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Jenny - JENNY-PC
    # Running from : C:\Users\Jenny\Desktop\adwcleaner(1).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Jenny\AppData\Roaming\eCyber
    Folder Deleted : C:\Users\Jenny\AppData\Roaming\iSafe

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\V9
    Key Deleted : HKLM\Software\iSafe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\0za8osxd.default\prefs.js ]


    [ File : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\jeriesnp.default-1386738701148\prefs.js ]


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [25302 octets] - [03/05/2014 20:26:40]
    AdwCleaner[R1].txt - [1340 octets] - [10/05/2014 04:37:46]
    AdwCleaner[S0].txt - [24623 octets] - [03/05/2014 20:36:00]
    AdwCleaner[S1].txt - [1233 octets] - [10/05/2014 04:39:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1293 octets] ##########

    JRT log:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Jenny on Sat 05/10/2014 at 4:50:10.54
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons.com couponbar"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\Jenny\AppData\Roaming\mozilla\firefox\profiles\0za8osxd.default\extensions\4zffxtbr@videodownloadconverter_4z.com
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d}
    Emptied folder: C:\Users\Jenny\AppData\Roaming\mozilla\firefox\profiles\jeriesnp.default-1386738701148\minidumps [90 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 05/10/2014 at 5:05:57.93
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  18. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    OTL.Txt log - Part 1:
    OTL logfile created on: 5/10/2014 5:32:51 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jenny\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    3.68 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 63.40% Memory free
    7.35 Gb Paging File | 5.67 Gb Available in Paging File | 77.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 285.30 Gb Total Space | 51.76 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
    Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014/05/10 05:31:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
    PRC - [2014/05/04 17:04:48 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/05/04 17:04:48 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
    PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/10/18 23:40:24 | 000,122,984 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    PRC - [2013/10/18 23:36:28 | 000,016,000 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    PRC - [2013/10/18 23:36:14 | 001,517,128 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    PRC - [2012/10/11 15:15:04 | 000,108,544 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    PRC - [2012/02/29 17:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
    PRC - [2011/08/19 17:22:08 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    PRC - [2011/06/01 16:06:40 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    PRC - [2011/06/01 16:06:40 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    PRC - [2011/06/01 09:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    PRC - [2010/12/15 18:03:02 | 000,080,448 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
    PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/08/06 13:51:04 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
    PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/12/17 13:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    PRC - [2009/11/12 20:29:08 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    PRC - [2009/11/01 16:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2009/10/29 04:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/09/24 16:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2009/09/24 16:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2009/09/10 22:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    PRC - [2009/08/04 14:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    ========== Modules (No Company Name) ==========
    MOD - [2014/05/04 17:04:49 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/02/26 09:15:48 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
    MOD - [2014/02/26 09:15:47 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
    MOD - [2014/02/26 09:15:38 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
    MOD - [2014/02/26 09:15:35 | 001,947,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\a627e2bfb55b5f583da237b214097f34\Microsoft.VisualBasic.ni.dll
    MOD - [2014/02/26 09:15:30 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
    MOD - [2014/02/26 09:15:29 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
    MOD - [2014/02/26 09:15:23 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
    MOD - [2014/02/26 09:15:21 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
    MOD - [2014/02/26 09:15:14 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
    MOD - [2014/02/16 14:28:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
    MOD - [2014/02/16 14:28:28 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
    MOD - [2014/02/16 14:28:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
    MOD - [2014/02/16 14:26:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
    MOD - [2014/02/16 14:26:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
    MOD - [2014/02/16 14:26:34 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
    MOD - [2014/02/16 14:25:48 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
    MOD - [2014/02/16 14:25:44 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
    MOD - [2014/02/16 14:25:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
    MOD - [2014/02/16 14:25:23 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/08/19 17:22:08 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    MOD - [2011/06/01 16:11:18 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
    MOD - [2011/06/01 16:06:34 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
    MOD - [2011/06/01 09:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
    MOD - [2011/06/01 09:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
    MOD - [2009/02/02 18:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
    ========== Services (SafeList) ==========
    SRV:64bit: - [2014/05/04 17:04:48 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2012/05/10 15:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
    SRV:64bit: - [2011/12/12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
    SRV:64bit: - [2009/09/30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/03/27 19:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV - [2014/04/29 02:52:21 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/03/19 00:23:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
    SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/18 23:36:28 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2011/06/01 16:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
    SRV - [2010/08/06 13:51:04 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe -- (tvnserver)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/09/24 16:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2009/09/10 22:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
    SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
    ========== Driver Services (SafeList) ==========
    DRV:64bit: - [2014/05/04 17:04:51 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2014/05/04 17:04:51 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2014/05/04 17:04:51 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2014/05/04 17:04:51 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2014/05/04 17:04:51 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
    DRV:64bit: - [2014/05/04 17:04:51 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2014/05/04 17:04:51 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2014/05/04 17:04:51 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
    DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/28 22:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2010/04/22 07:22:50 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB)
    DRV:64bit: - [2010/04/12 01:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/10/30 07:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/10/26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/13 12:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/08/06 05:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2009/07/22 15:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 19:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
    DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
    IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7ACAW_enUS392US394
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\..\SearchScopes\5071260C6A91492785EB118AAC06940E: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7ACAW_enUS392US394
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\..\SearchScopes\C0AC86A7BA014EA9931BF490A72C181E: "URL" = http://www.bing.com/search?FORM=UP06DF&PC=UP06&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    ========== FireFox ==========
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
    FF - prefs.js..browser.startup.homepage: "about:blank"
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Jenny\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/04 17:04:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/19 00:23:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/19 00:23:20 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/19 00:23:16 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/19 00:23:20 | 000,000,000 | ---D | M]
    [2010/08/10 16:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Extensions
    [2014/05/10 05:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\0za8osxd.default\extensions
    [2014/05/03 20:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\e7p0fce4.default-1340648022673\extensions
    [2014/03/20 11:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\jeriesnp.default-1386738701148\extensions
    [2014/05/06 04:36:47 | 000,000,609 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\0za8osxd.default\searchplugins\Google.xml
    [2014/03/19 00:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2014/03/19 00:23:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2014/03/19 00:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/03/19 00:23:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2014/03/19 00:23:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  19. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    OTL.Txt - Part 2:
    ========== Chrome ==========
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}
    CHR - default_search_provider: suggest_url = http://www.google.com/search?q={searchTerms},
    CHR - homepage: about:blank
    CHR - plugin: Default Profile (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: Error reading preferences file
    CHR - Extension: avast! Online Security = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
    CHR - Extension: Google Wallet = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    O1 HOSTS File: ([2014/05/07 07:11:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {0297a026-3011-46d3-ad62-bb9a7612aea7} - No CLSID value found.
    O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [DBAgent] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
    O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
    O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
    O4 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series" /EF "HKCU" File not found
    O4 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2540 Series" /EF "HKCU" File not found
    O4 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000..\Run: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
    O4 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
    O7 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC19F90F-E0B6-4315-A739-13CADE16DC66}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    ========== Files/Folders - Created Within 30 Days ==========
    [2014/05/10 05:31:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
    [2014/05/10 04:48:02 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Jenny\Desktop\JRT.exe
    [2014/05/07 07:15:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/05/07 06:56:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/05/07 06:56:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/05/07 06:56:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/05/07 06:55:49 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/05/07 06:54:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/05/07 06:47:21 | 005,200,039 | R--- | C] (Swearware) -- C:\Users\Jenny\Desktop\ComboFix.exe
    [2014/05/06 04:51:14 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Malware cleanup stuff
    [2014/05/05 17:14:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2014/05/04 17:16:03 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\DropboxMaster
    [2014/05/04 17:15:42 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/05/04 17:15:00 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2014/05/04 17:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/05/04 17:14:29 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/05/04 17:14:29 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/05/04 17:14:29 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/05/04 17:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/05/04 17:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/05/04 17:13:00 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Dropbox
    [2014/05/04 17:08:07 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\AVAST Software
    [2014/05/04 17:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/05/04 17:05:12 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2014/05/04 17:05:12 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2014/05/04 17:05:12 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
    [2014/05/04 17:05:09 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2014/05/04 17:05:09 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/05/04 17:05:01 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2014/05/04 17:04:50 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/05/04 16:57:17 | 017,305,616 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jenny\Desktop\mbam-setup-2.0.1.1004.exe
    [2014/05/04 16:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/05/04 16:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/05/04 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\RK_Quarantine
    [2014/05/04 15:19:48 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Veitunm
    [2014/05/04 14:23:48 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Lehezao
    [2014/05/04 06:49:07 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Alezda
    [2014/05/04 05:05:14 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Huakilxo
    [2014/05/03 23:32:44 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Uxzoih
    [2014/05/03 23:14:10 | 000,043,520 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
    [2014/05/03 23:14:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
    [2014/05/03 20:56:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/05/03 20:35:29 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
    [2014/05/03 20:26:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/05/03 19:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2014/05/03 19:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/05/03 19:37:56 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Ogcixaz
    [2014/05/03 14:41:33 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Mixauq
    [2014/05/03 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Wiasno
    [2014/05/03 08:15:41 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Oxakvia
    [2014/04/30 03:01:49 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
    ========== Files - Modified Within 30 Days ==========
    [2014/05/10 05:31:25 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/05/10 05:31:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
    [2014/05/10 05:26:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/05/10 05:11:02 | 000,000,562 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-3629618385-350920163-1134759032-1000.job
    [2014/05/10 04:56:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/10 04:56:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/10 04:52:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/05/10 04:48:04 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Jenny\Desktop\JRT.exe
    [2014/05/10 04:41:20 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
    [2014/05/10 04:35:08 | 001,316,991 | ---- | M] () -- C:\Users\Jenny\Desktop\adwcleaner(1).exe
    [2014/05/07 07:11:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/05/07 06:46:39 | 005,200,039 | R--- | M] (Swearware) -- C:\Users\Jenny\Desktop\ComboFix.exe
    [2014/05/06 19:04:16 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/05/04 17:14:47 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/04 17:07:03 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/05/04 17:04:51 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2014/05/04 17:04:51 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2014/05/04 17:04:51 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2014/05/04 17:04:51 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2014/05/04 17:04:51 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2014/05/04 17:04:51 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
    [2014/05/04 17:04:51 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/05/04 17:04:51 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2014/05/04 17:04:51 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
    [2014/05/04 17:04:50 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/05/04 16:54:07 | 017,305,616 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jenny\Desktop\mbam-setup-2.0.1.1004.exe
    [2014/05/03 19:38:14 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/05/03 08:18:58 | 000,006,338 | ---- | M] () -- C:\Users\Jenny\AppData\Local\hptoibqf
    [2014/05/03 08:17:20 | 000,000,000 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs
    [2014/05/03 08:16:52 | 000,012,326 | ---- | M] () -- C:\Users\Jenny\AppData\Local\xdbiabar
    [2014/05/03 08:15:50 | 000,068,314 | ---- | M] () -- C:\Users\Jenny\AppData\Local\vgfodmik
    [2014/05/03 08:13:42 | 000,650,598 | ---- | M] () -- C:\Users\Jenny\AppData\Local\ikohodgo
    [2014/04/23 03:19:45 | 000,043,520 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
    [2014/04/22 13:01:11 | 000,792,708 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/04/22 13:01:11 | 000,669,696 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/04/22 13:01:11 | 000,125,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    ========== Files Created - No Company Name ==========
    [2014/05/10 04:35:03 | 001,316,991 | ---- | C] () -- C:\Users\Jenny\Desktop\adwcleaner(1).exe
    [2014/05/07 06:56:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/05/07 06:56:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/05/07 06:56:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/05/07 06:56:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/05/07 06:56:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/05/06 21:40:33 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
    [2014/05/04 17:14:47 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/04 17:07:03 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/05/04 17:05:12 | 000,208,416 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2014/05/04 17:05:12 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2014/05/04 17:05:09 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
    [2014/05/03 19:38:14 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/05/03 08:18:58 | 000,006,338 | ---- | C] () -- C:\Users\Jenny\AppData\Local\hptoibqf
    [2014/05/03 08:17:20 | 000,000,000 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs
    [2014/05/03 08:16:52 | 000,012,326 | ---- | C] () -- C:\Users\Jenny\AppData\Local\xdbiabar
    [2014/05/03 08:15:50 | 000,068,314 | ---- | C] () -- C:\Users\Jenny\AppData\Local\vgfodmik
    [2014/05/03 08:13:42 | 000,650,598 | ---- | C] () -- C:\Users\Jenny\AppData\Local\ikohodgo
    [2013/02/18 16:49:00 | 000,000,045 | ---- | C] () -- C:\Windows\WF-2540.ini
    [2012/04/26 16:37:10 | 000,000,600 | ---- | C] () -- C:\Users\Jenny\PUTTY.RND
    [2011/07/04 17:42:50 | 014,236,367 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 01 White Owl.mp3
    [2011/07/04 17:42:50 | 012,510,175 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 03 Farther Along.mp3
    [2011/07/04 17:42:50 | 011,887,478 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 16 Revelator.mp3
    [2011/07/04 17:42:50 | 011,678,478 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 14 Rise.mp3
    [2011/07/04 17:42:50 | 011,621,991 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 05 The Resistance.mp3
    [2011/07/04 17:42:50 | 011,190,531 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 11 Million Miles.mp3
    [2011/07/04 17:42:50 | 011,059,919 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 06 Slip Away.mp3
    [2011/07/04 17:42:50 | 010,603,278 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 08 Ulysses.mp3
    [2011/07/04 17:42:50 | 010,143,502 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 09 Beyond the Blue.mp3
    [2011/07/04 17:42:50 | 009,725,564 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 12 Bread & Wine.mp3
    [2011/07/04 17:42:50 | 008,234,494 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 02 Flood Waters.mp3
    [2011/07/04 17:42:50 | 007,991,054 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 17 Pilot Me.mp3
    [2011/07/04 17:42:50 | 006,933,638 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 04 A Far-Off Hope.mp3
    [2011/07/04 17:42:50 | 006,428,931 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 10 For You.mp3
    [2011/07/04 17:42:50 | 006,401,785 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 15 The March.mp3
    [2011/07/04 17:42:50 | 005,562,732 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 13 No Man's Land.mp3
    [2011/07/04 17:42:50 | 004,442,601 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 07 Sailor's Waltz.mp3
    [2011/07/04 17:42:50 | 004,267,058 | ---- | C] () -- C:\Users\Jenny\Josh Garrels - Love & War & The Sea In Between - 18 Processional.mp3
    [2011/07/04 17:42:50 | 001,999,546 | ---- | C] () -- C:\Users\Jenny\cover.jpg
    [2011/01/02 20:08:45 | 000,009,728 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/12 17:01:20 | 000,000,368 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\wklnhst.dat
    ========== ZeroAccess Check ==========
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    ========== LOP Check ==========
    [2010/11/20 13:03:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\.minecraft
    [2010/08/10 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Acer
    [2014/05/04 18:01:06 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Alezda
    [2010/12/01 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Amazon
    [2014/05/04 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\AVAST Software
    [2014/05/04 17:16:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Dropbox
    [2014/05/04 17:16:38 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DropboxMaster
    [2013/02/21 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Epson
    [2014/05/04 17:22:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Huakilxo
    [2013/02/21 15:46:47 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Leader Technologies
    [2010/08/10 15:52:16 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Leadertech
    [2014/05/04 18:01:04 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Lehezao
    [2011/08/19 18:35:33 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LolClient
    [2013/03/04 12:22:45 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MakeMusic
    [2012/05/20 21:58:18 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Memeo
    [2014/05/04 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Mixauq
    [2014/05/04 18:01:02 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ogcixaz
    [2014/05/04 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Oxakvia
    [2010/10/31 14:31:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PowerCinema
    [2013/12/24 12:22:45 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Seagate
    [2010/10/31 14:32:05 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SoftDMA
    [2011/03/07 19:49:40 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Template
    [2014/05/04 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Uxzoih
    [2014/05/04 18:01:06 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Veitunm
    [2014/05/04 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wiasno
    ========== Purity Check ==========
    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 916 bytes -> C:\Users\Jenny\Documents\Writing Workshop.eml:OECustomProperty
    @Alternate Data Stream - 792 bytes -> C:\Users\Jenny\Documents\Gear up for Writing Workshop!.eml:OECustomProperty
    @Alternate Data Stream - 733 bytes -> C:\Users\Jenny\Documents\heritage password.eml:OECustomProperty
    @Alternate Data Stream - 538 bytes -> C:\Users\Jenny\Documents\Nathan pic wall.eml:OECustomProperty
    @Alternate Data Stream - 4445 bytes -> C:\Users\Jenny\Documents\Polar Bear Blessing.eml:OECustomProperty
    @Alternate Data Stream - 1277 bytes -> C:\Users\Jenny\Documents\Tegrotenhuis, Jennifer - Offer to score essays for the October 2007 SAT Administration.eml:OECustomProperty

    < End of report >
  20. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    OTL Extras.Txt:
    OTL Extras logfile created on: 5/10/2014 5:32:51 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jenny\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    3.68 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 63.40% Memory free
    7.35 Gb Paging File | 5.67 Gb Available in Paging File | 77.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 285.30 Gb Total Space | 51.76 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
    Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Extra Registry (SafeList) ==========
    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    [HKEY_USERS\S-1-5-21-3629618385-350920163-1134759032-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    ========== Shell Spawning ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
    ========== Security Center Settings ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    ========== System Restore Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
    ========== Firewall Settings ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    ========== Authorized Applications List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    ========== Vista Active Open Ports Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0C661516-F91F-453B-A5C3-51BDE5E57285}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0F8D9D67-037D-4E3E-931A-D08371CE9735}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1478AF95-6BAD-4CB0-A091-B731FDF0518C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{36803DE1-D356-4DA3-BAE2-4C5CC9996B38}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{49663EDB-D62D-4068-B491-3B21D54D6EC4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{4A6E2878-59CC-405C-A580-56010E4C368F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{50E4AA07-66AA-4975-9C00-8B7DC74E4A17}" = lport=137 | protocol=17 | dir=in | app=system |
    "{5B34B537-0F4C-4FC8-A5D4-9173A01593DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{80430B67-46C4-4517-8C8B-FA87CFE07DE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{855D0786-F1DF-4228-8416-98CD7234A044}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{933E1E04-E4D3-4FC2-998D-C9CAF942E6BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A1830FD1-E57F-4D6C-BAEB-55F5D5F0941D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{A5658C04-F4D0-4030-85D2-3C504C955A40}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B11B870D-1850-4EE2-9A28-9B13FD5C59F8}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B98C60DE-22EB-4EA1-906B-44D819DA40B9}" = lport=138 | protocol=17 | dir=in | app=system |
    "{C884F68A-394A-4343-BAB6-E359FCFD8732}" = rport=138 | protocol=17 | dir=out | app=system |
    "{CAD400EA-F3BC-47B3-BB42-61A56C0FF7C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{F16B8638-B4E6-4DBA-8B1A-152F78BA7F12}" = rport=139 | protocol=6 | dir=out | app=system |
    "{F3C5A779-7646-44B3-A04B-50949C9F66BF}" = lport=139 | protocol=6 | dir=in | app=system |
    ========== Vista Active Application Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06F0BA47-C6A5-481B-9287-219EF8556701}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
    "{11E7CF78-0D76-4267-9A7E-93CC8D2FAC19}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{12F36DD4-16E8-487E-87EF-F4FB158A24AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{16D2F164-3F0C-4345-84EA-980E1EA6DE25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{19C2D221-BC1D-4534-83EB-940C2D697CD1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{1A169395-F4C4-4F05-9277-F434D42B89A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1ABA5C6B-9016-45E9-8B68-4A55256B6AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{26E2BED0-BE4D-48D3-B811-E212192E2120}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{29292E05-DE0D-4501-85FB-D4A84D467E3D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{2C9D11B7-6BE5-496A-9D7D-32507E178689}" = dir=in | app=c:\users\jenny\appdata\local\microsoft\skydrive\skydrive.exe |
    "{2D06BB8B-2EBE-451D-94C7-EFF2954DA7C7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2F0891F7-F003-40C2-9078-DC0C03287622}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
    "{366D9817-080F-4512-92CC-3D65D20E570F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{37A6E039-8F35-4B3D-BDA4-1E2C9D916E26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3949F8A9-439C-4489-8A2A-CEDD2EC112ED}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{3E6224EA-D9A8-48D7-8C48-BE42B9AFAF68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{47F3EE4B-21C7-479E-A740-BB5466D01C5D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4D120FA7-2D40-430F-8960-17BA1F5CA341}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{4DB6D302-0814-4B19-BC74-238CE8497017}" = protocol=17 | dir=in | app=c:\users\jenny\appdata\roaming\dropbox\bin\dropbox.exe |
    "{4EFE00D9-2D58-469E-B5F5-4987A8EB8B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{54EAE336-F01E-4D3C-AD03-E2CB8DB88262}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
    "{598DFA71-0669-48C4-A0E7-D51C53E042C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{5BDA4227-9C72-47FC-915C-669334A02615}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{679C0F48-FABC-4754-8834-798843C57407}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
    "{6F838A18-9E16-4A31-910C-8BE634251064}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{758B0FA1-F68E-4104-B68A-3DB8E9770EBA}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
    "{798AC6CB-1618-461C-B2CF-C22533D3C360}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{80C3D56E-78A2-4666-82A1-CAD4AF52AA44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{82477C12-2F04-4DD5-8795-46DF5420A396}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{8ABE2E8A-21D4-4F1F-8A0E-96802A7C8A55}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
    "{8D005282-6D68-4570-BD20-4D323A816902}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
    "{8D4C32D3-9356-472C-84FF-F8EA8BE8CE8F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{9C6A1F9F-2CAA-4E11-AB9E-D7BD57EDD661}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9D8327A6-43CB-4234-BD07-645DC1FB0474}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
    "{B093567A-1EC6-4569-8E6A-6A005F1A5D13}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{BB4121C6-9A8B-4520-BDA2-AFE8A275F0DF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{BF9997F8-A37C-4EEF-8310-A466711ABAF8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{C406E915-4564-400A-86D5-61CC1986A47C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CD48E4D2-21DC-4B1C-92F3-BF399FEDA924}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{CE929D9E-5CD2-430B-8F79-F81C2CD96A97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D0C57848-3309-4CBA-87BE-1AE2BE928262}" = protocol=6 | dir=in | app=c:\users\jenny\appdata\roaming\dropbox\bin\dropbox.exe |
    "{D88ABBEE-533B-40A2-8D06-47A14780DDE6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{DC5DE8CC-F74A-4E59-BEB6-3F2A0FD7FDD3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{E073C896-77C7-463A-8FDE-34A4EAD298D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EDF5664D-332B-4F69-85A1-535A4F902C57}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{F33084DD-11D8-4723-B107-3986867D82F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{FBEC117B-131F-4C23-9856-580DF81EC5A0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "TCP Query User{1BADB7C9-5C7D-4C06-BAE7-23EF66C9E97C}C:\cook'n9\cook'n.exe" = protocol=6 | dir=in | app=c:\cook'n9\cook'n.exe |
    "TCP Query User{928D0AA3-145D-4253-BF99-A9AB05804524}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe |
    "TCP Query User{9325403B-A61E-4730-A907-E6703098D3EF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{C30020DE-CF1E-4B2E-B782-4DCC588DB83D}C:\users\jenny\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\jenny\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
    "TCP Query User{D04591DF-C057-4C0F-B2BD-C06647E8B646}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{4FE0C05A-C3B8-4790-A256-3DB00402FC13}C:\users\jenny\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\jenny\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
    "UDP Query User{911B525A-EAB2-493E-B6BB-6D714C3FF5E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{B80007DA-6C88-47CB-A861-1ABF6225FA16}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe |
    "UDP Query User{D156A5AF-CA23-489C-B960-3CC773DA27CB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{F2AFB682-64A4-47D5-9C9A-BC7DB0B99ECD}C:\cook'n9\cook'n.exe" = protocol=17 | dir=in | app=c:\cook'n9\cook'n.exe |
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
    "{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
    "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
    "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
    "3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
    "CCleaner" = CCleaner
    "EPSON WF-2540 Series" = EPSON WF-2540 Series Printer Uninstall
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
    "{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1E8EB086-AE5F-45F6-887C-E5178868290F}" = Living Cookbook 2011
    "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
    "{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
    "{34A26F7A-B099-4435-8A83-51D6BCFA93E9}" = Freedom
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
    "{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
    "{44F72193-F59C-4303-BAE8-E3E4BC1C122C}" = Epson Event Manager
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
    "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
    "{A737E18A-5171-40D0-8034-7DD243420081}" = Software Updater
    "{A75BC59B-10BF-6B87-DCC7-3501F158ACC6}" = Times Reader
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
    "{B025BA0B-64A6-46DE-9D64-32965C83CCA9}" = Citrix Online Launcher
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
    "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
    "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
    "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
    "{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
    "{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
    "{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}" = KODAK Share Button App
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
    "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "Acer Assist" = Acer Assist
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
    "AudibleDownloadManager" = Audible Download Manager
    "Avast" = avast! Free Antivirus
    "Cook'n" = Cook'n
    "Cook'n Recipe Browser" = Cook'n Recipe Browser
    "Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
    "CouponBar5.0.0.4" = CouponBar
    "emWave PC2.2.6.5250" = emWave PC
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "EPSON Connect_is1" = EPSON Connect version 1.0
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "Finale NotePad 2012" = Finale NotePad 2012
    "Google Chrome" = Google Chrome
    "GridVista" = Acer GridVista
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
    "Living Cookbook 2011" = Living Cookbook 2011
    "LManager" = Launch Manager
    "LTCM Client" = LTCM Client
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Picasa 3" = Picasa 3
    "PowerISO" = PowerISO
    "WildTangent acer Master Uninstall" = Acer Games
    "WinLiveSuite" = Windows Live Essentials
    ========== HKEY_USERS Uninstall List ==========
    [HKEY_USERS\S-1-5-21-3629618385-350920163-1134759032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "GoToMeeting" = GoToMeeting 6.2.0.1350
    "SkyDriveSetup.exe" = Microsoft SkyDrive
    ========== Last 20 Event Log Errors ==========
    [ OSession Events ]
    Error - 9/27/2010 10:09:21 PM | Computer Name = Jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 5902
    seconds with 5040 seconds of active time. This session ended with a crash.
    Error - 9/26/2011 11:07:39 AM | Computer Name = Jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.
    Error - 1/19/2012 1:31:20 AM | Computer Name = Jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
    seconds with 0 seconds of active time. This session ended with a crash.
    Error - 3/13/2012 12:34:16 PM | Computer Name = Jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
    seconds with 0 seconds of active time. This session ended with a crash.
    Error - 3/28/2013 8:48:39 PM | Computer Name = Jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 264519
    seconds with 60 seconds of active time. This session ended with a crash.
    Error - 12/12/2013 9:31:44 AM | Computer Name = Jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 55841
    seconds with 1140 seconds of active time. This session ended with a crash.
    Error - 2/22/2014 12:09:44 PM | Computer Name = Jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
    seconds with 0 seconds of active time. This session ended with a crash.
    Error - 2/28/2014 12:14:37 PM | Computer Name = Jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.
    [ System Events ]
    Error - 5/10/2014 8:26:31 AM | Computer Name = Jenny-PC | Source = DCOM | ID = 10010
    Description =
    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
    O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
    O2 - BHO: (no name) - {0297a026-3011-46d3-ad62-bb9a7612aea7} - No CLSID value found.
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series" /EF "HKCU" File not found
    O4 - HKU\S-1-5-21-3629618385-350920163-1134759032-1000..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2540 Series" /EF "HKCU" File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    [2014/05/03 08:18:58 | 000,006,338 | ---- | C] () -- C:\Users\Jenny\AppData\Local\hptoibqf
    [2014/05/03 08:16:52 | 000,012,326 | ---- | C] () -- C:\Users\Jenny\AppData\Local\xdbiabar
    [2014/05/03 08:15:50 | 000,068,314 | ---- | C] () -- C:\Users\Jenny\AppData\Local\vgfodmik
    [2014/05/03 08:13:42 | 000,650,598 | ---- | C] () -- C:\Users\Jenny\AppData\Local\ikohodgo
    @Alternate Data Stream - 916 bytes -> C:\Users\Jenny\Documents\Writing Workshop.eml:OECustomProperty
    @Alternate Data Stream - 792 bytes -> C:\Users\Jenny\Documents\Gear up for Writing Workshop!.eml:OECustomProperty
    @Alternate Data Stream - 733 bytes -> C:\Users\Jenny\Documents\heritage password.eml:OECustomProperty
    @Alternate Data Stream - 538 bytes -> C:\Users\Jenny\Documents\Nathan pic wall.eml:OECustomProperty
    @Alternate Data Stream - 4445 bytes -> C:\Users\Jenny\Documents\Polar Bear Blessing.eml:OECustomProperty
    @Alternate Data Stream - 1277 bytes -> C:\Users\Jenny\Documents\Tegrotenhuis, Jennifer - Offer to score essays for the October 2007 SAT Administration.eml:OECustomProperty
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    The reboot got stuck at the Logging off splash screen for over an hour. I did a hard power down and rebooted. OTL ran during the reboot and the log is pasted below. Should I proceed with the other scans?

    OTL log:
    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0297a026-3011-46d3-ad62-bb9a7612aea7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0297a026-3011-46d3-ad62-bb9a7612aea7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3629618385-350920163-1134759032-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3629618385-350920163-1134759032-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3629618385-350920163-1134759032-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000001 deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.
    File {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found not found.
    C:\Users\Jenny\AppData\Local\hptoibqf moved successfully.
    C:\Users\Jenny\AppData\Local\xdbiabar moved successfully.
    C:\Users\Jenny\AppData\Local\vgfodmik moved successfully.
    C:\Users\Jenny\AppData\Local\ikohodgo moved successfully.
    ADS C:\Users\Jenny\Documents\Writing Workshop.eml:OECustomProperty deleted successfully.
    ADS C:\Users\Jenny\Documents\Gear up for Writing Workshop!.eml:OECustomProperty deleted successfully.
    ADS C:\Users\Jenny\Documents\heritage password.eml:OECustomProperty deleted successfully.
    ADS C:\Users\Jenny\Documents\Nathan pic wall.eml:OECustomProperty deleted successfully.
    ADS C:\Users\Jenny\Documents\Polar Bear Blessing.eml:OECustomProperty deleted successfully.
    ADS C:\Users\Jenny\Documents\Tegrotenhuis, Jennifer - Offer to score essays for the October 2007 SAT Administration.eml:OECustomProperty deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    User: Jenny
    ->Temp folder emptied: 2806287 bytes
    ->Temporary Internet Files folder emptied: 910906046 bytes
    ->Java cache emptied: 932376 bytes
    ->FireFox cache emptied: 155050895 bytes
    ->Google Chrome cache emptied: 6426624 bytes
    ->Flash cache emptied: 23408 bytes
    User: Public
    ->Temp folder emptied: 0 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10468 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36056076 bytes
    RecycleBin emptied: 1017144 bytes
    Total Files Cleaned = 1,062.00 mb
    [EMPTYJAVA]
    User: All Users
    User: Default
    User: Default User
    User: Jenny
    ->Java cache emptied: 0 bytes
    User: Public
    Total Java Files Cleaned = 0.00 mb
    [EMPTYFLASH]
    User: All Users
    User: Default
    User: Default User
    User: Jenny
    ->Flash cache emptied: 0 bytes
    User: Public
    Total Flash Files Cleaned = 0.00 mb
    OTL by OldTimer - Version 3.2.69.0 log created on 05112014_041443

    Files\Folders moved on Reboot...
    C:\Users\Jenny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  23. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Go on...
  24. Wardtg

    Wardtg Newcomer, in training Topic Starter Posts: 20

    I did SecurityCheck, FSS, and TFC scans and results are below. When I got to ESET, it opened a window with the message below and a link to install software. This was different than your instructions. I thought I'd try it in IE instead, but IE won't start. I decided to wait for further instructions.

    You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. Please agree to the download of ESET Smart Installer - an application which installs and launches ESET Online Scanner in a separate window. At the end of the scan, there will be an option to uninstall ESET Online Scanner and all its components.

    To download ESET Smart Installer click the link below.

    After successful installation of ESET Smart Installer is ESET Online Scanner launched in a new window.


    Security check log:
    Results of screen317's Security Check version 0.99.83
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 25
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 13.0.0.206
    Adobe Reader XI
    Mozilla Firefox (29.0.1)
    Google Chrome 31.0.1650.57
    Google Chrome 31.0.1650.63
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    FSS log:
    Farbar Service Scanner Version: 03-05-2014
    Ran by Jenny (administrator) on 12-05-2014 at 08:47:22
    Running from "C:\Users\Jenny\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Attempt to access Google.com returned error: Google.com is unreachable
    Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    TFC results from window:
    Getting user folders.
    Stopping running processes.
    Emptying Temp folders.
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    User: Jenny
    ->Temp folder emptied: 1587308 bytes
    ->Temporary Internet Files folder emptied: 156669 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43646539 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 921 bytes
    User: Public
    ->Temp folder emptied: 0 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 886 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13309405 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    Emptying RecycleBin. Do not interrupt.
    RecycleBin emptied: 0 bytes
    Process complete!
    Total Files Cleaned = 56.00 mb
  25. Broni

    Broni Malware Annihilator Posts: 46,373   +252



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.