TechSpot

Win64/Patched.A in c:\Windows\System32\services.exe and Trojan horse Generic29.ANPX

Solved
By jskelington2641
Nov 1, 2012
  1. I am in dire need of some help with this. After having a credit card number stolen and used I did a scan of my computer with AVG and found Win64/Patched.A in c:\Windows\System32\services.exe and Trojan horse Generic29.ANPX in c:\Windows\assembly\GAC_64\Desktop.ini, also Trojan horse Backdoor.Generic15.CGSY in c:\Windows\assembly\GAC_32\Desktop.ini. I tried to remove them with the AVG program and it won't let me. Also, I did a scan with Malewarebytes and it located rootkit.0access in one of my windows\installer files. This is one I also cannot remove. I tried using avast instead of AVG to try and fix these and it also could'nt. Avast also told me that the Windows\installer file that malwarebytes said had a rootkit.0access was infected by win32:Trojan-gen. Any assistance with this would be greatly appreciated.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    What Windows version is it?
     
  3. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    Windows 7 64bit
     
  4. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  5. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    Here it is, I hope I posted it right

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012
    Ran by SYSTEM at 01-11-2012 15:59:50
    Running from G:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
    HKU\Jimmy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Jimmy\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
    HKU\Jimmy\...\Run: [MusicManager] "C:\Users\Jimmy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7321600 2012-08-31] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\Jimmy\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
    ==================== Services (Whitelisted) ===================
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143552 2012-02-06] (TuneUp Software)
    2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] ()
    ==================== Drivers (Whitelisted) =====================
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
    3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [122368 2011-05-09] (Incorporated)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
    3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [31152 2011-08-31] ()
    3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-01] (TuneUp Software)
    3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [x]
    3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [x]
    3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]
    3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-10-31 19:02 - 2012-11-01 11:55 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-31 19:02 - 2012-11-01 11:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-31 19:02 - 2012-10-31 19:15 - 00000000 ____D C:\Program Files (x86)\Google
    2012-10-31 19:02 - 2012-10-31 19:02 - 00001960 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-10-31 19:02 - 2012-10-31 19:02 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-10-31 19:02 - 2012-10-30 14:51 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-10-31 19:02 - 2012-10-30 14:51 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-10-31 19:02 - 2012-10-30 14:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-10-31 19:02 - 2012-10-30 14:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-10-31 19:02 - 2012-10-30 14:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-10-31 19:02 - 2012-10-30 14:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-10-31 19:02 - 2012-10-30 14:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-10-31 19:02 - 2012-10-30 14:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-10-31 19:02 - 2012-10-15 07:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-10-31 19:01 - 2012-10-31 19:01 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-10-31 19:01 - 2012-10-31 19:01 - 00000000 ____D C:\Program Files\AVAST Software
    2012-10-31 18:57 - 2012-10-31 18:48 - 97495576 ____A C:\Users\Jimmy\Downloads\avast_free_antivirus_setup.exe
    2012-10-31 18:57 - 2012-10-31 18:42 - 00687724 ____A (Swearware) C:\Users\Jimmy\Downloads\dds.com
    2012-10-31 18:57 - 2012-10-31 18:40 - 00294216 ____A C:\Users\Jimmy\Downloads\gmer.zip
    2012-10-31 16:42 - 2012-10-31 16:42 - 00002915 ____A C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    2012-10-31 16:41 - 2012-10-31 16:43 - 00000000 ____D C:\Users\All Users\Nero
    2012-10-31 16:41 - 2012-10-31 16:43 - 00000000 ____D C:\Program Files (x86)\Nero
    2012-10-31 12:05 - 2012-10-31 10:38 - 02194704 ____A C:\Users\Jimmy\Downloads\tdsskiller.zip
    2012-10-31 07:35 - 2012-10-31 18:29 - 00000000 ____D C:\Users\All Users\MFAData
    2012-10-31 07:35 - 2012-10-31 07:35 - 00000000 ____D C:\Users\Jimmy\AppData\Local\MFAData
    2012-10-29 17:51 - 2012-10-29 18:06 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-10-29 15:50 - 2012-10-29 16:09 - 04731392 ____A (AVAST Software) C:\Users\Jimmy\Downloads\aswMBR.exe
    2012-10-29 15:41 - 2012-10-29 16:05 - 04990780 ____A (Swearware) C:\Users\Jimmy\Downloads\ComboFix.exe
    2012-10-29 14:57 - 2012-10-29 14:57 - 00000000 ____D C:\Users\Jimmy\Downloads\Nero 12 Platinum 12.0.02000 key and patch
    2012-10-29 11:59 - 2012-10-29 12:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-29 11:59 - 2012-10-29 11:59 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Malwarebytes
    2012-10-29 11:59 - 2012-10-29 11:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-29 11:59 - 2012-09-29 15:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-29 08:40 - 2012-10-29 08:40 - 00000000 ____A C:\Users\Jimmy\Desktop\New Text Document.txt
    2012-10-29 08:40 - 2012-10-29 08:40 - 00000000 ____A C:\Users\Jimmy\Desktop\New Text Document (2).txt
    2012-10-29 08:24 - 2012-10-29 08:18 - 179577680 ____A (Nero AG) C:\Users\Jimmy\Downloads\Nero_KwikMedia-12.0.01300_free.exe
    2012-10-29 05:20 - 2012-10-29 05:20 - 00000000 ____D C:\Users\All Users\Real
    2012-10-28 19:37 - 2012-10-28 19:37 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Nero_AG
    2012-10-28 12:47 - 2012-10-29 12:41 - 00000000 ____D C:\Users\Jimmy\Documents\Programs and Serials
    2012-10-28 12:18 - 2012-10-29 13:36 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Nero
    2012-10-27 18:14 - 2010-05-26 07:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2012-10-27 18:14 - 2010-05-26 07:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2012-10-27 18:14 - 2010-05-26 07:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2012-10-27 18:14 - 2010-05-26 07:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2012-10-27 18:14 - 2010-05-26 07:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2012-10-27 17:02 - 2012-10-31 16:34 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\DVD Flick
    2012-10-27 17:02 - 2012-10-27 17:02 - 00000000 ____D C:\Program Files (x86)\DVD Flick
    2012-10-27 17:02 - 2008-08-31 09:27 - 00028672 ____A (-) C:\Windows\SysWOW64\mousewheel.ocx
    2012-10-27 17:02 - 2007-08-31 14:36 - 00036864 ____A (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
    2012-10-27 17:02 - 2004-03-08 20:00 - 00212240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
    2012-10-27 17:02 - 2003-01-26 09:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
    2012-10-27 16:55 - 2012-10-27 16:56 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{794FD416-1A8D-4085-8B72-3EB08A075C10}
    2012-10-27 16:55 - 2012-10-27 16:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{8EABD010-BBEC-44E9-AB75-AE467CFAC17E}
    2012-10-15 08:07 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-15 08:07 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-15 08:07 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-15 08:07 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-15 08:07 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-15 08:07 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-15 08:07 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-15 08:07 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-15 08:07 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-15 08:07 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-15 08:07 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-15 08:07 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-15 08:07 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-15 08:07 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-15 08:07 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-15 08:07 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-15 08:07 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-15 08:07 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-15 08:07 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-15 08:07 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-15 08:07 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-15 08:07 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-15 08:07 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-15 08:07 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-15 08:07 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-15 08:07 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-15 08:07 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-15 08:07 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-15 08:07 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-15 08:07 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-15 08:07 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-02 12:44 - 2012-10-02 12:44 - 00000000 ___RD C:\Users\Jimmy\Podcasts
    2012-10-02 12:27 - 2012-10-02 12:28 - 00000000 ____D C:\Program Files\Zune

    ==================== 3 Months Modified Files ==================
    2012-11-01 11:55 - 2012-10-31 19:02 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-01 11:50 - 2012-06-08 18:34 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2495479790-982925703-2321560144-1001UA.job
    2012-11-01 11:28 - 2012-04-09 15:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-01 11:20 - 2012-10-31 19:02 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-31 20:22 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-31 20:22 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-31 20:14 - 2012-02-25 22:00 - 00087420 ____A C:\Windows\setupact.log
    2012-10-31 20:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-31 19:02 - 2012-10-31 19:02 - 00001960 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-10-31 19:02 - 2012-10-31 19:02 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-10-31 18:48 - 2012-10-31 18:57 - 97495576 ____A C:\Users\Jimmy\Downloads\avast_free_antivirus_setup.exe
    2012-10-31 18:42 - 2012-10-31 18:57 - 00687724 ____A (Swearware) C:\Users\Jimmy\Downloads\dds.com
    2012-10-31 18:40 - 2012-10-31 18:57 - 00294216 ____A C:\Users\Jimmy\Downloads\gmer.zip
    2012-10-31 18:36 - 2012-02-25 23:17 - 00549230 ____A C:\Windows\PFRO.log
    2012-10-31 16:42 - 2012-10-31 16:42 - 00002915 ____A C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    2012-10-31 16:37 - 2012-02-23 18:37 - 01379143 ____A C:\Windows\WindowsUpdate.log
    2012-10-31 15:52 - 2009-07-13 21:08 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-31 10:38 - 2012-10-31 12:05 - 02194704 ____A C:\Users\Jimmy\Downloads\tdsskiller.zip
    2012-10-30 14:51 - 2012-10-31 19:02 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-10-30 14:51 - 2012-10-31 19:02 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-10-30 14:51 - 2012-10-31 19:02 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-10-30 14:51 - 2012-10-31 19:02 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-10-30 14:51 - 2012-10-31 19:02 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-10-30 14:51 - 2012-10-31 19:02 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-10-30 14:50 - 2012-10-31 19:02 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-10-30 14:50 - 2012-10-31 19:02 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-10-29 16:09 - 2012-10-29 15:50 - 04731392 ____A (AVAST Software) C:\Users\Jimmy\Downloads\aswMBR.exe
    2012-10-29 16:05 - 2012-10-29 15:41 - 04990780 ____A (Swearware) C:\Users\Jimmy\Downloads\ComboFix.exe
    2012-10-29 15:50 - 2012-06-08 18:34 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2495479790-982925703-2321560144-1001Core.job
    2012-10-29 08:40 - 2012-10-29 08:40 - 00000000 ____A C:\Users\Jimmy\Desktop\New Text Document.txt
    2012-10-29 08:40 - 2012-10-29 08:40 - 00000000 ____A C:\Users\Jimmy\Desktop\New Text Document (2).txt
    2012-10-29 08:18 - 2012-10-29 08:24 - 179577680 ____A (Nero AG) C:\Users\Jimmy\Downloads\Nero_KwikMedia-12.0.01300_free.exe
    2012-10-29 06:04 - 2009-07-13 21:13 - 00779550 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-24 14:11 - 2012-05-16 13:40 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForJimmy.job
    2012-10-15 18:55 - 2012-02-26 09:18 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-15 18:21 - 2012-03-30 13:28 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-10-15 15:08 - 2012-04-09 15:24 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-15 15:08 - 2011-08-31 17:36 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-15 07:59 - 2012-10-31 19:02 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-09-29 15:54 - 2012-10-29 11:59 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-14 11:19 - 2012-10-15 08:07 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-15 08:07 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-10 17:21 - 2012-09-10 17:20 - 00000630 ____A C:\user.js
    2012-08-31 10:19 - 2012-10-15 08:07 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 10:03 - 2012-10-15 08:07 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-15 08:07 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-15 08:07 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-24 10:05 - 2012-10-15 08:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-15 08:07 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-22 21:38 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-22 21:38 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-22 21:38 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-22 21:38 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-22 21:38 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-22 21:38 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-22 21:38 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-22 21:38 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-22 21:38 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-22 21:38 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-22 21:38 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-22 21:38 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-22 21:38 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-22 21:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-22 21:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-22 21:38 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-22 21:38 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-22 21:38 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-22 21:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-22 21:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-22 21:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-22 21:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-22 21:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-22 21:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-22 21:38 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-22 21:38 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-22 21:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-22 21:38 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-22 21:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-22 21:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-22 21:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-22 21:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-09-12 18:16 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 18:16 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 18:16 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 18:16 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-25 14:06 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-20 10:48 - 2012-10-15 08:07 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-15 08:07 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-15 08:07 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-15 08:07 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-15 08:07 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-15 08:07 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-15 08:07 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-15 08:07 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-15 08:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-15 08:07 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-15 08:07 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-15 08:07 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-15 08:07 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-15 08:07 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-15 08:07 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-15 08:07 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-15 08:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-15 08:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-15 08:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-15 08:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-19 16:08 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-10 16:56 - 2012-10-15 08:07 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-15 08:07 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

    ZeroAccess:
    C:\Windows\Installer\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}
    C:\Windows\Installer\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}\@
    C:\Windows\Installer\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}\L
    C:\Windows\Installer\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}\U
    C:\Windows\Installer\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}\L\00000004.@
    C:\Windows\Installer\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}\L\201d3dde
    C:\Windows\Installer\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}\U\80000064.@
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-10-29 08:37:17
    Restore point made on: 2012-10-29 08:41:45
    Restore point made on: 2012-10-29 08:53:14
    Restore point made on: 2012-10-29 11:25:58
    Restore point made on: 2012-10-29 11:38:04
    Restore point made on: 2012-10-29 11:44:19
    Restore point made on: 2012-10-29 12:24:58
    Restore point made on: 2012-10-29 12:25:37
    Restore point made on: 2012-10-29 12:32:19
    Restore point made on: 2012-10-29 12:36:15
    Restore point made on: 2012-10-29 13:19:38
    Restore point made on: 2012-10-29 13:32:30
    Restore point made on: 2012-10-29 13:33:18
    Restore point made on: 2012-10-29 13:41:17
    Restore point made on: 2012-10-29 14:44:39
    Restore point made on: 2012-10-31 08:19:27
    Restore point made on: 2012-10-31 08:19:46
    Restore point made on: 2012-10-31 16:41:22
    Restore point made on: 2012-10-31 18:28:07
    Restore point made on: 2012-10-31 18:29:04
    Restore point made on: 2012-10-31 19:01:49
    ==================== Memory info ===========================
    Percentage of memory in use: 13%
    Total physical RAM: 8174.53 MB
    Available physical RAM: 7064.68 MB
    Total Pagefile: 8172.73 MB
    Available Pagefile: 7052.9 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions =============================
    1 Drive c: (OS) (Fixed) (Total:1385.38 GB) (Free:1125.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.78 GB) (Free:1.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: (CANON_DC) (Removable) (Total:14.93 GB) (Free:14.93 GB) FAT32
    8 Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS
    9 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1397 GB 0 B
    Disk 1 Online 14 GB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 1385 GB 101 MB
    Partition 3 Primary 11 GB 1385 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 1385 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 4096 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G CANON_DC FAT32 Removable 14 GB Healthy
    =========================================================
    Last Boot: 2012-10-26 07:54
    ==================== End Of Log =============================
    Farbar Recovery Scan Tool (x64) Version: 30-10-2012
    Ran by SYSTEM at 2012-11-01 16:01:04
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC
    ====== End Of Search ======
     
  6. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    =============================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==========================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==========================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  7. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012
    Ran by SYSTEM at 2012-11-01 16:53:13 Run:1
    Running from G:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
    16:56:40.0882 1540 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    16:56:42.0894 1540 ============================================================
    16:56:42.0894 1540 Current date / time: 2012/11/01 16:56:42.0894
    16:56:42.0894 1540 SystemInfo:
    16:56:42.0894 1540
    16:56:42.0894 1540 OS Version: 6.1.7601 ServicePack: 1.0
    16:56:42.0894 1540 Product type: Workstation
    16:56:42.0894 1540 ComputerName: JIMMY-HP
    16:56:42.0894 1540 UserName: Jimmy
    16:56:42.0894 1540 Windows directory: C:\Windows
    16:56:42.0894 1540 System windows directory: C:\Windows
    16:56:42.0894 1540 Running under WOW64
    16:56:42.0894 1540 Processor architecture: Intel x64
    16:56:42.0894 1540 Number of processors: 4
    16:56:42.0894 1540 Page size: 0x1000
    16:56:42.0894 1540 Boot type: Normal boot
    16:56:42.0894 1540 ============================================================
    16:56:47.0980 1540 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:56:47.0980 1540 Drive \Device\Harddisk1\DR1 - Size: 0x3BC000000 (14.94 Gb), SectorSize: 0x200, Cylinders: 0x79D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:56:47.0995 1540 ============================================================
    16:56:47.0995 1540 \Device\Harddisk0\DR0:
    16:56:47.0995 1540 MBR partitions:
    16:56:47.0995 1540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    16:56:47.0995 1540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD2C3000
    16:56:47.0995 1540 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAD2F5800, BlocksNum 0x1791800
    16:56:47.0995 1540 \Device\Harddisk1\DR1:
    16:56:47.0995 1540 MBR partitions:
    16:56:47.0995 1540 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DDE000
    16:56:47.0995 1540 ============================================================
    16:56:48.0027 1540 C: <-> \Device\Harddisk0\DR0\Partition2
    16:56:48.0151 1540 D: <-> \Device\Harddisk0\DR0\Partition3
    16:56:48.0151 1540 ============================================================
    16:56:48.0151 1540 Initialize success
    16:56:48.0151 1540 ============================================================
    16:57:02.0457 4752 ============================================================
    16:57:02.0457 4752 Scan started
    16:57:02.0457 4752 Mode: Manual;
    16:57:02.0457 4752 ============================================================
    16:57:05.0358 4752 ================ Scan system memory ========================
    16:57:05.0358 4752 System memory - ok
    16:57:05.0358 4752 ================ Scan services =============================
    16:57:05.0998 4752 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    16:57:05.0998 4752 1394ohci - ok
    16:57:06.0045 4752 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    16:57:06.0045 4752 ACPI - ok
    16:57:06.0076 4752 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    16:57:06.0076 4752 AcpiPmi - ok
    16:57:06.0622 4752 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:57:06.0622 4752 AdobeFlashPlayerUpdateSvc - ok
    16:57:06.0653 4752 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    16:57:06.0653 4752 adp94xx - ok
    16:57:06.0684 4752 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    16:57:06.0700 4752 adpahci - ok
    16:57:06.0700 4752 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    16:57:06.0715 4752 adpu320 - ok
    16:57:07.0324 4752 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    16:57:07.0324 4752 AeLookupSvc - ok
    16:57:07.0371 4752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    16:57:07.0371 4752 AFD - ok
    16:57:07.0402 4752 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    16:57:07.0402 4752 agp440 - ok
    16:57:07.0573 4752 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    16:57:07.0573 4752 ALG - ok
    16:57:07.0605 4752 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    16:57:07.0605 4752 aliide - ok
    16:57:07.0605 4752 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    16:57:07.0605 4752 amdide - ok
    16:57:07.0636 4752 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    16:57:07.0636 4752 AmdK8 - ok
    16:57:07.0636 4752 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    16:57:07.0636 4752 AmdPPM - ok
    16:57:07.0683 4752 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    16:57:07.0683 4752 amdsata - ok
    16:57:07.0683 4752 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    16:57:07.0683 4752 amdsbs - ok
    16:57:07.0698 4752 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    16:57:07.0698 4752 amdxata - ok
    16:57:07.0714 4752 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    16:57:07.0714 4752 AppID - ok
    16:57:07.0745 4752 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    16:57:07.0745 4752 AppIDSvc - ok
    16:57:07.0776 4752 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    16:57:07.0776 4752 Appinfo - ok
    16:57:08.0010 4752 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:57:08.0041 4752 Apple Mobile Device - ok
    16:57:08.0057 4752 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    16:57:08.0057 4752 arc - ok
    16:57:08.0088 4752 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    16:57:08.0088 4752 arcsas - ok
    16:57:08.0338 4752 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:57:08.0400 4752 aspnet_state - ok
    16:57:08.0447 4752 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    16:57:08.0447 4752 aswFsBlk - ok
    16:57:08.0494 4752 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    16:57:08.0494 4752 aswMonFlt - ok
    16:57:08.0509 4752 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    16:57:08.0525 4752 aswRdr - ok
    16:57:08.0556 4752 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    16:57:08.0556 4752 aswSnx - ok
    16:57:08.0587 4752 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    16:57:08.0587 4752 aswSP - ok
    16:57:08.0634 4752 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    16:57:08.0634 4752 aswTdi - ok
    16:57:08.0681 4752 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    16:57:08.0681 4752 AsyncMac - ok
    16:57:08.0712 4752 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    16:57:08.0712 4752 atapi - ok
    16:57:08.0759 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:57:08.0775 4752 AudioEndpointBuilder - ok
    16:57:08.0775 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    16:57:08.0775 4752 AudioSrv - ok
    16:57:08.0884 4752 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    16:57:08.0899 4752 avast! Antivirus - ok
    16:57:08.0931 4752 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    16:57:08.0931 4752 AxInstSV - ok
    16:57:08.0993 4752 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    16:57:08.0993 4752 b06bdrv - ok
    16:57:09.0024 4752 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:57:09.0040 4752 b57nd60a - ok
    16:57:09.0071 4752 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    16:57:09.0149 4752 BDESVC - ok
    16:57:09.0196 4752 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    16:57:09.0211 4752 Beep - ok
    16:57:09.0227 4752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    16:57:09.0227 4752 blbdrive - ok
    16:57:09.0274 4752 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:57:09.0274 4752 Bonjour Service - ok
    16:57:09.0305 4752 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    16:57:09.0305 4752 bowser - ok
    16:57:09.0321 4752 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    16:57:09.0321 4752 BrFiltLo - ok
    16:57:09.0336 4752 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    16:57:09.0336 4752 BrFiltUp - ok
    16:57:09.0367 4752 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    16:57:09.0383 4752 Browser - ok
    16:57:09.0399 4752 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    16:57:09.0399 4752 Brserid - ok
    16:57:09.0414 4752 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    16:57:09.0414 4752 BrSerWdm - ok
    16:57:09.0414 4752 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:57:09.0414 4752 BrUsbMdm - ok
    16:57:09.0414 4752 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    16:57:09.0414 4752 BrUsbSer - ok
    16:57:09.0461 4752 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    16:57:09.0461 4752 BthEnum - ok
    16:57:09.0461 4752 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    16:57:09.0461 4752 BTHMODEM - ok
    16:57:09.0492 4752 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    16:57:09.0492 4752 BthPan - ok
    16:57:09.0523 4752 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    16:57:09.0523 4752 BTHPORT - ok
    16:57:09.0555 4752 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    16:57:09.0555 4752 bthserv - ok
    16:57:09.0570 4752 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    16:57:09.0570 4752 BTHUSB - ok
    16:57:09.0586 4752 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    16:57:09.0586 4752 cdfs - ok
    16:57:09.0617 4752 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    16:57:09.0617 4752 cdrom - ok
    16:57:09.0633 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    16:57:09.0633 4752 CertPropSvc - ok
    16:57:09.0648 4752 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    16:57:09.0648 4752 circlass - ok
    16:57:09.0664 4752 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    16:57:09.0664 4752 CLFS - ok
    16:57:09.0757 4752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:57:09.0757 4752 clr_optimization_v2.0.50727_32 - ok
    16:57:09.0789 4752 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:57:09.0789 4752 clr_optimization_v2.0.50727_64 - ok
    16:57:09.0851 4752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:57:09.0898 4752 clr_optimization_v4.0.30319_32 - ok
    16:57:09.0945 4752 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:57:09.0960 4752 clr_optimization_v4.0.30319_64 - ok
    16:57:09.0960 4752 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    16:57:09.0960 4752 CmBatt - ok
    16:57:09.0960 4752 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    16:57:09.0960 4752 cmdide - ok
    16:57:09.0976 4752 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    16:57:09.0991 4752 CNG - ok
    16:57:09.0991 4752 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    16:57:09.0991 4752 Compbatt - ok
    16:57:10.0069 4752 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    16:57:10.0069 4752 CompositeBus - ok
    16:57:10.0085 4752 COMSysApp - ok
    16:57:10.0085 4752 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    16:57:10.0085 4752 crcdisk - ok
    16:57:10.0147 4752 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    16:57:10.0163 4752 CryptSvc - ok
    16:57:10.0428 4752 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    16:57:10.0428 4752 cvhsvc - ok
    16:57:10.0444 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    16:57:10.0459 4752 DcomLaunch - ok
    16:57:10.0569 4752 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    16:57:10.0584 4752 defragsvc - ok
    16:57:10.0615 4752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    16:57:10.0615 4752 DfsC - ok
    16:57:10.0631 4752 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    16:57:10.0631 4752 Dhcp - ok
    16:57:10.0647 4752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    16:57:10.0662 4752 discache - ok
    16:57:10.0678 4752 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    16:57:10.0693 4752 Disk - ok
    16:57:10.0725 4752 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    16:57:10.0725 4752 Dnscache - ok
    16:57:10.0740 4752 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    16:57:10.0740 4752 dot3svc - ok
    16:57:10.0756 4752 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    16:57:10.0756 4752 DPS - ok
    16:57:10.0787 4752 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    16:57:10.0787 4752 drmkaud - ok
    16:57:10.0818 4752 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    16:57:10.0818 4752 DXGKrnl - ok
    16:57:10.0849 4752 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    16:57:10.0849 4752 EapHost - ok
    16:57:10.0912 4752 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    16:57:10.0974 4752 ebdrv - ok
    16:57:11.0037 4752 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    16:57:11.0037 4752 EFS - ok
    16:57:11.0115 4752 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    16:57:11.0115 4752 ehRecvr - ok
    16:57:11.0146 4752 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    16:57:11.0146 4752 ehSched - ok
    16:57:11.0177 4752 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    16:57:11.0177 4752 elxstor - ok
    16:57:11.0177 4752 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    16:57:11.0177 4752 ErrDev - ok
    16:57:11.0208 4752 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    16:57:11.0208 4752 EventSystem - ok
    16:57:11.0224 4752 ewusbnet - ok
    16:57:11.0224 4752 ew_hwusbdev - ok
    16:57:11.0224 4752 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    16:57:11.0239 4752 exfat - ok
    16:57:11.0255 4752 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    16:57:11.0255 4752 fastfat - ok
    16:57:11.0271 4752 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    16:57:11.0271 4752 Fax - ok
    16:57:11.0271 4752 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    16:57:11.0286 4752 fdc - ok
    16:57:11.0302 4752 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    16:57:11.0302 4752 fdPHost - ok
    16:57:11.0302 4752 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    16:57:11.0302 4752 FDResPub - ok
    16:57:11.0317 4752 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    16:57:11.0317 4752 FileInfo - ok
    16:57:11.0333 4752 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    16:57:11.0333 4752 Filetrace - ok
    16:57:11.0349 4752 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    16:57:11.0349 4752 flpydisk - ok
    16:57:11.0349 4752 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    16:57:11.0349 4752 FltMgr - ok
    16:57:11.0380 4752 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    16:57:11.0380 4752 FontCache - ok
    16:57:11.0427 4752 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:57:11.0427 4752 FontCache3.0.0.0 - ok
    16:57:11.0473 4752 [ 71CDC1D7F58D5EC49EBC2E2332AD3FAE ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    16:57:11.0473 4752 FPLService - ok
    16:57:11.0489 4752 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    16:57:11.0489 4752 FsDepends - ok
    16:57:11.0520 4752 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    16:57:11.0520 4752 Fs_Rec - ok
    16:57:11.0536 4752 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    16:57:11.0536 4752 fvevol - ok
    16:57:11.0551 4752 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    16:57:11.0551 4752 gagp30kx - ok
    16:57:11.0614 4752 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    16:57:11.0614 4752 GamesAppService - ok
    16:57:11.0676 4752 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:57:11.0676 4752 GEARAspiWDM - ok
    16:57:11.0739 4752 [ 22B6BE519C112FD9C6ADA3C96B54EC15 ] Generalusbserialser20675 C:\Windows\system32\DRIVERS\CT_U_USBSER.sys
    16:57:11.0739 4752 Generalusbserialser20675 - ok
    16:57:11.0973 4752 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    16:57:11.0973 4752 gpsvc - ok
    16:57:12.0066 4752 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:57:12.0066 4752 gupdate - ok
    16:57:12.0066 4752 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:57:12.0066 4752 gupdatem - ok
    16:57:12.0113 4752 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    16:57:12.0113 4752 hcw85cir - ok
    16:57:12.0129 4752 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:57:12.0129 4752 HdAudAddService - ok
    16:57:12.0160 4752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:57:12.0160 4752 HDAudBus - ok
    16:57:12.0175 4752 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    16:57:12.0175 4752 HidBatt - ok
    16:57:12.0175 4752 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    16:57:12.0175 4752 HidBth - ok
    16:57:12.0191 4752 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    16:57:12.0191 4752 HidIr - ok
    16:57:12.0207 4752 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    16:57:12.0207 4752 hidserv - ok
    16:57:12.0238 4752 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    16:57:12.0238 4752 HidUsb - ok
    16:57:12.0238 4752 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:57:12.0238 4752 hkmsvc - ok
    16:57:12.0269 4752 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:57:12.0269 4752 HomeGroupListener - ok
    16:57:12.0300 4752 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:57:12.0300 4752 HomeGroupProvider - ok
    16:57:12.0394 4752 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    16:57:12.0394 4752 HP Support Assistant Service - ok
    16:57:12.0425 4752 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    16:57:12.0425 4752 HPClientSvc - ok
    16:57:12.0472 4752 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    16:57:12.0472 4752 HPDrvMntSvc.exe - ok
    16:57:12.0503 4752 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    16:57:12.0519 4752 hpqwmiex - ok
    16:57:12.0534 4752 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    16:57:12.0534 4752 HpSAMD - ok
    16:57:12.0565 4752 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:57:12.0565 4752 HTTP - ok
    16:57:12.0581 4752 huawei_enumerator - ok
    16:57:12.0581 4752 hwdatacard - ok
    16:57:12.0612 4752 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    16:57:12.0612 4752 hwpolicy - ok
    16:57:12.0628 4752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    16:57:12.0628 4752 i8042prt - ok
    16:57:12.0675 4752 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
    16:57:12.0675 4752 iaStor - ok
    16:57:12.0706 4752 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    16:57:12.0721 4752 iaStorV - ok
    16:57:12.0768 4752 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:57:12.0768 4752 idsvc - ok
    16:57:12.0987 4752 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    16:57:13.0267 4752 igfx - ok
    16:57:13.0299 4752 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    16:57:13.0299 4752 iirsp - ok
    16:57:13.0330 4752 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    16:57:13.0345 4752 IKEEXT - ok
    16:57:13.0361 4752 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
    16:57:13.0377 4752 Impcd - ok
    16:57:13.0501 4752 [ C7124DA48E557D8F88D0D7F1254557F4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    16:57:13.0517 4752 IntcAzAudAddService - ok
    16:57:13.0517 4752 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    16:57:13.0517 4752 intelide - ok
    16:57:13.0673 4752 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    16:57:13.0673 4752 intelppm - ok
    16:57:13.0704 4752 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:57:13.0704 4752 IPBusEnum - ok
    16:57:13.0720 4752 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:57:13.0720 4752 IpFilterDriver - ok
    16:57:13.0720 4752 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    16:57:13.0720 4752 IPMIDRV - ok
    16:57:13.0720 4752 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    16:57:13.0735 4752 IPNAT - ok
    16:57:13.0767 4752 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    16:57:13.0782 4752 iPod Service - ok
    16:57:13.0798 4752 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:57:13.0798 4752 IRENUM - ok
    16:57:13.0798 4752 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    16:57:13.0798 4752 isapnp - ok
    16:57:13.0829 4752 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    16:57:13.0829 4752 iScsiPrt - ok
    16:57:13.0907 4752 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    16:57:13.0907 4752 jhi_service - ok
    16:57:13.0923 4752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    16:57:13.0923 4752 kbdclass - ok
    16:57:13.0938 4752 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    16:57:13.0938 4752 kbdhid - ok
    16:57:13.0938 4752 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    16:57:13.0938 4752 KeyIso - ok
    16:57:13.0969 4752 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:57:13.0969 4752 KSecDD - ok
    16:57:14.0001 4752 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    16:57:14.0001 4752 KSecPkg - ok
    16:57:14.0001 4752 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    16:57:14.0001 4752 ksthunk - ok
    16:57:14.0047 4752 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:57:14.0047 4752 KtmRm - ok
    16:57:14.0094 4752 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    16:57:14.0094 4752 LanmanServer - ok
    16:57:14.0141 4752 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:57:14.0141 4752 LanmanWorkstation - ok
    16:57:14.0188 4752 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    16:57:14.0188 4752 LightScribeService - ok
    16:57:14.0235 4752 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:57:14.0235 4752 lltdio - ok
    16:57:14.0266 4752 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:57:14.0266 4752 lltdsvc - ok
    16:57:14.0266 4752 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:57:14.0266 4752 lmhosts - ok
    16:57:14.0328 4752 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    16:57:14.0328 4752 LMS - ok
    16:57:14.0344 4752 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    16:57:14.0359 4752 LSI_FC - ok
    16:57:14.0359 4752 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    16:57:14.0359 4752 LSI_SAS - ok
    16:57:14.0359 4752 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    16:57:14.0359 4752 LSI_SAS2 - ok
    16:57:14.0359 4752 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    16:57:14.0359 4752 LSI_SCSI - ok
    16:57:14.0391 4752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    16:57:14.0391 4752 luafv - ok
    16:57:14.0437 4752 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    16:57:14.0437 4752 MBAMProtector - ok
    16:57:14.0531 4752 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    16:57:14.0531 4752 MBAMScheduler - ok
    16:57:14.0562 4752 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    16:57:14.0562 4752 MBAMService - ok
    16:57:14.0578 4752 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:57:14.0593 4752 Mcx2Svc - ok
    16:57:14.0609 4752 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    16:57:14.0609 4752 megasas - ok
    16:57:14.0609 4752 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    16:57:14.0609 4752 MegaSR - ok
    16:57:14.0656 4752 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
    16:57:14.0656 4752 MEIx64 - ok
    16:57:14.0687 4752 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    16:57:14.0687 4752 MMCSS - ok
    16:57:14.0718 4752 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    16:57:14.0718 4752 Modem - ok
    16:57:14.0734 4752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:57:14.0734 4752 monitor - ok
    16:57:14.0749 4752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:57:14.0749 4752 mouclass - ok
    16:57:14.0765 4752 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    16:57:14.0765 4752 mouhid - ok
    16:57:14.0781 4752 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    16:57:14.0781 4752 mountmgr - ok
    16:57:14.0812 4752 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    16:57:14.0812 4752 mpio - ok
    16:57:14.0968 4752 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:57:14.0968 4752 mpsdrv - ok
    16:57:14.0968 4752 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:57:14.0968 4752 MRxDAV - ok
    16:57:14.0999 4752 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:57:14.0999 4752 mrxsmb - ok
    16:57:15.0061 4752 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:57:15.0061 4752 mrxsmb10 - ok
    16:57:15.0155 4752 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:57:15.0155 4752 mrxsmb20 - ok
    16:57:15.0171 4752 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    16:57:15.0171 4752 msahci - ok
    16:57:15.0171 4752 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    16:57:15.0171 4752 msdsm - ok
    16:57:15.0342 4752 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    16:57:15.0342 4752 MSDTC - ok
    16:57:15.0373 4752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:57:15.0373 4752 Msfs - ok
    16:57:15.0420 4752 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    16:57:15.0420 4752 mshidkmdf - ok
    16:57:15.0420 4752 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    16:57:15.0420 4752 msisadrv - ok
    16:57:15.0436 4752 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
     
  8. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    16:57:15.0436 4752 MSiSCSI - ok
    16:57:15.0451 4752 msiserver - ok
    16:57:15.0498 4752 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    16:57:15.0685 4752 MSKSSRV - ok
    16:57:15.0685 4752 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    16:57:15.0685 4752 MSPCLOCK - ok
    16:57:15.0685 4752 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:57:15.0701 4752 MSPQM - ok
    16:57:15.0717 4752 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:57:15.0732 4752 MsRPC - ok
    16:57:15.0748 4752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    16:57:15.0748 4752 mssmbios - ok
    16:57:15.0763 4752 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:57:15.0763 4752 MSTEE - ok
    16:57:15.0779 4752 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    16:57:15.0779 4752 MTConfig - ok
    16:57:15.0795 4752 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:57:15.0795 4752 Mup - ok
    16:57:15.0810 4752 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    16:57:15.0826 4752 napagent - ok
    16:57:15.0951 4752 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:57:15.0951 4752 NativeWifiP - ok
    16:57:16.0153 4752 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
    16:57:16.0153 4752 NAUpdate - ok
    16:57:16.0247 4752 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:57:16.0247 4752 NDIS - ok
    16:57:16.0341 4752 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    16:57:16.0341 4752 NdisCap - ok
    16:57:16.0387 4752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:57:16.0403 4752 NdisTapi - ok
    16:57:16.0450 4752 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:57:16.0450 4752 Ndisuio - ok
    16:57:16.0512 4752 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:57:16.0512 4752 NdisWan - ok
    16:57:16.0543 4752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:57:16.0543 4752 NDProxy - ok
    16:57:16.0606 4752 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:57:16.0606 4752 NetBIOS - ok
    16:57:16.0684 4752 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    16:57:16.0684 4752 NetBT - ok
    16:57:16.0715 4752 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    16:57:16.0715 4752 Netlogon - ok
    16:57:17.0027 4752 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    16:57:17.0027 4752 Netman - ok
    16:57:17.0074 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:57:17.0121 4752 NetMsmqActivator - ok
    16:57:17.0121 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:57:17.0121 4752 NetPipeActivator - ok
    16:57:17.0199 4752 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    16:57:17.0230 4752 netprofm - ok
    16:57:17.0292 4752 [ 883269C1CA478658F1334F3C39B0C7AC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
    16:57:17.0292 4752 netr28ux - ok
    16:57:17.0308 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:57:17.0308 4752 NetTcpActivator - ok
    16:57:17.0308 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:57:17.0308 4752 NetTcpPortSharing - ok
    16:57:17.0339 4752 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    16:57:17.0339 4752 nfrd960 - ok
    16:57:17.0370 4752 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:57:17.0386 4752 NlaSvc - ok
    16:57:17.0386 4752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:57:17.0386 4752 Npfs - ok
    16:57:17.0401 4752 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    16:57:17.0401 4752 nsi - ok
    16:57:17.0417 4752 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:57:17.0417 4752 nsiproxy - ok
    16:57:17.0854 4752 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:57:17.0869 4752 Ntfs - ok
    16:57:17.0885 4752 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    16:57:17.0885 4752 Null - ok
    16:57:17.0932 4752 [ 857FB74754EBFF94EE3AD40788740916 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    16:57:17.0947 4752 NVHDA - ok
    16:57:18.0197 4752 [ 969734DCC31EE75B67B494115CDB69EE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    16:57:18.0244 4752 nvlddmkm - ok
    16:57:18.0353 4752 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:57:18.0353 4752 nvraid - ok
    16:57:18.0369 4752 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:57:18.0369 4752 nvstor - ok
    16:57:18.0400 4752 [ A4416E0150C5E2BEFD986C9D360984D6 ] NVSvc C:\Windows\system32\nvvsvc.exe
    16:57:18.0415 4752 NVSvc - ok
    16:57:18.0462 4752 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    16:57:18.0462 4752 nv_agp - ok
    16:57:18.0462 4752 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    16:57:18.0462 4752 ohci1394 - ok
    16:57:18.0493 4752 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:57:18.0509 4752 ose - ok
    16:57:18.0743 4752 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:57:18.0774 4752 osppsvc - ok
    16:57:18.0821 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:57:18.0821 4752 p2pimsvc - ok
    16:57:18.0852 4752 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:57:18.0868 4752 p2psvc - ok
    16:57:18.0883 4752 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    16:57:18.0883 4752 Parport - ok
    16:57:18.0899 4752 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:57:18.0899 4752 partmgr - ok
    16:57:18.0915 4752 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:57:18.0915 4752 PcaSvc - ok
    16:57:18.0946 4752 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    16:57:18.0946 4752 pci - ok
    16:57:18.0977 4752 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    16:57:18.0977 4752 pciide - ok
    16:57:18.0977 4752 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    16:57:18.0977 4752 pcmcia - ok
    16:57:18.0993 4752 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:57:18.0993 4752 pcw - ok
    16:57:19.0024 4752 pdfcDispatcher - ok
    16:57:19.0133 4752 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:57:19.0133 4752 PEAUTH - ok
    16:57:19.0242 4752 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:57:19.0242 4752 PerfHost - ok
    16:57:19.0289 4752 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    16:57:19.0305 4752 pla - ok
    16:57:19.0351 4752 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:57:19.0351 4752 PlugPlay - ok
    16:57:19.0367 4752 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
    16:57:19.0367 4752 pmxdrv - ok
    16:57:19.0414 4752 [ A010F13D27C1033A8BE09D5FA9BF348B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
    16:57:19.0414 4752 pneteth - ok
    16:57:19.0445 4752 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:57:19.0445 4752 PNRPAutoReg - ok
    16:57:19.0445 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:57:19.0461 4752 PNRPsvc - ok
    16:57:19.0492 4752 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:57:19.0492 4752 PolicyAgent - ok
    16:57:19.0523 4752 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    16:57:19.0523 4752 Power - ok
    16:57:19.0539 4752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:57:19.0539 4752 PptpMiniport - ok
    16:57:19.0554 4752 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    16:57:19.0554 4752 Processor - ok
    16:57:19.0601 4752 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    16:57:19.0617 4752 ProfSvc - ok
    16:57:19.0617 4752 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:57:19.0617 4752 ProtectedStorage - ok
    16:57:19.0648 4752 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:57:19.0648 4752 Psched - ok
    16:57:19.0695 4752 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    16:57:19.0710 4752 ql2300 - ok
    16:57:19.0710 4752 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    16:57:19.0726 4752 ql40xx - ok
    16:57:19.0741 4752 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    16:57:19.0741 4752 QWAVE - ok
    16:57:19.0757 4752 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:57:19.0757 4752 QWAVEdrv - ok
    16:57:19.0757 4752 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:57:19.0757 4752 RasAcd - ok
    16:57:19.0788 4752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:57:19.0788 4752 RasAgileVpn - ok
    16:57:19.0804 4752 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    16:57:19.0804 4752 RasAuto - ok
    16:57:19.0819 4752 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:57:19.0819 4752 Rasl2tp - ok
    16:57:19.0851 4752 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    16:57:19.0851 4752 RasMan - ok
    16:57:19.0866 4752 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:57:19.0866 4752 RasPppoe - ok
    16:57:19.0897 4752 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:57:19.0897 4752 RasSstp - ok
    16:57:19.0913 4752 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:57:19.0913 4752 rdbss - ok
    16:57:19.0929 4752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    16:57:19.0929 4752 rdpbus - ok
    16:57:19.0960 4752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:57:19.0960 4752 RDPCDD - ok
    16:57:19.0975 4752 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:57:19.0975 4752 RDPENCDD - ok
    16:57:19.0975 4752 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:57:19.0975 4752 RDPREFMP - ok
    16:57:20.0038 4752 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:57:20.0038 4752 RDPWD - ok
    16:57:20.0053 4752 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:57:20.0053 4752 rdyboost - ok
    16:57:20.0085 4752 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:57:20.0085 4752 RemoteAccess - ok
    16:57:20.0100 4752 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:57:20.0100 4752 RemoteRegistry - ok
    16:57:20.0147 4752 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
    16:57:20.0147 4752 Revoflt - ok
    16:57:20.0194 4752 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    16:57:20.0194 4752 RFCOMM - ok
    16:57:20.0272 4752 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    16:57:20.0272 4752 RoxioNow Service - ok
    16:57:20.0287 4752 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:57:20.0287 4752 RpcEptMapper - ok
    16:57:20.0319 4752 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    16:57:20.0319 4752 RpcLocator - ok
    16:57:20.0365 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    16:57:20.0365 4752 RpcSs - ok
    16:57:20.0365 4752 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:57:20.0365 4752 rspndr - ok
    16:57:20.0443 4752 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:57:20.0443 4752 RTL8167 - ok
    16:57:20.0459 4752 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    16:57:20.0459 4752 SamSs - ok
    16:57:20.0475 4752 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    16:57:20.0475 4752 sbp2port - ok
    16:57:20.0490 4752 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:57:20.0490 4752 SCardSvr - ok
    16:57:20.0506 4752 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:57:20.0506 4752 scfilter - ok
    16:57:20.0521 4752 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    16:57:20.0537 4752 Schedule - ok
    16:57:20.0568 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:57:20.0568 4752 SCPolicySvc - ok
    16:57:20.0568 4752 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:57:20.0584 4752 SDRSVC - ok
    16:57:20.0615 4752 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:57:20.0615 4752 secdrv - ok
    16:57:20.0631 4752 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    16:57:20.0631 4752 seclogon - ok
    16:57:20.0646 4752 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    16:57:20.0646 4752 SENS - ok
    16:57:20.0662 4752 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:57:20.0662 4752 SensrSvc - ok
    16:57:20.0662 4752 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    16:57:20.0662 4752 Serenum - ok
    16:57:20.0677 4752 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    16:57:20.0677 4752 Serial - ok
    16:57:20.0709 4752 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    16:57:20.0724 4752 sermouse - ok
    16:57:20.0740 4752 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    16:57:20.0740 4752 SessionEnv - ok
    16:57:20.0740 4752 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    16:57:20.0740 4752 sffdisk - ok
    16:57:20.0740 4752 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    16:57:20.0740 4752 sffp_mmc - ok
    16:57:20.0755 4752 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    16:57:20.0755 4752 sffp_sd - ok
    16:57:20.0755 4752 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    16:57:20.0755 4752 sfloppy - ok
    16:57:20.0802 4752 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    16:57:20.0802 4752 Sftfs - ok
    16:57:21.0021 4752 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    16:57:21.0021 4752 sftlist - ok
    16:57:21.0130 4752 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    16:57:21.0130 4752 Sftplay - ok
    16:57:21.0161 4752 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    16:57:21.0161 4752 Sftredir - ok
    16:57:21.0192 4752 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    16:57:21.0192 4752 Sftvol - ok
    16:57:21.0286 4752 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    16:57:21.0286 4752 sftvsa - ok
    16:57:21.0411 4752 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:57:21.0426 4752 ShellHWDetection - ok
    16:57:21.0457 4752 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    16:57:21.0457 4752 SiSRaid2 - ok
    16:57:21.0457 4752 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    16:57:21.0457 4752 SiSRaid4 - ok
    16:57:21.0473 4752 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:57:21.0473 4752 Smb - ok
    16:57:21.0489 4752 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:57:21.0489 4752 SNMPTRAP - ok
    16:57:21.0504 4752 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:57:21.0504 4752 spldr - ok
    16:57:21.0567 4752 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    16:57:21.0567 4752 Spooler - ok
    16:57:22.0019 4752 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    16:57:22.0050 4752 sppsvc - ok
    16:57:22.0066 4752 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:57:22.0066 4752 sppuinotify - ok
    16:57:22.0097 4752 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:57:22.0113 4752 srv - ok
    16:57:22.0128 4752 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:57:22.0144 4752 srv2 - ok
    16:57:22.0144 4752 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:57:22.0144 4752 srvnet - ok
    16:57:22.0175 4752 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:57:22.0175 4752 SSDPSRV - ok
    16:57:22.0175 4752 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:57:22.0191 4752 SstpSvc - ok
    16:57:22.0206 4752 Steam Client Service - ok
    16:57:22.0269 4752 [ B82E7009E4016F74B65706A5668D6AE9 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    16:57:22.0284 4752 Stereo Service - ok
    16:57:22.0300 4752 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    16:57:22.0300 4752 stexstor - ok
    16:57:22.0331 4752 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    16:57:22.0331 4752 stisvc - ok
    16:57:22.0378 4752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    16:57:22.0378 4752 swenum - ok
    16:57:22.0487 4752 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    16:57:22.0503 4752 swprv - ok
    16:57:22.0549 4752 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    16:57:22.0565 4752 SysMain - ok
    16:57:22.0596 4752 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:57:22.0596 4752 TabletInputService - ok
    16:57:22.0612 4752 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:57:22.0612 4752 TapiSrv - ok
    16:57:22.0627 4752 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    16:57:22.0627 4752 TBS - ok
    16:57:22.0705 4752 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:57:22.0737 4752 Tcpip - ok
    16:57:22.0799 4752 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:57:22.0815 4752 TCPIP6 - ok
    16:57:22.0830 4752 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:57:22.0830 4752 tcpipreg - ok
    16:57:22.0861 4752 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:57:22.0861 4752 TDPIPE - ok
    16:57:22.0877 4752 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:57:22.0877 4752 TDTCP - ok
    16:57:22.0908 4752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:57:22.0908 4752 tdx - ok
    16:57:22.0924 4752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    16:57:22.0924 4752 TermDD - ok
    16:57:23.0111 4752 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    16:57:23.0111 4752 TermService - ok
    16:57:23.0142 4752 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    16:57:23.0142 4752 Themes - ok
    16:57:23.0158 4752 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    16:57:23.0158 4752 THREADORDER - ok
    16:57:23.0173 4752 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    16:57:23.0173 4752 TrkWks - ok
    16:57:23.0251 4752 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:57:23.0251 4752 TrustedInstaller - ok
    16:57:23.0267 4752 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:57:23.0267 4752 tssecsrv - ok
    16:57:23.0283 4752 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    16:57:23.0283 4752 TsUsbFlt - ok
    16:57:23.0283 4752 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    16:57:23.0283 4752 TsUsbGD - ok
    16:57:23.0844 4752 [ 0983B1D660D995235A25822E56FAE52C ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    16:57:23.0844 4752 TuneUp.UtilitiesSvc - ok
    16:57:23.0922 4752 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
    16:57:23.0922 4752 TuneUpUtilitiesDrv - ok
    16:57:23.0938 4752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:57:23.0938 4752 tunnel - ok
    16:57:23.0938 4752 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    16:57:23.0938 4752 uagp35 - ok
    16:57:23.0953 4752 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:57:23.0969 4752 udfs - ok
    16:57:24.0031 4752 [ 54A4A93A984E5C30B5CAB9257A0A05BF ] UDisk Monitor C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
    16:57:24.0047 4752 UDisk Monitor - ok
    16:57:24.0063 4752 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:57:24.0063 4752 UI0Detect - ok
    16:57:24.0078 4752 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    16:57:24.0078 4752 uliagpkx - ok
    16:57:24.0094 4752 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    16:57:24.0094 4752 umbus - ok
    16:57:24.0094 4752 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    16:57:24.0109 4752 UmPass - ok
    16:57:24.0359 4752 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    16:57:24.0390 4752 UNS - ok
    16:57:24.0421 4752 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    16:57:24.0421 4752 upnphost - ok
    16:57:24.0453 4752 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    16:57:24.0468 4752 USBAAPL64 - ok
    16:57:24.0484 4752 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    16:57:24.0484 4752 usbaudio - ok
    16:57:24.0499 4752 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:57:24.0499 4752 usbccgp - ok
    16:57:24.0515 4752 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    16:57:24.0515 4752 usbcir - ok
    16:57:24.0531 4752 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    16:57:24.0531 4752 usbehci - ok
    16:57:24.0562 4752 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:57:24.0562 4752 usbhub - ok
    16:57:24.0593 4752 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    16:57:24.0593 4752 usbohci - ok
    16:57:24.0609 4752 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    16:57:24.0609 4752 usbprint - ok
    16:57:24.0624 4752 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:57:24.0624 4752 USBSTOR - ok
    16:57:24.0624 4752 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    16:57:24.0624 4752 usbuhci - ok
    16:57:24.0640 4752 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    16:57:24.0640 4752 UxSms - ok
    16:57:24.0655 4752 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    16:57:24.0655 4752 VaultSvc - ok
    16:57:24.0655 4752 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    16:57:24.0655 4752 vdrvroot - ok
    16:57:24.0671 4752 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    16:57:24.0687 4752 vds - ok
    16:57:24.0718 4752 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:57:24.0718 4752 vga - ok
    16:57:24.0749 4752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:57:24.0749 4752 VgaSave - ok
    16:57:24.0749 4752 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    16:57:24.0765 4752 vhdmp - ok
    16:57:24.0765 4752 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    16:57:24.0765 4752 viaide - ok
    16:57:24.0765 4752 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    16:57:24.0765 4752 volmgr - ok
    16:57:24.0811 4752 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:57:24.0811 4752 volmgrx - ok
    16:57:24.0811 4752 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
    16:57:24.0811 4752 volsnap - ok
    16:57:24.0889 4752 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    16:57:24.0905 4752 vsmraid - ok
    16:57:24.0983 4752 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    16:57:24.0999 4752 VSS - ok
    16:57:25.0014 4752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    16:57:25.0014 4752 vwifibus - ok
    16:57:25.0045 4752 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    16:57:25.0045 4752 vwififlt - ok
    16:57:25.0061 4752 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    16:57:25.0061 4752 W32Time - ok
    16:57:25.0092 4752 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    16:57:25.0092 4752 WacomPen - ok
    16:57:25.0108 4752 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:57:25.0108 4752 WANARP - ok
    16:57:25.0108 4752 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    16:57:25.0108 4752 Wanarpv6 - ok
    16:57:25.0357 4752 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    16:57:25.0373 4752 WatAdminSvc - ok
    16:57:25.0420 4752 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    16:57:25.0435 4752 wbengine - ok
    16:57:25.0467 4752 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:57:25.0467 4752 WbioSrvc - ok
    16:57:25.0482 4752 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:57:25.0482 4752 wcncsvc - ok
    16:57:25.0513 4752 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:57:25.0513 4752 WcsPlugInService - ok
    16:57:25.0545 4752 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    16:57:25.0545 4752 Wd - ok
    16:57:25.0560 4752 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:57:25.0576 4752 Wdf01000 - ok
    16:57:25.0591 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:57:25.0591 4752 WdiServiceHost - ok
    16:57:25.0591 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:57:25.0591 4752 WdiSystemHost - ok
    16:57:25.0607 4752 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    16:57:25.0607 4752 WebClient - ok
    16:57:25.0638 4752 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:57:25.0638 4752 Wecsvc - ok
    16:57:25.0654 4752 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:57:25.0654 4752 wercplsupport - ok
    16:57:25.0669 4752 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:57:25.0669 4752 WerSvc - ok
    16:57:25.0685 4752 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:57:25.0685 4752 WfpLwf - ok
    16:57:25.0701 4752 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:57:25.0701 4752 WIMMount - ok
    16:57:25.0701 4752 WinHttpAutoProxySvc - ok
    16:57:25.0747 4752 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:57:25.0747 4752 Winmgmt - ok
    16:57:25.0825 4752 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    16:57:25.0872 4752 WinRM - ok
    16:57:25.0966 4752 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    16:57:25.0966 4752 WinUsb - ok
    16:57:25.0997 4752 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:57:25.0997 4752 Wlansvc - ok
    16:57:26.0200 4752 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    16:57:26.0200 4752 wlcrasvc - ok
    16:57:26.0824 4752 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:57:26.0839 4752 wlidsvc - ok
    16:57:27.0027 4752 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    16:57:27.0027 4752 WmiAcpi - ok
    16:57:27.0042 4752 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:57:27.0042 4752 wmiApSrv - ok
    16:57:27.0058 4752 WMPNetworkSvc - ok
    16:57:27.0214 4752 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
    16:57:27.0229 4752 WMZuneComm - ok
    16:57:27.0276 4752 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:57:27.0276 4752 WPCSvc - ok
    16:57:27.0292 4752 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:57:27.0292 4752 WPDBusEnum - ok
    16:57:27.0307 4752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:57:27.0307 4752 ws2ifsl - ok
    16:57:27.0323 4752 WSearch - ok
    16:57:27.0323 4752 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:57:27.0339 4752 WudfPf - ok
    16:57:27.0370 4752 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:57:27.0370 4752 WUDFRd - ok
    16:57:27.0401 4752 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:57:27.0401 4752 wudfsvc - ok
    16:57:27.0417 4752 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:57:27.0417 4752 WwanSvc - ok
    16:57:27.0448 4752 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    16:57:27.0448 4752 xusb21 - ok
    16:57:27.0651 4752 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
    16:57:27.0885 4752 ZuneNetworkSvc - ok
    16:57:28.0009 4752 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
    16:57:28.0009 4752 ZuneWlanCfgSvc - ok
    16:57:28.0056 4752 ================ Scan global ===============================
    16:57:28.0072 4752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    16:57:28.0134 4752 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    16:57:28.0150 4752 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    16:57:28.0181 4752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    16:57:28.0212 4752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    16:57:28.0212 4752 [Global] - ok
    16:57:28.0212 4752 ================ Scan MBR ==================================
    16:57:28.0228 4752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    16:57:28.0649 4752 \Device\Harddisk0\DR0 - ok
    16:57:28.0665 4752 [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR1
    16:57:28.0680 4752 \Device\Harddisk1\DR1 - ok
    16:57:28.0680 4752 ================ Scan VBR ==================================
    16:57:28.0680 4752 [ 2641554119CEFD8D201D5195F3F267C6 ] \Device\Harddisk0\DR0\Partition1
    16:57:28.0680 4752 \Device\Harddisk0\DR0\Partition1 - ok
    16:57:28.0743 4752 [ C06E169B4905564246DE228D300F8937 ] \Device\Harddisk0\DR0\Partition2
    16:57:28.0743 4752 \Device\Harddisk0\DR0\Partition2 - ok
    16:57:28.0836 4752 [ 0E86FB793D7DFCA28170CA00DC2B42A3 ] \Device\Harddisk0\DR0\Partition3
    16:57:28.0836 4752 \Device\Harddisk0\DR0\Partition3 - ok
    16:57:28.0836 4752 [ 5A08F83E341009345831474005023B21 ] \Device\Harddisk1\DR1\Partition1
    16:57:28.0836 4752 \Device\Harddisk1\DR1\Partition1 - ok
    16:57:28.0836 4752 ============================================================
    16:57:28.0836 4752 Scan finished
    16:57:28.0836 4752 ============================================================
    16:57:28.0836 4996 Detected object count: 0
    16:57:28.0836 4996 Actual detected object count: 0
    17:06:17.0728 4292 Deinitialize success
     
  9. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jimmy [Admin rights]
    Mode : Scan -- Date : 11/01/2012 17:09:56
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] MusicManager.exe -- C:\Users\Jimmy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Jimmy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2495479790-982925703-2321560144-1001[...]\Run : MusicManager ("C:\Users\Jimmy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
    [TASK][SUSP PATH] Norton PC Checkup Setup : C:\Users\Jimmy\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe /env=prod /task /attempts=100 /partnerid=_PC_DRIVERS_HQ -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD15EARS-60MVWB0 +++++
    --- User ---
    [MBR] 733ea392d5ef7e0d871cf03529451860
    [BSP] 89effe65d0599617d3e81fa4e29ad3f7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1418630 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2905561088 | Size: 12067 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] a6ed8d5e96c6ae96c6d5f107af6e8eed
    [BSP] 1c4e6504e4f891f670ca85feaef02452 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo
    +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
    --- User ---
    [MBR] 01fca70195236173241d1448223f8a95
    [BSP] 9ab224430cae5d4642efe916dd8f39b0 : Standard MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15292 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jimmy [Admin rights]
    Mode : Remove -- Date : 11/01/2012 17:10:41
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] MusicManager.exe -- C:\Users\Jimmy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Jimmy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> DELETED
    [TASK][SUSP PATH] Norton PC Checkup Setup : C:\Users\Jimmy\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe /env=prod /task /attempts=100 /partnerid=_PC_DRIVERS_HQ -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD15EARS-60MVWB0 +++++
    --- User ---
    [MBR] 733ea392d5ef7e0d871cf03529451860
    [BSP] 89effe65d0599617d3e81fa4e29ad3f7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1418630 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2905561088 | Size: 12067 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] a6ed8d5e96c6ae96c6d5f107af6e8eed
    [BSP] 1c4e6504e4f891f670ca85feaef02452 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo
    +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
    --- User ---
    [MBR] 01fca70195236173241d1448223f8a95
    [BSP] 9ab224430cae5d4642efe916dd8f39b0 : Standard MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15292 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.10.29.12
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jimmy :: JIMMY-HP [administrator]
    Protection: Enabled
    11/1/2012 5:31:39 PM
    mbam-log-2012-11-01 (17-31-39).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200812
    Time elapsed: 33 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-01 17:18:17
    -----------------------------
    17:18:17.631 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:18:17.631 Number of processors: 4 586 0x2A07
    17:18:17.631 ComputerName: JIMMY-HP UserName: Jimmy
    17:18:19.001 Initialize success
    17:18:21.101 AVAST engine defs: 12110100
    17:18:28.552 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:18:28.552 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
    17:18:28.572 Disk 0 MBR read successfully
    17:18:28.572 Disk 0 MBR scan
    17:18:28.572 Disk 0 Windows 7 default MBR code
    17:18:28.582 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:18:28.582 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1418630 MB offset 206848
    17:18:28.612 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12067 MB offset 2905561088
    17:18:28.652 Disk 0 scanning C:\Windows\system32\drivers
    17:18:34.387 Service scanning
    17:18:46.125 Modules scanning
    17:18:46.125 Disk 0 trace - called modules:
    17:18:46.145 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    17:18:46.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009d22060]
    17:18:46.155 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80076ee050]
    17:18:47.285 AVAST engine scan C:\Windows
    17:18:49.215 AVAST engine scan C:\Windows\system32
    17:20:10.209 AVAST engine scan C:\Windows\system32\drivers
    17:20:18.561 AVAST engine scan C:\Users\Jimmy
    17:21:13.767 Disk 0 MBR has been saved successfully to "C:\Users\Jimmy\Desktop\MBR.dat"
    17:21:13.767 The log file has been saved successfully to "C:\Users\Jimmy\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    ComboFix 12-10-29.05 - Jimmy 11/01/2012 19:58:15.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6116 [GMT -4:00]
    Running from: c:\users\Jimmy\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SwSys1.bmp
    c:\windows\SwSys2.bmp
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-01 03:56 . 2012-11-01 03:56 -------- d-----w- C:\FRST
    2012-11-01 03:02 . 2012-11-01 03:15 -------- d-----w- c:\program files (x86)\Google
    2012-11-01 03:02 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-11-01 03:02 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-11-01 03:02 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-11-01 03:02 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-11-01 03:02 . 2012-10-15 15:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-11-01 03:02 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-11-01 03:02 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-11-01 03:02 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
    2012-11-01 03:02 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-11-01 03:01 . 2012-11-01 03:01 -------- d-----w- c:\programdata\AVAST Software
    2012-11-01 03:01 . 2012-11-01 03:01 -------- d-----w- c:\program files\AVAST Software
    2012-11-01 00:41 . 2012-11-01 00:43 -------- d-----w- c:\program files (x86)\Nero
    2012-11-01 00:41 . 2012-11-01 00:43 -------- d-----w- c:\programdata\Nero
    2012-10-31 15:35 . 2012-11-01 02:29 -------- d-----w- c:\programdata\MFAData
    2012-10-31 15:35 . 2012-10-31 15:35 -------- d--h--w- c:\programdata\Common Files
    2012-10-31 15:35 . 2012-10-31 15:35 -------- d-----w- c:\users\Jimmy\AppData\Local\MFAData
    2012-10-30 01:51 . 2012-10-30 02:06 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-29 19:59 . 2012-10-29 19:59 -------- d-----w- c:\users\Jimmy\AppData\Roaming\Malwarebytes
    2012-10-29 19:59 . 2012-10-29 19:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-29 19:59 . 2012-10-29 20:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-29 19:59 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-28 20:18 . 2012-10-29 21:36 -------- d-----w- c:\users\Jimmy\AppData\Local\Nero
    2012-10-28 02:14 . 2010-05-26 15:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
    2012-10-28 02:14 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
    2012-10-28 02:14 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
    2012-10-28 02:14 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
    2012-10-28 02:14 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
    2012-10-28 01:02 . 2012-11-01 00:34 -------- d-----w- c:\users\Jimmy\AppData\Roaming\DVD Flick
    2012-10-28 01:02 . 2012-10-28 01:02 -------- d-----w- c:\program files (x86)\DVD Flick
    2012-10-28 01:02 . 2008-08-31 17:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx
    2012-10-28 01:02 . 2007-08-31 22:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx
    2012-10-28 01:02 . 2004-03-09 04:00 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
    2012-10-28 01:02 . 2003-01-26 17:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll
    2012-10-27 22:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC7D46E7-2D05-442D-A0EA-4BF8A9E7A6AC}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-16 02:55 . 2012-02-26 17:18 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-15 23:08 . 2012-04-09 23:24 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-15 23:08 . 2011-09-01 01:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-24 11:15 . 2012-09-23 05:38 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-23 05:38 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-23 05:38 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-23 05:38 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-23 05:38 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-23 05:38 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-23 05:38 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-23 05:38 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-23 05:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-23 05:38 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-23 05:38 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-23 05:38 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-23 05:38 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-23 05:38 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-23 05:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-23 05:38 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-23 05:38 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-23 05:38 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-23 05:38 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-23 05:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-23 05:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-23 05:38 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-13 02:16 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-13 02:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-13 02:16 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-13 02:16 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-25 22:06 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-20 17:38 . 2012-10-15 16:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2012-05-16 18:37 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    .
    c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2012-2-26 4142448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-15 250808]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys [2011-05-09 122368]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 136176]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-09-01 31152]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-25 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-21 378984]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-06 2143552]
    S2 UDisk Monitor;UDisk Monitor;c:\program files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [2011-05-12 512000]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
    S3 netr28ux;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-11 155752]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-02-01 11856]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 16:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:08]
    .
    2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 03:02]
    .
    2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 03:02]
    .
    2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2495479790-982925703-2321560144-1001Core.job
    - c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 02:34]
    .
    2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2495479790-982925703-2321560144-1001UA.job
    - c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 02:34]
    .
    2012-10-24 c:\windows\Tasks\HPCeeScheduleForJimmy.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Media Manager... - c:\program files (x86)\MP3 Player Utilities 5.01\MediaManager\grab.html
    IE: AMV convert tool grab multimedia file - c:\program files (x86)\MP3 Player Utilities 5.01\AMVConverter\grab.html
    Trusted Zone: cinemanow.com
    Trusted Zone: hp.com
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: sonic.com\redirect
    Trusted Zone: sonic.com\redirect2
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-01 20:06:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-02 00:06
    .
    Pre-Run: 1,209,212,567,552 bytes free
    Post-Run: 1,211,308,425,216 bytes free
    .
    - - End Of File - - 2B59F9756F47DDC232765AEB8545C877
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good :)

    Any current issues?

    You can reinstall AVG now.

    =====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    Everything seems to be good. Thank you so much, you are very much appreciated! I've got a couple of more questions though. First what is OTL and do I still need to follow the directions above. Also, will I be fine just using the free version of avast
     
  14. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    I went ahead and got OTL and used it, here are the logs

    OTL logfile created on: 11/2/2012 9:43:10 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


    7.98 Gb Total Physical Memory | 6.43 Gb Available Physical Memory | 80.56% Memory free
    15.96 Gb Paging File | 14.34 Gb Available in Paging File | 89.85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1385.38 Gb Total Space | 1128.74 Gb Free Space | 81.48% Space Free | Partition Type: NTFS
    Drive D: | 11.78 Gb Total Space | 1.44 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
    Drive F: | 14.93 Gb Total Space | 14.93 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

    Computer Name: JIMMY-HP | User Name: Jimmy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/02 09:22:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
    PRC - [2012/10/30 18:51:05 | 006,527,128 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
    PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/06/09 08:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    PRC - [2011/06/09 08:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    PRC - [2011/06/09 08:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    PRC - [2011/05/12 14:23:38 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
    PRC - [2011/05/05 19:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    PRC - [2011/02/01 03:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/02/01 03:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/12/21 16:56:14 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/10/12 10:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
    PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/26 00:31:01 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\CrashRpt.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    MOD - [2010/09/30 21:50:23 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\DockShellHook.dll
    MOD - [2010/03/09 17:58:30 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\zlib.dll
    MOD - [2009/06/17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2009/06/17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2009/06/17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/15 19:08:02 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/06 17:10:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/02/06 15:25:22 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/06/09 08:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
    SRV - [2011/05/12 14:23:38 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe -- (UDisk Monitor)
    SRV - [2011/05/05 19:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2011/02/01 03:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/02/01 03:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/12/21 16:56:14 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/08/31 21:40:26 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
    DRV:64bit: - [2011/08/31 21:19:29 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/08/31 21:19:29 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/05/09 18:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
    DRV:64bit: - [2011/04/26 15:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/04/22 06:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/01/27 13:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/11 19:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2010/10/19 07:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/25 12:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2012/02/01 14:24:02 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{AD032479-895A-48C8-9AA4-49B29E0B9B5A}: "URL" = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{AD032479-895A-48C8-9AA4-49B29E0B9B5A}: "URL" = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=f867930a0000000000000023697666b3
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=f867930a0000000000000023697666b3
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\SearchScopes\{AD032479-895A-48C8-9AA4-49B29E0B9B5A}: "URL" = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


    [2012/05/30 23:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
    [2012/10/29 09:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2012/11/01 20:02:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\Toolbar\WebBrowser: (no name) - {A823A630-78C6-4637-AF80-AEDCA5BB74C1} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
    O4 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 5.01\MediaManager\grab.html ()
    O8:64bit: - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files (x86)\MP3 Player Utilities 5.01\AMVConverter\grab.html File not found
    O8 - Extra context menu item: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 5.01\MediaManager\grab.html ()
    O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files (x86)\MP3 Player Utilities 5.01\AMVConverter\grab.html File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: hp.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: qflix.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: roxio.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
    O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{126A87E4-80D1-45CE-83E6-6A8F5395FE01}: DhcpNameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{296F73B9-E8C8-4BBE-8B12-6B5B6E08E1E9}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF32567-62B3-48CA-8824-ECA9314F6D77}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll (Stardock)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/02 09:40:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
    [2012/11/01 20:02:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/11/01 20:01:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/01 19:57:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/01 19:57:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/01 19:57:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/01 19:57:29 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/01 19:57:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/01 17:09:22 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\RK_Quarantine
    [2012/11/01 16:45:44 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jimmy\Desktop\TDSSKiller.exe
    [2012/10/31 23:56:53 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/31 23:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/10/31 23:02:15 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/31 23:02:15 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/31 23:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/10/31 23:02:14 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/31 23:02:14 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/31 23:02:14 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/10/31 23:02:13 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/31 23:02:13 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/31 23:02:00 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/31 23:02:00 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/31 23:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/10/31 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/10/31 20:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
    [2012/10/31 20:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
    [2012/10/31 20:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2012/10/31 11:35:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/10/31 11:35:53 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\MFAData
    [2012/10/31 11:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/10/29 21:51:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/29 19:50:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jimmy\Desktop\aswMBR.exe
    [2012/10/29 19:41:33 | 004,990,780 | R--- | C] (Swearware) -- C:\Users\Jimmy\Desktop\ComboFix.exe
    [2012/10/29 15:59:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Malwarebytes
    [2012/10/29 15:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/29 15:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/29 15:59:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/29 15:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/29 09:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2012/10/28 23:37:02 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\Nero_AG
    [2012/10/28 16:47:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Documents\Programs and Serials
    [2012/10/28 16:18:55 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\Nero
    [2012/10/27 21:02:16 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\DVD Flick
    [2012/10/27 21:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
    [2012/10/27 21:02:03 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll
    [2012/10/27 21:02:03 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx
    [2012/10/27 21:02:03 | 000,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx
    [2012/10/27 21:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick
    [2012/10/27 20:55:17 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8EABD010-BBEC-44E9-AB75-AE467CFAC17E}
    [2012/10/27 20:55:17 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{794FD416-1A8D-4085-8B72-3EB08A075C10}

    ========== Files - Modified Within 30 Days ==========

    [2012/11/02 09:38:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/02 09:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/02 09:37:29 | 2133,745,663 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/02 09:22:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
    [2012/11/01 21:20:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/01 20:50:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2495479790-982925703-2321560144-1001UA.job
    [2012/11/01 20:44:22 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/01 20:44:22 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/01 20:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/01 20:02:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/01 19:50:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2495479790-982925703-2321560144-1001Core.job
    [2012/11/01 17:21:13 | 000,000,512 | ---- | M] () -- C:\Users\Jimmy\Desktop\MBR.dat
    [2012/11/01 16:45:28 | 001,584,640 | ---- | M] () -- C:\Users\Jimmy\Desktop\RogueKiller.exe
    [2012/10/31 23:02:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/30 18:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 18:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/30 18:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/29 20:09:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jimmy\Desktop\aswMBR.exe
    [2012/10/29 20:05:30 | 004,990,780 | R--- | M] (Swearware) -- C:\Users\Jimmy\Desktop\ComboFix.exe
    [2012/10/29 10:04:11 | 000,779,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/29 10:04:11 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/29 10:04:11 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/24 18:11:41 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job
    [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/10/12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jimmy\Desktop\TDSSKiller.exe

    ========== Files Created - No Company Name ==========

    [2012/11/01 19:57:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/01 19:57:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/01 19:57:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/01 19:57:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/01 19:57:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/01 17:21:13 | 000,000,512 | ---- | C] () -- C:\Users\Jimmy\Desktop\MBR.dat
    [2012/11/01 16:38:54 | 001,584,640 | ---- | C] () -- C:\Users\Jimmy\Desktop\RogueKiller.exe
    [2012/10/31 23:02:21 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/31 23:02:21 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/31 23:02:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/08/31 21:41:07 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
    [2011/08/31 21:19:53 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/08/31 21:19:52 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/08/31 21:19:51 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/06/21 03:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/02/11 13:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/10 21:20:26 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Babylon
    [2012/03/31 20:48:33 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Digiarty
    [2012/02/25 18:30:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\ImTOO
    [2012/03/30 16:46:03 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Program Files (x86)
    [2012/07/17 22:13:48 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Samsung
    [2012/09/19 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Shareaza
    [2012/07/10 22:25:27 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\SoftGrid Client
    [2012/02/26 00:28:57 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Stardock
    [2012/06/20 20:34:14 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\TP
    [2012/03/17 23:19:44 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\TuneUp Software
    [2012/10/29 21:48:33 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\uTorrent
    [2012/03/31 16:59:44 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\WinBatch
    [2012/09/06 22:42:27 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\YourFileDownloader

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 16 bytes -> C:\Users\Jimmy\Downloads:Shareaza.GUID
    < End of report >
     
  15. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    OTL Extras logfile created on: 11/2/2012 9:43:10 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 6.43 Gb Available Physical Memory | 80.56% Memory free
    15.96 Gb Paging File | 14.34 Gb Available in Paging File | 89.85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1385.38 Gb Total Space | 1128.74 Gb Free Space | 81.48% Space Free | Partition Type: NTFS
    Drive D: | 11.78 Gb Total Space | 1.44 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
    Drive F: | 14.93 Gb Total Space | 14.93 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

    Computer Name: JIMMY-HP | User Name: Jimmy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5B21CEC7-EFC3-4E61-A261-6A7041BE5795}" = SmartFTP Client
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.35
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.35
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.35
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "WinRAR archiver" = WinRAR 4.11 (64-bit)
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = MP3 Player Utilities 5.01
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Software
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
    "{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Phone to PC 4.1.4.9
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Android USB Driver_is1" = Android USB Driver
    "avast" = avast! Free Antivirus
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "DVD Shrink_is1" = DVD Shrink 3.2
    "HTC_WModemDriver" = WModem Driver Installer
    "ImTOO Video Converter Ultimate 6" = ImTOO Video Converter Ultimate 6
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "Kobo" = Kobo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "ObjectDock Plus 2" = ObjectDock Plus 2
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PDF Complete" = PDF Complete Special Edition
    "SmartFTP Client 4.1 (x64) Setup Files" = SmartFTP Client Setup Files 4.1 (x64) (remove only)
    "Soulseek2" = SoulSeek 157 NS 13e
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "TuneUp Utilities 2012" = TuneUp Utilities 2012
    "uTorrent" = µTorrent
    "VIP Access SDK" = VIP Access SDK (1.0.1.4)
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.2
    "WTA-0134c89e-fdcb-4a04-aee5-de21bf8e316b" = Bounce Symphony
    "WTA-0cd35fd2-7c99-4338-9421-51e3a188e090" = FATE
    "WTA-0e27ff39-b367-4451-8dd0-6229d58907e8" = Polar Bowler
    "WTA-3fa720c2-be4a-4996-896b-5eb8def7c3ea" = Jewel Quest: The Sleepless Star - Collector's Edition
    "WTA-5168fa53-7152-4dd3-9c65-1aed21209c0c" = Vacation Quest - The Hawaiian Islands
    "WTA-54b8a0e2-965c-4425-8f1c-1c54d1bb7d54" = Mystery of Mortlake Mansion
    "WTA-63c9c34a-6929-4beb-9bca-7055d444b308" = Agatha Christie - Peril at End House
    "WTA-73315766-1a2e-4e89-85f7-1e508c5b27f5" = Zuma Deluxe
    "WTA-79388fc6-7ce2-46d9-89aa-7eca8f999256" = Virtual Villagers 5 - New Believers
    "WTA-7ef2a248-4865-45e3-9a44-73707a393dca" = Penguins!
    "WTA-8e329f05-0cd7-4453-9d92-79e8d6e1e380" = Namco All-Stars: PAC-MAN
    "WTA-9bbc289c-0f99-45e5-b883-457f5f15f6da" = Cradle of Rome 2
    "WTA-a1ace8bf-4e52-40f9-af0d-3e844fed91aa" = Mah Jong Medley
    "WTA-a92a98fe-1493-499d-9153-eb2837d0b156" = Plants vs. Zombies - Game of the Year
    "WTA-aa46ca12-a0a1-47ef-b415-2da6caefc19b" = Blasterball 3
    "WTA-b4b030f0-94e6-4e7e-8f44-27b780fdb3a3" = Polar Golfer
    "WTA-baa36b0f-6564-403a-b924-703498106769" = Chuzzle Deluxe
    "WTA-c650d89e-f1b5-4969-8f1a-de4a00af8dc7" = Blackhawk Striker 2
    "WTA-ce69c30a-48b3-4fb2-b772-a572ae1b7832" = Bejeweled 3
    "WTA-d1db4f8e-a0d1-41e3-ba4d-dd83dfde55f3" = Governor of Poker 2 Premium Edition
    "WTA-da403670-77c3-45e6-ae55-d45b2875bf29" = Cake Mania
    "WTA-ddc28bcb-caf8-4c65-a50c-912e01162664" = Chronicles of Albian
    "WTA-ea2a68f2-8818-413f-8c0f-d56a7abbf2dd" = Slingo Supreme
    "WTA-f28fdbfb-a0bd-4703-8cce-00feeaf57087" = Poker Superstars III
    "WTA-f3594a09-7b36-4077-8914-f4e3835084ff" = Farm Frenzy
    "ZinioReader4" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "MusicManager" = Music Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/29/2012 9:07:29 AM | Computer Name = Jimmy-HP | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 10/29/2012 9:26:37 AM | Computer Name = Jimmy-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: f54 Start
    Time: 01cdb5d8f2cf372d Termination Time: 15 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 10/29/2012 12:29:15 PM | Computer Name = Jimmy-HP | Source = MsiInstaller | ID = 1043
    Description =

    Error - 10/29/2012 12:49:19 PM | Computer Name = Jimmy-HP | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 10/29/2012 12:54:33 PM | Computer Name = Jimmy-HP | Source = MsiInstaller | ID = 1043
    Description =

    Error - 10/29/2012 3:40:28 PM | Computer Name = Jimmy-HP | Source = MsiInstaller | ID = 1043
    Description =

    Error - 10/29/2012 3:52:40 PM | Computer Name = Jimmy-HP | Source = System Restore | ID = 8210
    Description =

    Error - 10/29/2012 4:02:27 PM | Computer Name = Jimmy-HP | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 10/29/2012 4:17:15 PM | Computer Name = Jimmy-HP | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 10/29/2012 4:34:15 PM | Computer Name = Jimmy-HP | Source = MsiInstaller | ID = 1043
    Description =

    Error - 10/29/2012 4:44:23 PM | Computer Name = Jimmy-HP | Source = System Restore | ID = 8210
    Description =

    [ Hewlett-Packard Events ]
    Error - 4/20/2012 5:08:31 PM | Computer Name = Jimmy-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/1208693c_3a7d_4e1b_b883_bebdd623131c/yxylszh0oecosgksfcnin6vk_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 8174 Ram Utilization: TargetSite: Void UpdateDetail(System.String)

    [ System Events ]
    Error - 10/7/2012 8:46:55 PM | Computer Name = Jimmy-HP | Source = DCOM | ID = 10016
    Description =

    Error - 10/8/2012 10:41:48 PM | Computer Name = Jimmy-HP | Source = bowser | ID = 8003
    Description =

    Error - 10/8/2012 10:51:38 PM | Computer Name = Jimmy-HP | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.1.158. The computer with the IP address 192.168.1.157 did
    not allow the name to be claimed by this computer.

    Error - 10/8/2012 10:55:19 PM | Computer Name = Jimmy-HP | Source = bowser | ID = 8003
    Description =

    Error - 10/8/2012 11:01:11 PM | Computer Name = Jimmy-HP | Source = bowser | ID = 8003
    Description =

    Error - 10/15/2012 12:19:10 PM | Computer Name = Jimmy-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 10/15/2012 12:19:10 PM | Computer Name = Jimmy-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 10/15/2012 12:19:11 PM | Computer Name = Jimmy-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 10/15/2012 12:19:11 PM | Computer Name = Jimmy-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 10/15/2012 12:19:12 PM | Computer Name = Jimmy-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.


    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    I'm using free Avast myself. You'll be fine :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
      O3 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..\Toolbar\WebBrowser: (no name) - {A823A630-78C6-4637-AF80-AEDCA5BB74C1} - No CLSID value found.
      O8:64bit: - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files (x86)\MP3 Player Utilities 5.01\AMVConverter\grab.html File not found
      O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files (x86)\MP3 Player Utilities 5.01\AMVConverter\grab.html File not found
      O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: hp.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: qflix.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: roxio.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
      O15 - HKU\S-1-5-21-2495479790-982925703-2321560144-1001\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
      [2012/10/31 23:56:53 | 000,000,000 | ---D | C] -- C:\FRST
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A823A630-78C6-4637-AF80-AEDCA5BB74C1} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A823A630-78C6-4637-AF80-AEDCA5BB74C1}\ not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\AMV convert tool grab multimedia file\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\AMV convert tool grab multimedia file\ not found.
    Registry key HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cinemanow.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cinemanow.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hp.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\qflix.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\roxio.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonic.com\redirect\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2495479790-982925703-2321560144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonic.com\redirect2\ deleted successfully.
    C:\FRST\Quarantine\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}\U folder moved successfully.
    C:\FRST\Quarantine\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}\L folder moved successfully.
    C:\FRST\Quarantine\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jimmy
    ->Temp folder emptied: 526153776 bytes
    ->Temporary Internet Files folder emptied: 512302777 bytes
    ->Flash cache emptied: 57413 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 438932 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 991.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jimmy

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jimmy
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11032012_160549
    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!
    File move failed. C:\Users\Jimmy\AppData\Local\Temp\BITEC8F.tmp scheduled to be moved on reboot.
    C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\truesuite\2012-11-03\BioLayer_1.dat moved successfully.
    C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\truesuite\2012-11-03\IEBHO.dat moved successfully.
    C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LPZFN3KT\billboard[2].htm moved successfully.
    C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G2UOGS0A\dwReconcile[1].htm moved successfully.
    C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A4K30AA3\01[1].htm moved successfully.
    C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A4K30AA3\01[2].htm moved successfully.
    C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A4K30AA3\dwReconcile[1].htm moved successfully.
    C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  18. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  19. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    Farbar Service Scanner Version: 03-11-2012
    Ran by Jimmy (administrator) on 03-11-2012 at 16:27:48
    Running from "C:\Users\Jimmy\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  20. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    # AdwCleaner v2.006 - Logfile created 11/03/2012 at 16:34:08
    # Updated 30/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Jimmy - JIMMY-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Jimmy\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Babylon
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software
    Key Deleted : HKCU\Software\BrowserMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=112555&tt=040912_ccp_3712_7&babsrc=HP_ss&mntrId=f867930a0000000000000023697666b3 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112555&tt=040912_ccp_3712_7&babsrc=NT_ss&mntrId=f867930a0000000000000023697666b3 --> hxxp://www.google.com
    *************************
    AdwCleaner[S1].txt - [4540 octets] - [03/11/2012 16:34:08]
    ########## EOF - C:\AdwCleaner[S1].txt - [4600 octets] ##########
     
  21. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    C:\_OTL\MovedFiles\11032012_160549\C_\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan deleted - quarantined
    C:\_OTL\MovedFiles\11032012_160549\C_FRST\Quarantine\{26ac561d-4c16-bd9f-4e6b-2b8f8dfb3c55}\U\80000064.@ a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
     
  22. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    Can I get rid of all these quarintine and extra files and folders I am now seeing?
     
  23. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Yes.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  24. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    All processes killed ========== OTL ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jimmy ->Temp folder emptied: 11534072 bytes ->Temporary Internet Files folder emptied: 9305941 bytes ->Flash cache emptied: 492 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2902 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 353920794 bytes Total Files Cleaned = 357.00 mb [EMPTYFLASH] User: All Users
     
  25. jskelington2641

    jskelington2641 TS Rookie Topic Starter Posts: 18

    Everything seems to be in order. You are a life saver, Thank You!
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.