Win64/Patched.A in Services.exe and no Internet

Solved
By Levka
Oct 26, 2012
  1. Hello!

    I have a win 7 64 bit operaating system with AVG antivirus.
    Today got services.exe infected.
    Tried to run combofix but it was interrupted the first time by avg.
    No I have no internet connection as well - sami ip all the time.

    Please help.
  2. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    Well the internet connection is fine now - did a restore with windows repair and it's solved now.
    Still have the services.exe infected.
    thanks for help
  3. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Never run Combofix on your own!

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  4. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    Thank you very much for helping:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-10-2012
    Ran by SYSTEM at 26-10-2012 21:59:38
    Running from H:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12445288 2012-01-15] (Realtek Semiconductor)
    HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-27] (Intel Corporation)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-10-06] ()
    HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2008-12-16] (Nikon Corporation)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security))
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3116152 2012-10-10] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-10-06] ()
    HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-05-29] (SweetIM Technologies Ltd.)
    HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
    HKU\Home\...\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
    HKU\moran\...\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
    HKLM-x32\...\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-01-31] ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    ==================== Services (Whitelisted) ===================

    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5783672 2012-10-01] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [193568 2012-10-01] (AVG Technologies CZ, s.r.o.)
    3 ICCS; "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe" [160256 2011-08-30] (Intel Corporation)
    2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-03] ()

    ==================== Drivers (Whitelisted) =====================

    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21616 2011-11-01] ()
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [151904 2012-09-12] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [61792 2012-09-20] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-03] (AVG Technologies)
    3 etdrv; \??\C:\Windows\etdrv.sys [25640 2012-08-18] (Windows (R) Server 2003 DDK provider)
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-10-26] (Windows (R) Server 2003 DDK provider)
    3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-10-26] ()
    3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-26 21:59 - 2012-10-26 21:59 - 00000000 ____D C:\FRST
    2012-10-26 11:52 - 2012-10-26 11:52 - 01459161 ____A (Farbar) C:\Users\Home\Downloads\FRST64 (1).exe
    2012-10-26 08:22 - 2012-10-26 08:22 - 01459161 ____A (Farbar) C:\Users\Home\Downloads\FRST64.exe
    2012-10-26 07:38 - 2012-10-26 07:38 - 00000000 ____D C:\Users\Home\AppData\Roaming\Malwarebytes
    2012-10-26 07:38 - 2012-10-26 07:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-26 07:38 - 2012-10-26 07:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-26 07:38 - 2012-09-29 09:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-26 07:37 - 2012-10-26 07:38 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Home\Downloads\mbam-setup-1.65.1.1000.exe
    2012-10-26 07:35 - 2012-10-26 07:39 - 05469816 ____A (Lavasoft Limited) C:\Users\Home\Downloads\Adaware_Installer.exe
    2012-10-26 07:14 - 2012-10-26 11:43 - 00000004 ____A C:\Windows\SysWOW64\GVTunner.ref
    2012-10-26 06:58 - 2012-10-26 06:58 - 00025220 ____A C:\ComboFix.txt
    2012-10-26 05:18 - 2012-10-26 17:13 - 00000000 ____D C:\Windows\erdnt
    2012-10-26 05:18 - 2012-10-26 06:58 - 00000000 ____D C:\Qoobox
    2012-10-26 05:02 - 2012-10-26 05:02 - 00000000 ____D C:\Program Files\McAfee.com
    2012-10-26 05:02 - 2012-10-26 05:02 - 00000000 ____D C:\Program Files\McAfee
    2012-10-26 05:02 - 2012-10-26 05:02 - 00000000 ____D C:\Program Files (x86)\McAfee
    2012-10-26 04:49 - 2012-10-26 17:13 - 00000000 ____D C:\Users\All Users\McAfee
    2012-10-26 04:34 - 2012-10-26 04:36 - 95508035 ____A C:\Users\Home\Downloads\avg_arl_ffi_all_120_120823a5350.rar
    2012-10-26 04:26 - 2012-10-26 04:26 - 00000000 ____D C:\Users\Home\AppData\RoamingRefMan12
    2012-10-26 04:21 - 2012-10-26 04:21 - 00000000 ____D C:\Users\All Users\ISI ResearchSoft
    2012-10-26 04:20 - 2012-10-26 17:13 - 00000000 ____D C:\Users\All Users\Thomson.ResearchSoft.Installers
    2012-10-26 04:20 - 2012-10-26 07:14 - 00000000 ____D C:\Program Files (x86)\Reference Manager 12 Demo
    2012-10-26 04:20 - 2012-10-26 04:21 - 00000000 ____D C:\Users\Public\Documents\Reference Manager 12
    2012-10-26 04:14 - 2012-10-26 04:17 - 42266040 ____A C:\Users\Home\Downloads\Refman1203Demo.exe
    2012-10-26 04:07 - 2012-10-26 04:07 - 00000000 ____A C:\Users\Home\Downloads\Unconfirmed 366150.crdownload
    2012-10-26 04:06 - 2012-10-26 17:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2012-10-26 04:06 - 2012-10-26 04:06 - 00164660 ____A C:\Users\Home\Downloads\THOMSON_REUTERS_REFERENCE_keygen_by_EDGEISO.zip
    2012-10-25 12:36 - 2012-10-26 17:12 - 00000000 ____D C:\Program Files (x86)\Reference Manager 11
    2012-10-25 12:36 - 2012-10-26 04:25 - 00000000 ____D C:\Users\Home\AppData\Roaming\ISI ResearchSoft
    2012-10-25 12:36 - 2012-10-25 12:36 - 00000000 ____D C:\Users\Home\AppData\RoamingRefMan
    2012-10-25 06:28 - 2012-10-25 06:28 - 00011575 ____A C:\Users\Home\Downloads\mira fridman 6m.xlsx
    2012-10-24 07:49 - 2012-10-24 07:49 - 00009109 ____A C:\Users\Home\Desktop\???? ?????.xlsx
    2012-10-22 13:17 - 2012-10-22 13:19 - 00000000 ____D C:\Users\Home\Downloads\???? ?????? 2.0 - ???? ?????? 2.0
    2012-10-22 13:01 - 2012-10-22 13:10 - 60256002 ____A C:\Users\Home\Downloads\???? ?????? 2.0 - ???? ?????? 2.0.zip
    2012-10-21 12:26 - 2012-10-21 12:26 - 00005960 ____A C:\Users\Home\Downloads\rss.cgi.webintents
    2012-10-18 12:02 - 2012-10-18 12:03 - 00000000 ____D C:\Users\Home\Desktop\Moran
    2012-10-16 21:37 - 2012-10-16 23:06 - 163902063 ____A C:\Users\Home\Downloads\T.W.S01E13.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 19:47 - 2012-10-16 21:37 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E13.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 18:18 - 2012-10-16 19:46 - 163694639 ____A C:\Users\Home\Downloads\T.W.S01E12.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 16:28 - 2012-10-16 18:18 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E12.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 14:59 - 2012-10-16 16:27 - 162915439 ____A C:\Users\Home\Downloads\T.W.S01E11.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 13:09 - 2012-10-16 14:59 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E11.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 11:39 - 2012-10-16 13:09 - 164784447 ____A C:\Users\Home\Downloads\T.W.S01E10.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 09:49 - 2012-10-16 11:39 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E10.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 08:21 - 2012-10-16 09:49 - 162471935 ____A C:\Users\Home\Downloads\T.W.S01E09.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 06:31 - 2012-10-16 08:21 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E09.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 05:01 - 2012-10-16 06:31 - 164796623 ____A C:\Users\Home\Downloads\T.W.S01E08.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 03:11 - 2012-10-16 05:01 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E08.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 01:43 - 2012-10-16 03:11 - 162491055 ____A C:\Users\Home\Downloads\T.W.S01E07.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 23:53 - 2012-10-16 01:43 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E07.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 22:25 - 2012-10-15 23:53 - 162553055 ____A C:\Users\Home\Downloads\T.W.S01E06.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 20:35 - 2012-10-15 22:25 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E06.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 19:05 - 2012-10-15 20:35 - 164523359 ____A C:\Users\Home\Downloads\T.W.S01E05.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 17:15 - 2012-10-15 19:05 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E05.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 15:46 - 2012-10-15 17:15 - 164398571 ____A C:\Users\Home\Downloads\T.W.S01E04.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 13:56 - 2012-10-15 15:46 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E04.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 12:26 - 2012-10-15 13:56 - 164518143 ____A C:\Users\Home\Downloads\T.W.S01E03.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 10:45 - 2012-10-15 10:46 - 00000000 ____D C:\Users\Home\Downloads\T.W.S01E02.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info
    2012-10-15 10:36 - 2012-10-15 12:26 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E03.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 10:31 - 2012-10-15 10:42 - 00000000 ____D C:\Program Files (x86)\JDownloader
    2012-10-15 10:30 - 2012-10-15 10:30 - 00000228 ____A C:\Users\Home\Desktop\Search the Web.url
    2012-10-15 10:30 - 2012-10-15 10:30 - 00000222 ____A C:\Users\Home\Desktop\SweetPcFix.url
    2012-10-15 10:30 - 2012-10-15 10:30 - 00000000 ____D C:\Users\All Users\SweetIM
    2012-10-15 10:30 - 2012-10-15 10:30 - 00000000 ____D C:\Program Files (x86)\SweetIM
    2012-10-15 10:24 - 2012-10-15 10:41 - 163099391 ____A C:\Users\Home\Downloads\T.W.S01E02.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 10:23 - 2012-10-15 10:37 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E02.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 10:22 - 2012-10-15 10:23 - 00000000 ____D C:\Users\Home\Downloads\T.W.S01E01.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info
    2012-10-15 09:56 - 2012-10-15 10:17 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E01.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 09:56 - 2012-10-15 10:07 - 164149631 ____A C:\Users\Home\Downloads\T.W.S01E01.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-12 23:30 - 2012-10-12 23:30 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2012-10-12 23:30 - 2012-10-12 23:30 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2012-10-09 22:33 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-09 22:33 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-09 22:33 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-09 22:33 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-09 22:33 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-09 22:33 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-09 22:33 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-09 22:33 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-09 22:33 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-09 22:33 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-09 22:33 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-09 22:33 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-09 22:33 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-09 22:33 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-09 22:33 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-09 22:33 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-09 22:33 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-09 22:33 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-09 22:33 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-09 22:33 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-09 22:33 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-09 22:33 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-09 22:33 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 22:33 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 22:33 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-09 22:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-09 22:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-09 22:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-09 22:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-09 22:32 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-09 22:32 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-09 03:55 - 2012-10-09 03:55 - 00271136 ____A C:\Users\Home\Downloads\SM819651.tif
    2012-10-06 21:33 - 2012-10-06 21:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\AVG2013
    2012-10-06 12:52 - 2012-10-06 12:52 - 00000000 ____D C:\Users\Home\AppData\Roaming\TuneUp Software
    2012-10-06 12:52 - 2012-10-06 12:52 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-10-06 12:50 - 2012-10-06 12:52 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-10-06 12:45 - 2012-10-15 20:25 - 00000000 ____D C:\Users\Home\AppData\Local\Avg2013
    2012-10-06 12:45 - 2012-10-06 12:45 - 00000000 ____D C:\Users\Home\AppData\Local\MFAData
    2012-10-05 13:52 - 2012-10-05 13:52 - 03134483 ____A C:\Users\Home\Downloads\IMG_0322.MOV
    2012-10-05 04:43 - 2012-10-05 04:45 - 23467546 ____A C:\Users\Home\Downloads\?????? - Double EP.zip
    2012-10-05 04:18 - 2012-10-05 04:18 - 07742528 ____A C:\Users\Home\Downloads\???? ?'???? ??? - ???? ????.m4a
    2012-10-04 17:26 - 2012-10-04 17:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-04 14:47 - 2012-10-04 14:47 - 00000000 ____D C:\Users\Home\Downloads\KLIN ( SADYLE - TEL-AVIV HARDCORE ) - ???? ???? (1)
    2012-10-04 14:44 - 2012-10-04 14:44 - 00000000 ____D C:\Users\Home\Downloads\KLIN SADYLE - TEL-AVIV HARDCORE - ????? 6 - Revolution 6 .vol1 (1)
    2012-10-04 14:41 - 2012-10-04 14:47 - 86215507 ____A C:\Users\Home\Downloads\KLIN ( SADYLE - TEL-AVIV HARDCORE ) - ???? ???? (1).zip
    2012-10-04 14:41 - 2012-10-04 14:43 - 29486925 ____A C:\Users\Home\Downloads\KLIN SADYLE - TEL-AVIV HARDCORE - ????? 6 - Revolution 6 .vol1 (1).zip
    2012-10-04 12:12 - 2012-10-04 12:12 - 00318904 ____A (Microsoft Corporation) C:\Users\Home\Downloads\wmpfirefoxplugin (2).exe
    2012-10-02 04:20 - 2012-10-02 04:20 - 731613479 ____A C:\Windows\MEMORY.DMP
    2012-10-02 04:20 - 2012-10-02 04:20 - 00281200 ____A C:\Windows\Minidump\100212-28126-01.dmp
    2012-10-02 04:20 - 2012-10-02 04:20 - 00000000 ____D C:\Windows\Minidump
    2012-10-02 04:11 - 2012-10-02 04:13 - 00001106 ____A C:\Users\Public\Desktop\Picasa 3.lnk
    2012-10-02 04:11 - 2012-10-02 04:12 - 15271824 ____A (Google Inc.) C:\Users\Home\Downloads\picasa39-setup (1).exe
    2012-10-02 04:07 - 2012-10-02 04:07 - 15271824 ____A (Google Inc.) C:\Users\Home\Downloads\picasa39-setup.exe
    2012-10-02 03:58 - 2012-10-02 04:06 - 00000000 ____D C:\Users\Home\Desktop\disc on key lev
    2012-10-01 21:29 - 2012-10-02 10:45 - 00000000 ____D C:\Users\Home\Desktop\georgia pics
    2012-10-01 17:30 - 2012-10-01 17:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-09-30 13:03 - 2012-09-30 13:36 - 11535720 ____A C:\Users\Home\Downloads\KLIN ( SADYLE - TEL-AVIV HARDCORE ) - ???? ????.zip
    2012-09-30 13:01 - 2012-09-30 13:28 - 08644390 ____A C:\Users\Home\Downloads\KLIN SADYLE - TEL-AVIV HARDCORE - ????? 6 - Revolution 6 .vol1.zip
    2012-09-30 10:01 - 2012-09-30 10:01 - 00318904 ____A (Microsoft Corporation) C:\Users\Home\Downloads\wmpfirefoxplugin (1).exe
    2012-09-29 10:57 - 2012-09-29 10:57 - 01019435 ____A C:\Users\Home\Downloads\movie_ 9_29_2012_0.mov
    2012-09-27 12:53 - 2012-09-27 13:12 - 407221384 ____A C:\Users\Home\Downloads\MVI_0810.MOV
    2012-09-27 11:03 - 2012-09-27 11:03 - 03048699 ____A C:\Users\Home\Desktop\Innova_7002HD_Firmware_18_07_12.zip
    2012-09-26 11:40 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-26 11:40 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-26 11:40 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-26 11:40 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-26 11:40 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-26 11:40 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-26 11:40 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-26 11:40 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-26 11:40 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-26 11:40 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-26 11:40 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-26 11:40 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-26 11:40 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-26 11:40 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-26 11:40 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-26 11:40 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-26 11:40 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-26 11:40 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-26 11:40 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-26 11:40 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-26 11:40 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-26 11:40 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-26 11:40 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-26 11:40 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-26 11:40 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-26 11:40 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-26 11:40 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-26 11:40 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-26 11:40 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-26 11:40 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-26 11:40 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-26 11:40 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-26 11:04 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

    ==================== 3 Months Modified Files ==================

    2012-10-26 11:53 - 2012-08-18 12:09 - 01513808 ____A C:\Windows\WindowsUpdate.log
    2012-10-26 11:53 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-26 11:53 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-26 11:52 - 2012-10-26 11:52 - 01459161 ____A (Farbar) C:\Users\Home\Downloads\FRST64 (1).exe
    2012-10-26 11:46 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-26 11:43 - 2012-10-26 07:14 - 00000004 ____A C:\Windows\SysWOW64\GVTunner.ref
    2012-10-26 11:43 - 2012-08-18 12:43 - 00030528 ____A C:\Windows\GVTDrv64.sys
    2012-10-26 11:43 - 2012-08-18 12:43 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2012-10-26 11:42 - 2012-08-18 13:43 - 00049236 ____A C:\Windows\PFRO.log
    2012-10-26 11:42 - 2012-08-18 12:57 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-26 11:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-26 11:42 - 2009-07-13 20:51 - 00033418 ____A C:\Windows\setupact.log
    2012-10-26 11:13 - 2012-08-18 12:57 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-26 08:22 - 2012-10-26 08:22 - 01459161 ____A (Farbar) C:\Users\Home\Downloads\FRST64.exe
    2012-10-26 07:39 - 2012-10-26 07:35 - 05469816 ____A (Lavasoft Limited) C:\Users\Home\Downloads\Adaware_Installer.exe
    2012-10-26 07:38 - 2012-10-26 07:37 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Home\Downloads\mbam-setup-1.65.1.1000.exe
    2012-10-26 06:58 - 2012-10-26 06:58 - 00025220 ____A C:\ComboFix.txt
    2012-10-26 04:36 - 2012-10-26 04:34 - 95508035 ____A C:\Users\Home\Downloads\avg_arl_ffi_all_120_120823a5350.rar
    2012-10-26 04:17 - 2012-10-26 04:14 - 42266040 ____A C:\Users\Home\Downloads\Refman1203Demo.exe
    2012-10-26 04:07 - 2012-10-26 04:07 - 00000000 ____A C:\Users\Home\Downloads\Unconfirmed 366150.crdownload
    2012-10-26 04:06 - 2012-10-26 04:06 - 00164660 ____A C:\Users\Home\Downloads\THOMSON_REUTERS_REFERENCE_keygen_by_EDGEISO.zip
    2012-10-25 06:28 - 2012-10-25 06:28 - 00011575 ____A C:\Users\Home\Downloads\mira fridman 6m.xlsx
    2012-10-24 07:49 - 2012-10-24 07:49 - 00009109 ____A C:\Users\Home\Desktop\???? ?????.xlsx
    2012-10-22 13:10 - 2012-10-22 13:01 - 60256002 ____A C:\Users\Home\Downloads\???? ?????? 2.0 - ???? ?????? 2.0.zip
    2012-10-21 12:26 - 2012-10-21 12:26 - 00005960 ____A C:\Users\Home\Downloads\rss.cgi.webintents
    2012-10-16 23:06 - 2012-10-16 21:37 - 163902063 ____A C:\Users\Home\Downloads\T.W.S01E13.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 21:37 - 2012-10-16 19:47 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E13.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 19:46 - 2012-10-16 18:18 - 163694639 ____A C:\Users\Home\Downloads\T.W.S01E12.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 18:18 - 2012-10-16 16:28 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E12.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 16:27 - 2012-10-16 14:59 - 162915439 ____A C:\Users\Home\Downloads\T.W.S01E11.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 14:59 - 2012-10-16 13:09 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E11.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 13:09 - 2012-10-16 11:39 - 164784447 ____A C:\Users\Home\Downloads\T.W.S01E10.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 11:39 - 2012-10-16 09:49 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E10.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 09:49 - 2012-10-16 08:21 - 162471935 ____A C:\Users\Home\Downloads\T.W.S01E09.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 08:21 - 2012-10-16 06:31 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E09.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 06:31 - 2012-10-16 05:01 - 164796623 ____A C:\Users\Home\Downloads\T.W.S01E08.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 05:01 - 2012-10-16 03:11 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E08.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-16 03:11 - 2012-10-16 01:43 - 162491055 ____A C:\Users\Home\Downloads\T.W.S01E07.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-16 01:43 - 2012-10-15 23:53 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E07.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 23:53 - 2012-10-15 22:25 - 162553055 ____A C:\Users\Home\Downloads\T.W.S01E06.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 22:25 - 2012-10-15 20:35 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E06.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 20:35 - 2012-10-15 19:05 - 164523359 ____A C:\Users\Home\Downloads\T.W.S01E05.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 19:05 - 2012-10-15 17:15 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E05.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 17:15 - 2012-10-15 15:46 - 164398571 ____A C:\Users\Home\Downloads\T.W.S01E04.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 15:46 - 2012-10-15 13:56 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E04.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 13:56 - 2012-10-15 12:26 - 164518143 ____A C:\Users\Home\Downloads\T.W.S01E03.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 12:26 - 2012-10-15 10:36 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E03.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 10:41 - 2012-10-15 10:24 - 163099391 ____A C:\Users\Home\Downloads\T.W.S01E02.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-15 10:37 - 2012-10-15 10:23 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E02.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 10:30 - 2012-10-15 10:30 - 00000228 ____A C:\Users\Home\Desktop\Search the Web.url
    2012-10-15 10:30 - 2012-10-15 10:30 - 00000222 ____A C:\Users\Home\Desktop\SweetPcFix.url
    2012-10-15 10:17 - 2012-10-15 09:56 - 202831872 ____A C:\Users\Home\Downloads\T.W.S01E01.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part1.rar
    2012-10-15 10:07 - 2012-10-15 09:56 - 164149631 ____A C:\Users\Home\Downloads\T.W.S01E01.DVDRip.HEBSUB.by.YehudaQuality.ShareTW.info.part2.rar
    2012-10-14 06:07 - 2012-08-28 21:08 - 00000020 ____H C:\Users\All Users\PKP_DLdw.DAT
    2012-10-14 06:05 - 2012-08-28 21:04 - 00000020 ____H C:\Users\All Users\PKP_DLdu.DAT
    2012-10-10 17:02 - 2012-08-18 13:02 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-09 11:04 - 2012-08-18 21:36 - 00000072 ____A C:\Users\Public\LMDebug.log
    2012-10-09 03:55 - 2012-10-09 03:55 - 00271136 ____A C:\Users\Home\Downloads\SM819651.tif
    2012-10-05 13:52 - 2012-10-05 13:52 - 03134483 ____A C:\Users\Home\Downloads\IMG_0322.MOV
    2012-10-05 04:45 - 2012-10-05 04:43 - 23467546 ____A C:\Users\Home\Downloads\?????? - Double EP.zip
    2012-10-05 04:18 - 2012-10-05 04:18 - 07742528 ____A C:\Users\Home\Downloads\???? ?'???? ??? - ???? ????.m4a
    2012-10-04 17:26 - 2012-10-04 17:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-04 14:47 - 2012-10-04 14:41 - 86215507 ____A C:\Users\Home\Downloads\KLIN ( SADYLE - TEL-AVIV HARDCORE ) - ???? ???? (1).zip
    2012-10-04 14:43 - 2012-10-04 14:41 - 29486925 ____A C:\Users\Home\Downloads\KLIN SADYLE - TEL-AVIV HARDCORE - ????? 6 - Revolution 6 .vol1 (1).zip
    2012-10-04 12:12 - 2012-10-04 12:12 - 00318904 ____A (Microsoft Corporation) C:\Users\Home\Downloads\wmpfirefoxplugin (2).exe
    2012-10-02 04:20 - 2012-10-02 04:20 - 731613479 ____A C:\Windows\MEMORY.DMP
    2012-10-02 04:20 - 2012-10-02 04:20 - 00281200 ____A C:\Windows\Minidump\100212-28126-01.dmp
    2012-10-02 04:13 - 2012-10-02 04:11 - 00001106 ____A C:\Users\Public\Desktop\Picasa 3.lnk
    2012-10-02 04:12 - 2012-10-02 04:11 - 15271824 ____A (Google Inc.) C:\Users\Home\Downloads\picasa39-setup (1).exe
    2012-10-02 04:07 - 2012-10-02 04:07 - 15271824 ____A (Google Inc.) C:\Users\Home\Downloads\picasa39-setup.exe
    2012-10-01 17:30 - 2012-10-01 17:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-09-30 13:36 - 2012-09-30 13:03 - 11535720 ____A C:\Users\Home\Downloads\KLIN ( SADYLE - TEL-AVIV HARDCORE ) - ???? ????.zip
    2012-09-30 13:28 - 2012-09-30 13:01 - 08644390 ____A C:\Users\Home\Downloads\KLIN SADYLE - TEL-AVIV HARDCORE - ????? 6 - Revolution 6 .vol1.zip
    2012-09-30 10:01 - 2012-09-30 10:01 - 00318904 ____A (Microsoft Corporation) C:\Users\Home\Downloads\wmpfirefoxplugin (1).exe
    2012-09-29 10:57 - 2012-09-29 10:57 - 01019435 ____A C:\Users\Home\Downloads\movie_ 9_29_2012_0.mov
    2012-09-29 09:54 - 2012-10-26 07:38 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-27 13:12 - 2012-09-27 12:53 - 407221384 ____A C:\Users\Home\Downloads\MVI_0810.MOV
  5. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    2012-09-27 11:03 - 2012-09-27 11:03 - 03048699 ____A C:\Users\Home\Desktop\Innova_7002HD_Firmware_18_07_12.zip
    2012-09-20 17:46 - 2012-09-20 17:46 - 00225120 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
    2012-09-20 17:46 - 2012-09-20 17:46 - 00200032 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-09-20 17:45 - 2012-09-20 17:45 - 00061792 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
    2012-09-16 00:59 - 2012-09-09 09:48 - 00272384 ____H C:\Users\Home\Desktop\~WRL3986.tmp
    2012-09-15 22:44 - 2012-09-15 22:44 - 00000034 ___AH C:\Windows\SysWOW64\Converter_sysquict.dat
    2012-09-15 22:42 - 2012-09-15 22:39 - 19435339 ____A (Xillvideo Software, Inc. ) C:\Users\Home\Downloads\free_xill_m4a_to_mp3_amr_ogg_aac.exe
    2012-09-15 22:38 - 2012-09-15 22:38 - 00587640 ____A C:\Users\Home\Downloads\cbsidlm-tr1_6-Free_Convert_M4A_to_MP3_AMR_OGG_AAC_Converter-10909677.exe
    2012-09-15 21:46 - 2012-09-15 21:46 - 00000003 ____A C:\Users\Home\nugsCount.txt
    2012-09-14 13:16 - 2012-09-14 13:13 - 76047017 ____A C:\Users\Home\Downloads\Efrat_Ben_Zur-Robin (1).rar
    2012-09-14 13:13 - 2012-09-14 13:10 - 61005257 ____A C:\Users\Home\Downloads\Kitzu-A_Swarm_of_Details_into_your_Umbilical_Cord.rar
    2012-09-14 13:10 - 2012-09-14 13:08 - 44900404 ____A C:\Users\Home\Downloads\Amit_Erez_&_The_Secret_Sea-Not_About_Us.rar
    2012-09-14 13:08 - 2012-09-14 13:03 - 112315659 ____A C:\Users\Home\Downloads\Izabo-Boys_And_Girls.rar
    2012-09-14 13:03 - 2012-09-14 12:57 - 131023817 ____A C:\Users\Home\Downloads\eli_rozen_kol_hamekomot_haele.rar
    2012-09-14 12:57 - 2012-09-14 12:54 - 91433500 ____A C:\Users\Home\Downloads\Itamar_Ziegler-Memories_Of_Now.rar
    2012-09-14 12:54 - 2012-09-14 12:50 - 124464475 ____A C:\Users\Home\Downloads\Albert_Beger-Peacemaker.zip
    2012-09-14 12:48 - 2012-09-14 12:45 - 44694980 ____A C:\Users\Home\Downloads\Electra-Songs_They_Taught_Electra.rar
    2012-09-14 12:45 - 2012-09-14 12:40 - 93013258 ____A C:\Users\Home\Downloads\Yuppies_With_Jeeps-Leopard_Skin_Summer.rar
    2012-09-14 12:40 - 2012-09-14 12:34 - 93446468 ____A C:\Users\Home\Downloads\Eatliz-Teasing_Nature.rar
    2012-09-14 12:34 - 2012-09-14 12:29 - 90242300 ____A C:\Users\Home\Downloads\Nishar_Rak_Larutz.rar
    2012-09-14 12:29 - 2012-09-14 12:25 - 69074079 ____A C:\Users\Home\Downloads\Yair_Yona-World_Behind_Curtains.rar
    2012-09-14 12:25 - 2012-09-14 12:17 - 112696783 ____A C:\Users\Home\Downloads\Amit_Erez-Last_Night_When_I_Tried_to_Sleep.rar
    2012-09-14 12:17 - 2012-09-14 12:12 - 96678937 ____A C:\Users\Home\Downloads\Bney_Hama-Bney_Hama.rar
    2012-09-14 12:12 - 2012-09-14 12:07 - 86773164 ____A C:\Users\Home\Downloads\Electra_-_Heartbreaks_For_Fools_2010.zip
    2012-09-14 12:07 - 2012-09-14 12:02 - 93160404 ____A C:\Users\Home\Downloads\Kitzu-Sand.zip
    2012-09-14 12:02 - 2012-09-14 11:57 - 92294671 ____A C:\Users\Home\Downloads\Uzi_Navon.zip
    2012-09-14 11:44 - 2012-09-14 11:43 - 50755110 ____A C:\Users\Home\Downloads\yuppies_with_jeeps_red_davids_harp (1).rar
    2012-09-14 11:43 - 2012-09-14 11:40 - 90769343 ____A C:\Users\Home\Downloads\yair_yona_remember.zip
    2012-09-14 11:40 - 2012-09-14 11:36 - 129818833 ____A C:\Users\Home\Downloads\yuppies_two_albums.rar
    2012-09-14 11:36 - 2012-09-14 11:35 - 50755110 ____A C:\Users\Home\Downloads\yuppies_with_jeeps_red_davids_harp.rar
    2012-09-14 11:35 - 2012-09-14 11:31 - 115405361 ____A C:\Users\Home\Downloads\Rockfour-The_Wonderful_World_Full_Album.zip
    2012-09-14 11:31 - 2012-09-14 11:30 - 47275356 ____A C:\Users\Home\Downloads\Eatliz-Delicatley_Violent.rar
    2012-09-14 11:30 - 2012-09-14 11:26 - 129114250 ____A C:\Users\Home\Downloads\Rockfour-Memories_of_the_Never_Happened.rar
    2012-09-14 11:26 - 2012-09-14 11:25 - 51000048 ____A C:\Users\Home\Downloads\Paper_Cuts.rar
    2012-09-14 11:25 - 2012-09-14 11:19 - 123634696 ____A C:\Users\Home\Downloads\Eatliz-Violently_Delicate.zip
    2012-09-14 11:19 - 2012-10-09 22:33 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 11:19 - 2012-09-14 11:17 - 51408896 ____A C:\Users\Home\Downloads\Amit_Erez_Summer_Conquered_By_Rain.rar
    2012-09-14 11:17 - 2012-09-14 11:15 - 51258553 ____A C:\Users\Home\Downloads\Underwater_Firemen-Oh_Tidal_Wave.rar
    2012-09-14 10:28 - 2012-10-09 22:33 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-13 17:05 - 2012-09-13 17:05 - 00040800 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
    2012-09-12 17:11 - 2012-09-12 17:11 - 00151904 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-09-12 09:51 - 2012-09-12 09:51 - 00052120 ____A C:\Users\Home\Downloads\?????_??????-970080_1120912.htm
    2012-09-12 09:45 - 2012-09-12 09:45 - 00028160 ____A C:\Users\Home\Downloads\????? ????? ??????? 6-7 ???? ????? ????? 6.xls
    2012-09-09 09:32 - 2012-09-09 09:32 - 00013182 ____A C:\Users\Home\Downloads\aharon oded 28.08.12.xlsx
    2012-09-09 09:32 - 2012-09-09 09:32 - 00013182 ____A C:\Users\Home\Downloads\aharon oded 28.08.12 (1).xlsx
    2012-09-08 11:31 - 2012-09-08 11:31 - 05102645 ____A C:\Users\Home\Downloads\????? ????????.zip
    2012-09-07 02:12 - 2012-09-07 02:07 - 00000114 ____A C:\Windows\SysWOW64\prsgrc.tgz
    2012-09-07 02:12 - 2012-09-07 02:07 - 00000100 ____A C:\Windows\SysWOW64\prsgrc.dll
    2012-09-07 02:07 - 2012-09-07 02:07 - 00001024 ____A C:\Windows\SysWOW64\grcauth2.dll
    2012-09-07 02:07 - 2012-09-07 02:07 - 00001024 ____A C:\Windows\SysWOW64\grcauth1.dll
    2012-09-03 10:02 - 2012-08-18 14:20 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-09-01 09:37 - 2012-09-01 09:37 - 00318904 ____A (Microsoft Corporation) C:\Users\Home\Downloads\wmpfirefoxplugin.exe
    2012-08-31 10:19 - 2012-10-09 22:33 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 10:03 - 2012-10-09 22:33 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-09 22:33 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-09 22:33 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-29 16:26 - 2009-07-13 20:45 - 00480656 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-29 16:07 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-08-29 16:05 - 2012-08-29 16:05 - 00289042 ____A C:\Windows\msxml4-KB954430-enu.LOG
    2012-08-29 16:05 - 2012-08-29 16:05 - 00284966 ____A C:\Windows\msxml4-KB973688-enu.LOG
    2012-08-29 11:47 - 2012-08-18 12:16 - 00138664 ____A C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-29 07:02 - 2012-08-29 06:53 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm
    2012-08-29 06:53 - 2012-08-29 06:53 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.tgz
    2012-08-29 06:53 - 2012-08-29 06:53 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.dll
    2012-08-29 06:53 - 2012-08-29 06:53 - 00000219 ____A C:\Windows\SysWOW64\lsprst7.tgz
    2012-08-29 06:53 - 2012-08-29 06:53 - 00000205 ____A C:\Windows\SysWOW64\lsprst7.dll
    2012-08-28 21:08 - 2012-08-28 21:08 - 00000268 ___RH C:\Users\Home\AppData\Roaming\Basics
    2012-08-28 21:08 - 2012-08-28 21:08 - 00000268 ___RH C:\Users\All Users\BookService
    2012-08-28 21:04 - 2012-08-28 21:04 - 00000268 ___RH C:\Users\Home\AppData\Roaming\Basic Synth
    2012-08-28 21:04 - 2012-08-28 21:04 - 00000268 ___RH C:\Users\All Users\Bass Amp
    2012-08-28 21:04 - 2003-03-19 01:05 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
    2012-08-28 11:25 - 2012-08-28 11:17 - 154498548 ____A C:\Users\Home\Downloads\MVI_0632.MOV
    2012-08-28 11:24 - 2012-08-28 11:17 - 141687032 ____A C:\Users\Home\Downloads\MVI_0652.MOV
    2012-08-27 04:37 - 2012-08-27 04:37 - 00000020 __ASH C:\Users\moran\ntuser.ini
    2012-08-24 10:05 - 2012-10-09 22:33 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-09 22:33 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-26 11:40 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-26 11:40 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-26 11:40 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-26 11:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-26 11:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-26 11:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-26 11:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-26 11:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-26 11:40 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-26 11:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-26 11:40 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-26 11:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-26 11:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-26 11:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-26 11:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-26 11:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-26 11:40 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-26 11:40 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-26 11:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-26 11:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-26 11:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-26 11:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-26 11:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-26 11:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-26 11:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-26 11:40 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-26 11:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-26 11:40 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-26 11:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-26 11:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-26 11:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-26 11:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-23 14:16 - 2012-08-23 10:52 - 1723348992 ____A C:\Users\Home\Downloads\Womb.2010.DVDRip.XviD-aAF.DjBiT.HebSub.WwW.DownCenter.Me.avi
    2012-08-23 13:46 - 2012-08-23 10:53 - 840300544 ____A C:\Users\Home\Downloads\Womb.2010.DVDRip.XviD-aAF.CD1.DjBiT.HebSub.WwW.DownCenter.Me.avi
    2012-08-23 13:43 - 2012-08-23 10:52 - 883167232 ____A C:\Users\Home\Downloads\Womb.2010.DVDRip.XviD-aAF.CD2.DjBiT.HebSub.WwW.DownCenter.Me.avi
    2012-08-23 13:30 - 2012-08-23 10:41 - 733415424 ____A C:\Users\Home\Downloads\Maos.Last.Dancer.2009.BDRip.XviD-TheWretched-cd1_DjBiT.HebSub.WwW.DownCenter.Me.avi
    2012-08-23 13:28 - 2012-08-23 10:41 - 728981504 ____A C:\Users\Home\Downloads\Maos.Last.Dancer.2009.BDRip.XviD-TheWretched-cd2_DjBiT.HebSub.WwW.DownCenter.Me.avi
    2012-08-23 13:23 - 2012-08-23 10:45 - 732291072 ____A C:\Users\Home\Downloads\Albatros.2011.DVDRip.XViD-RedBlade.Heb.DownCenter.avi
    2012-08-23 13:10 - 2012-08-23 10:39 - 733933568 ____A C:\Users\Home\Downloads\Wasted.On.The.Young.2010.DVDRip.XviD-aAF_DjBiT.HebSub.WwW.DownCenter.Me.avi
    2012-08-23 00:02 - 2012-08-22 20:43 - 734842880 ____A C:\Users\Home\Downloads\Kasa.de.mi.Padre.2012.DVDRip.XviD-PSYCHD.HebSub.DownCenter.avi
    2012-08-23 00:01 - 2012-08-22 20:29 - 800000000 ____A C:\Users\Home\Downloads\TED.2012.TS.NEW.XviD-HOPE.Hebsub.DownCenter.me.part1.rar
    2012-08-22 23:58 - 2012-08-22 20:25 - 785147904 ____A C:\Users\Home\Downloads\The.Hunger.Games.RERIP.BDRip.XviD.CD1-COCAIN.heb.DownCenter.avi
    2012-08-22 23:57 - 2012-08-22 20:29 - 730540032 ____A C:\Users\Home\Downloads\The.Woman.in.the.Fifth.LIMITED.DVDRip.XviD-DoNE-HEBSUB.DownCenter.avi
    2012-08-22 23:55 - 2012-08-22 20:26 - 736098304 ____A C:\Users\Home\Downloads\The.Hunger.Games.RERIP.BDRip.XviD.CD2-COCAIN.Heb.DownCenter.avi
    2012-08-22 23:34 - 2012-08-22 20:29 - 547551902 ____A C:\Users\Home\Downloads\TED.2012.TS.NEW.XviD-HOPE.Hebsub.DownCenter.me.part2.rar
    2012-08-22 23:33 - 2012-08-22 20:46 - 734928896 ____A C:\Users\Home\Downloads\There.Be.Dragons.2011.BRRip.XviD-LTRG.Heb.DownCenter.avi
    2012-08-22 23:28 - 2012-08-22 20:43 - 744716288 ____A C:\Users\Home\Downloads\Terraferma.2011.DVDRip.XviD-iLG.Heb.DownCenter.avi
    2012-08-22 23:19 - 2012-08-22 20:44 - 734081024 ____A C:\Users\Home\Downloads\In.Darkness.2011.DVDRip.XviD-AFrO.CD2.Heb.DownCenter.avi
    2012-08-22 23:16 - 2012-08-22 20:43 - 731588608 ____A C:\Users\Home\Downloads\In.Darkness.2011.DVDRip.XviD-AFrO.CD1.Heb.DownCenter.avi
    2012-08-22 22:56 - 2012-08-22 20:26 - 749754368 ____A C:\Users\Home\Downloads\The.Three.Stooges.2012.DVDRip.XviD-AMIABLE.heb.DownCenter.avi
    2012-08-22 13:34 - 2012-08-22 10:46 - 734836736 ____A C:\Users\Home\Downloads\Never.Let.Me.Go.DVDRip.XviD-TWiZTED.Heb.DownCenter.avi
    2012-08-22 13:30 - 2012-08-22 10:51 - 735557632 ____A C:\Users\Home\Downloads\The.Dictator.2012.UNRATED.BDRip.XviD-AMIABLE.Heb.DownCenter.avi
    2012-08-22 13:28 - 2012-08-22 10:45 - 734234624 ____A C:\Users\Home\Downloads\Intouchables 2011 PROPER FRENCH DVDRiP XViD-LEGiON _eMuleSpirit.net__arc.avi
    2012-08-22 13:15 - 2012-08-22 10:07 - 730159104 ____A C:\Users\Home\Downloads\22.Bullets.2010.DVDRip.HebSub-Horadot.tv.avi
    2012-08-22 13:11 - 2012-08-22 10:08 - 737077248 ____A C:\Users\Home\Downloads\The.Wackness.LIMITED.DVDRip.XviD.HebSub-TheGoal.Horadot.TV.avi
    2012-08-22 12:53 - 2012-08-22 10:52 - 732735488 ____A C:\Users\Home\Downloads\The.Queen.2006.DVDRip.XviD-ZN._DjBiT.HebSub.WwW.DownCenter.Me.avi
    2012-08-22 12:50 - 2012-08-22 10:45 - 723195904 ____A C:\Users\Home\Downloads\Salmon.Fishing.In.The.Yemen.2011.BDRip.XviD.CD2-COCAIN.Heb.DownCenter.avi
    2012-08-22 12:49 - 2012-08-22 10:45 - 735303680 ____A C:\Users\Home\Downloads\Salmon.Fishing.In.The.Yemen.2011.BDRip.XviD.CD1-COCAIN.Heb.DownCenter.avi
    2012-08-22 11:43 - 2012-08-22 10:08 - 733923328 ____A C:\Users\Home\Downloads\Kidnapped.2010.DVDrip.XviD.avi
    2012-08-22 11:39 - 2012-08-22 10:07 - 735729664 ____A C:\Users\Home\Downloads\Unthinkable.2010.EXTENDED.PROPER.DVDRip.XviD-VoMiT.HebSub.Inferno-HoradotTv.avi
    2012-08-22 11:02 - 2012-08-22 11:02 - 00002886 ____A C:\Users\Home\Downloads\winmail.dat
    2012-08-22 10:16 - 2012-08-22 09:49 - 726729744 ____A C:\Users\Home\Downloads\Project.X.2012.DVDRip.XviD-AMIABLE.HebSub.Inferno-HoradotTv.avi
    2012-08-22 10:12 - 2012-09-12 02:04 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 02:03 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 02:03 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 02:03 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-22 04:09 - 2012-08-22 04:07 - 76047017 ____A C:\Users\Home\Downloads\Efrat_Ben_Zur-Robin.rar
    2012-08-22 03:35 - 2012-08-22 03:35 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-08-22 03:35 - 2012-08-22 03:35 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-08-22 03:35 - 2012-08-22 03:35 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-08-22 03:35 - 2012-08-22 03:35 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-08-22 03:35 - 2012-08-19 02:40 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-08-22 03:35 - 2012-08-19 02:40 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-08-22 02:24 - 2012-08-22 02:24 - 00000000 ___AH C:\Users\Home\Documents\Default.rdp
    2012-08-22 02:00 - 2012-08-22 02:00 - 00005420 ____A C:\Users\Home\Desktop\Healthy Aging For Remotes.rdp
    2012-08-21 13:01 - 2012-09-26 11:04 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-21 12:39 - 2012-08-21 12:39 - 00005420 ____A C:\Users\Home\Downloads\Healthy Aging For Remotes.rdp
    2012-08-21 02:01 - 2012-09-14 11:59 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 02:01 - 2012-08-18 14:54 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-08-21 02:01 - 2012-08-18 14:54 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-08-20 13:31 - 2012-08-20 13:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
    2012-08-20 13:30 - 2012-08-20 13:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf
    2012-08-20 13:27 - 2012-08-20 13:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
    2012-08-20 10:48 - 2012-10-09 22:33 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-09 22:33 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-09 22:33 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-09 22:33 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-09 22:33 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-09 22:33 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-09 22:33 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-09 22:33 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-09 22:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:45 - 2012-08-20 09:45 - 00018642 ____A C:\Windows\System32\results.xml
    2012-08-20 09:40 - 2012-10-09 22:33 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-09 22:33 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-09 22:33 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-09 22:33 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-09 22:33 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-09 22:33 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-09 22:33 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-09 22:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 22:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 22:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 22:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 05:59 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
    2012-08-20 05:59 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
    2012-08-20 03:57 - 2012-08-20 03:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-08-19 04:03 - 2012-08-19 04:03 - 00001899 ____A C:\Users\Home\Desktop\Pic-A-Book Designer.lnk
    2012-08-18 23:04 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
    2012-08-18 23:04 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
    2012-08-18 21:58 - 2012-08-18 21:58 - 00000951 ____A C:\Users\Public\Desktop\lupa.lnk
    2012-08-18 15:16 - 2012-08-18 15:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-08-18 13:53 - 2012-08-18 13:53 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
    2012-08-18 13:14 - 2012-08-18 13:14 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-08-18 13:14 - 2012-08-18 13:14 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-08-18 13:14 - 2012-08-18 13:14 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-08-18 13:14 - 2012-08-18 13:14 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-08-18 13:14 - 2012-08-18 13:14 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-08-18 13:14 - 2012-08-18 13:14 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-08-18 13:14 - 2012-08-18 13:14 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-08-18 13:14 - 2012-08-18 13:14 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-08-18 13:14 - 2012-08-18 13:14 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-08-18 13:14 - 2012-08-18 13:11 - 00003881 ____A C:\Windows\IE9_main.log
    2012-08-18 12:57 - 2012-08-18 12:57 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-08-18 12:42 - 2012-08-18 12:42 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2012-08-18 12:41 - 2012-08-18 12:37 - 00000156 ____A C:\csb.log
    2012-08-18 12:38 - 2012-08-18 12:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    2012-08-18 12:37 - 2012-08-18 12:37 - 00003044 ____A C:\RHDSetup.log
    2012-08-18 12:37 - 2012-08-18 12:37 - 00000206 ____A C:\Install.log
    2012-08-18 12:34 - 2012-08-18 12:34 - 00000010 ____A C:\Windows\GSetup.ini
    2012-08-18 12:09 - 2012-08-18 12:09 - 00000020 ___SH C:\Users\Home\ntuser.ini
    2012-08-18 12:07 - 2012-08-18 12:07 - 00001313 ____A C:\Windows\TSSysprep.log
    2012-08-18 12:07 - 2009-07-13 20:46 - 00001774 ____A C:\Windows\DtcInstall.log
    2012-08-15 08:52 - 2012-08-15 08:52 - 04472832 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
    2012-08-10 16:56 - 2012-10-09 22:33 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-09 22:33 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-02 09:58 - 2012-09-12 02:04 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-12 02:04 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

    ZeroAccess:
    C:\Windows\Installer\{a0330169-c0e7-0c91-77ff-0fe27956ee83}
    C:\Windows\Installer\{a0330169-c0e7-0c91-77ff-0fe27956ee83}\@
    C:\Windows\Installer\{a0330169-c0e7-0c91-77ff-0fe27956ee83}\L
    C:\Windows\Installer\{a0330169-c0e7-0c91-77ff-0fe27956ee83}\U
    C:\Windows\Installer\{a0330169-c0e7-0c91-77ff-0fe27956ee83}\U\00000004.@
    C:\Windows\Installer\{a0330169-c0e7-0c91-77ff-0fe27956ee83}\U\000000cb.@
    C:\Windows\Installer\{a0330169-c0e7-0c91-77ff-0fe27956ee83}\U\80000032.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-10 17:00:38
    Restore point made on: 2012-10-12 17:00:29
    Restore point made on: 2012-10-20 14:39:57
    Restore point made on: 2012-10-25 12:36:06
    Restore point made on: 2012-10-26 04:20:38

    ==================== Memory info ===========================

    Percentage of memory in use: 10%
    Total physical RAM: 8084.57 MB
    Available physical RAM: 7205.35 MB
    Total Pagefile: 8082.72 MB
    Available Pagefile: 7215.38 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:349.34 GB) NTFS
    2 Drive f: (Pictures) (Fixed) (Total:25.39 GB) (Free:12.22 GB) NTFS
    4 Drive h: (KINGSTON) (Removable) (Total:0.48 GB) (Free:0.07 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 153 GB 0 B
    Disk 2 Online 489 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 465 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 127 GB 31 KB
    Partition 2 Primary 25 GB 127 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 NTFS Partition 127 GB Healthy

    =========================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Pictures NTFS Partition 25 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 488 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H KINGSTON FAT Removable 488 MB Healthy

    =========================================================

    Last Boot: 2012-10-25 14:25

    ==================== End Of Log =============================
  6. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    This is the second log:

    Farbar Recovery Scan Tool (x64) Version: 25-10-2012
    Ran by SYSTEM at 2012-10-26 22:03:58
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  7. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    =========================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    ======================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    ====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    Attached Files:

  8. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    Thank you very much. here's the fixlog:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-10-2012
    Ran by SYSTEM at 2012-10-27 08:17:56 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{a0330169-c0e7-0c91-77ff-0fe27956ee83} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    following next steps now
  9. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    08:22:01.0087 3580 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    08:22:01.0537 3580 ============================================================
    08:22:01.0537 3580 Current date / time: 2012/10/27 08:22:01.0537
    08:22:01.0537 3580 SystemInfo:
    08:22:01.0537 3580
    08:22:01.0537 3580 OS Version: 6.1.7601 ServicePack: 1.0
    08:22:01.0537 3580 Product type: Workstation
    08:22:01.0537 3580 ComputerName: HOME-PC
    08:22:01.0537 3580 UserName: Home
    08:22:01.0537 3580 Windows directory: C:\Windows
    08:22:01.0537 3580 System windows directory: C:\Windows
    08:22:01.0537 3580 Running under WOW64
    08:22:01.0537 3580 Processor architecture: Intel x64
    08:22:01.0537 3580 Number of processors: 4
    08:22:01.0537 3580 Page size: 0x1000
    08:22:01.0537 3580 Boot type: Normal boot
    08:22:01.0537 3580 ============================================================
    08:22:02.0685 3580 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    08:22:02.0703 3580 Drive \Device\Harddisk1\DR1 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    08:22:02.0713 3580 Drive \Device\Harddisk2\DR2 - Size: 0x1E900000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    08:22:02.0716 3580 ============================================================
    08:22:02.0716 3580 \Device\Harddisk0\DR0:
    08:22:02.0716 3580 MBR partitions:
    08:22:02.0716 3580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    08:22:02.0716 3580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
    08:22:02.0716 3580 \Device\Harddisk1\DR1:
    08:22:02.0716 3580 MBR partitions:
    08:22:02.0716 3580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
    08:22:02.0717 3580 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x32C9D33
    08:22:02.0717 3580 \Device\Harddisk2\DR2:
    08:22:02.0717 3580 MBR partitions:
    08:22:02.0717 3580 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xF46E0
    08:22:02.0717 3580 ============================================================
    08:22:02.0738 3580 C: <-> \Device\Harddisk0\DR0\Partition2
    08:22:02.0769 3580 D: <-> \Device\Harddisk1\DR1\Partition1
    08:22:02.0808 3580 E: <-> \Device\Harddisk1\DR1\Partition2
    08:22:02.0809 3580 ============================================================
    08:22:02.0809 3580 Initialize success
    08:22:02.0809 3580 ============================================================
    08:22:05.0171 3256 ============================================================
    08:22:05.0171 3256 Scan started
    08:22:05.0171 3256 Mode: Manual;
    08:22:05.0171 3256 ============================================================
    08:22:05.0891 3256 ================ Scan system memory ========================
    08:22:05.0891 3256 System memory - ok
    08:22:05.0891 3256 ================ Scan services =============================
    08:22:06.0000 3256 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    08:22:06.0004 3256 1394ohci - ok
    08:22:06.0037 3256 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    08:22:06.0040 3256 ACPI - ok
    08:22:06.0055 3256 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    08:22:06.0057 3256 AcpiPmi - ok
    08:22:06.0124 3256 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    08:22:06.0126 3256 AdobeARMservice - ok
    08:22:06.0170 3256 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    08:22:06.0177 3256 adp94xx - ok
    08:22:06.0184 3256 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    08:22:06.0193 3256 adpahci - ok
    08:22:06.0198 3256 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    08:22:06.0201 3256 adpu320 - ok
    08:22:06.0221 3256 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    08:22:06.0222 3256 AeLookupSvc - ok
    08:22:06.0267 3256 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    08:22:06.0273 3256 AFD - ok
    08:22:06.0293 3256 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    08:22:06.0295 3256 agp440 - ok
    08:22:06.0316 3256 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    08:22:06.0318 3256 ALG - ok
    08:22:06.0342 3256 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    08:22:06.0344 3256 aliide - ok
    08:22:06.0354 3256 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    08:22:06.0356 3256 amdide - ok
    08:22:06.0372 3256 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    08:22:06.0374 3256 AmdK8 - ok
    08:22:06.0379 3256 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    08:22:06.0381 3256 AmdPPM - ok
    08:22:06.0398 3256 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    08:22:06.0400 3256 amdsata - ok
    08:22:06.0408 3256 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    08:22:06.0410 3256 amdsbs - ok
    08:22:06.0424 3256 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    08:22:06.0424 3256 amdxata - ok
    08:22:06.0456 3256 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    08:22:06.0458 3256 AppID - ok
    08:22:06.0480 3256 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    08:22:06.0482 3256 AppIDSvc - ok
    08:22:06.0502 3256 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    08:22:06.0504 3256 Appinfo - ok
    08:22:06.0584 3256 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    08:22:06.0586 3256 Apple Mobile Device - ok
    08:22:06.0618 3256 [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
    08:22:06.0619 3256 AppleCharger - ok
    08:22:06.0630 3256 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
    08:22:06.0631 3256 AppleChargerSrv - ok
    08:22:06.0667 3256 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    08:22:06.0670 3256 AppMgmt - ok
    08:22:06.0698 3256 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    08:22:06.0700 3256 arc - ok
    08:22:06.0710 3256 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    08:22:06.0712 3256 arcsas - ok
    08:22:06.0737 3256 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    08:22:06.0738 3256 AsyncMac - ok
    08:22:06.0758 3256 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    08:22:06.0759 3256 atapi - ok
    08:22:06.0800 3256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    08:22:06.0806 3256 AudioEndpointBuilder - ok
    08:22:06.0826 3256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    08:22:06.0830 3256 AudioSrv - ok
    08:22:06.0971 3256 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    08:22:06.0993 3256 AVGIDSAgent - ok
    08:22:07.0011 3256 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    08:22:07.0012 3256 AVGIDSDriver - ok
    08:22:07.0052 3256 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    08:22:07.0053 3256 AVGIDSHA - ok
    08:22:07.0069 3256 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    08:22:07.0070 3256 Avgldx64 - ok
    08:22:07.0100 3256 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    08:22:07.0101 3256 Avgloga - ok
    08:22:07.0126 3256 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    08:22:07.0128 3256 Avgmfx64 - ok
    08:22:07.0159 3256 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    08:22:07.0160 3256 Avgrkx64 - ok
    08:22:07.0171 3256 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    08:22:07.0173 3256 Avgtdia - ok
    08:22:07.0198 3256 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    08:22:07.0199 3256 avgtp - ok
    08:22:07.0229 3256 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    08:22:07.0231 3256 avgwd - ok
    08:22:07.0275 3256 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    08:22:07.0277 3256 AxInstSV - ok
    08:22:07.0324 3256 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    08:22:07.0331 3256 b06bdrv - ok
    08:22:07.0356 3256 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    08:22:07.0361 3256 b57nd60a - ok
    08:22:07.0389 3256 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    08:22:07.0391 3256 BDESVC - ok
    08:22:07.0409 3256 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    08:22:07.0410 3256 Beep - ok
    08:22:07.0442 3256 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    08:22:07.0457 3256 BITS - ok
    08:22:07.0471 3256 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    08:22:07.0473 3256 blbdrive - ok
    08:22:07.0537 3256 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    08:22:07.0541 3256 Bonjour Service - ok
    08:22:07.0579 3256 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    08:22:07.0581 3256 bowser - ok
    08:22:07.0598 3256 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    08:22:07.0599 3256 BrFiltLo - ok
    08:22:07.0603 3256 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    08:22:07.0604 3256 BrFiltUp - ok
    08:22:07.0625 3256 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    08:22:07.0626 3256 Browser - ok
    08:22:07.0631 3256 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    08:22:07.0635 3256 Brserid - ok
    08:22:07.0638 3256 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    08:22:07.0639 3256 BrSerWdm - ok
    08:22:07.0642 3256 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    08:22:07.0643 3256 BrUsbMdm - ok
    08:22:07.0646 3256 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    08:22:07.0647 3256 BrUsbSer - ok
    08:22:07.0649 3256 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    08:22:07.0651 3256 BTHMODEM - ok
    08:22:07.0689 3256 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    08:22:07.0691 3256 bthserv - ok
    08:22:07.0703 3256 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    08:22:07.0704 3256 cdfs - ok
    08:22:07.0728 3256 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    08:22:07.0731 3256 cdrom - ok
    08:22:07.0762 3256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    08:22:07.0764 3256 CertPropSvc - ok
    08:22:07.0784 3256 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    08:22:07.0785 3256 circlass - ok
    08:22:07.0797 3256 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    08:22:07.0799 3256 CLFS - ok
    08:22:07.0849 3256 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    08:22:07.0853 3256 clr_optimization_v2.0.50727_32 - ok
    08:22:07.0889 3256 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    08:22:07.0893 3256 clr_optimization_v2.0.50727_64 - ok
    08:22:07.0957 3256 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    08:22:07.0976 3256 clr_optimization_v4.0.30319_32 - ok
    08:22:08.0003 3256 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    08:22:08.0005 3256 clr_optimization_v4.0.30319_64 - ok
    08:22:08.0048 3256 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    08:22:08.0049 3256 CmBatt - ok
    08:22:08.0065 3256 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    08:22:08.0066 3256 cmdide - ok
    08:22:08.0107 3256 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    08:22:08.0111 3256 CNG - ok
    08:22:08.0125 3256 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    08:22:08.0127 3256 Compbatt - ok
    08:22:08.0158 3256 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    08:22:08.0159 3256 CompositeBus - ok
    08:22:08.0173 3256 COMSysApp - ok
    08:22:08.0261 3256 [ 236172C3A418B9A0F26B416A72F5A556 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
    08:22:08.0266 3256 cphs - ok
    08:22:08.0281 3256 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    08:22:08.0283 3256 crcdisk - ok
    08:22:08.0330 3256 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    08:22:08.0332 3256 CryptSvc - ok
    08:22:08.0358 3256 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    08:22:08.0364 3256 CSC - ok
    08:22:08.0386 3256 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    08:22:08.0390 3256 CscService - ok
    08:22:08.0438 3256 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    08:22:08.0439 3256 dc3d - ok
    08:22:08.0476 3256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    08:22:08.0480 3256 DcomLaunch - ok
    08:22:08.0502 3256 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    08:22:08.0506 3256 defragsvc - ok
    08:22:08.0543 3256 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    08:22:08.0546 3256 DfsC - ok
    08:22:08.0573 3256 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    08:22:08.0575 3256 Dhcp - ok
    08:22:08.0606 3256 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    08:22:08.0607 3256 discache - ok
    08:22:08.0642 3256 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    08:22:08.0643 3256 Disk - ok
    08:22:08.0672 3256 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    08:22:08.0673 3256 Dnscache - ok
    08:22:08.0703 3256 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    08:22:08.0707 3256 dot3svc - ok
    08:22:08.0720 3256 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    08:22:08.0722 3256 DPS - ok
    08:22:08.0762 3256 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    08:22:08.0764 3256 drmkaud - ok
    08:22:08.0797 3256 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    08:22:08.0804 3256 DXGKrnl - ok
    08:22:08.0825 3256 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    08:22:08.0827 3256 EapHost - ok
    08:22:08.0887 3256 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    08:22:08.0928 3256 ebdrv - ok
    08:22:08.0959 3256 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    08:22:08.0961 3256 EFS - ok
    08:22:09.0008 3256 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    08:22:09.0017 3256 ehRecvr - ok
    08:22:09.0043 3256 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    08:22:09.0045 3256 ehSched - ok
    08:22:09.0081 3256 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    08:22:09.0088 3256 elxstor - ok
    08:22:09.0109 3256 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    08:22:09.0111 3256 ErrDev - ok
    08:22:09.0150 3256 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys
    08:22:09.0151 3256 etdrv - ok
    08:22:09.0181 3256 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    08:22:09.0184 3256 EventSystem - ok
    08:22:09.0211 3256 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    08:22:09.0214 3256 exfat - ok
    08:22:09.0230 3256 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    08:22:09.0232 3256 fastfat - ok
    08:22:09.0279 3256 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    08:22:09.0287 3256 Fax - ok
    08:22:09.0301 3256 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    08:22:09.0303 3256 fdc - ok
    08:22:09.0320 3256 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    08:22:09.0321 3256 fdPHost - ok
    08:22:09.0324 3256 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    08:22:09.0325 3256 FDResPub - ok
    08:22:09.0345 3256 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    08:22:09.0345 3256 FileInfo - ok
    08:22:09.0356 3256 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    08:22:09.0358 3256 Filetrace - ok
    08:22:09.0367 3256 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    08:22:09.0368 3256 flpydisk - ok
    08:22:09.0392 3256 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    08:22:09.0393 3256 FltMgr - ok
    08:22:09.0433 3256 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    08:22:09.0459 3256 FontCache - ok
    08:22:09.0507 3256 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    08:22:09.0510 3256 FontCache3.0.0.0 - ok
    08:22:09.0528 3256 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    08:22:09.0529 3256 FsDepends - ok
    08:22:09.0579 3256 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    08:22:09.0580 3256 Fs_Rec - ok
    08:22:09.0624 3256 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    08:22:09.0626 3256 fvevol - ok
    08:22:09.0644 3256 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    08:22:09.0646 3256 gagp30kx - ok
    08:22:09.0673 3256 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
    08:22:09.0683 3256 gdrv - ok
    08:22:09.0712 3256 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    08:22:09.0712 3256 GEARAspiWDM - ok
    08:22:09.0751 3256 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    08:22:09.0758 3256 gpsvc - ok
    08:22:09.0789 3256 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    08:22:09.0791 3256 gupdate - ok
    08:22:09.0795 3256 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    08:22:09.0796 3256 gupdatem - ok
    08:22:09.0835 3256 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    08:22:09.0837 3256 gusvc - ok
    08:22:09.0864 3256 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
    08:22:09.0865 3256 GVTDrv64 - ok
    08:22:09.0902 3256 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    08:22:09.0904 3256 hcw85cir - ok
    08:22:09.0930 3256 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    08:22:09.0935 3256 HdAudAddService - ok
    08:22:09.0952 3256 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    08:22:09.0953 3256 HDAudBus - ok
    08:22:09.0956 3256 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    08:22:09.0958 3256 HidBatt - ok
    08:22:09.0961 3256 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    08:22:09.0962 3256 HidBth - ok
    08:22:09.0983 3256 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    08:22:09.0985 3256 HidIr - ok
    08:22:10.0014 3256 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    08:22:10.0016 3256 hidserv - ok
    08:22:10.0031 3256 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    08:22:10.0032 3256 HidUsb - ok
    08:22:10.0062 3256 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    08:22:10.0064 3256 hkmsvc - ok
    08:22:10.0092 3256 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    08:22:10.0097 3256 HomeGroupListener - ok
    08:22:10.0124 3256 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    08:22:10.0127 3256 HomeGroupProvider - ok
    08:22:10.0160 3256 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    08:22:10.0162 3256 HpSAMD - ok
    08:22:10.0201 3256 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    08:22:10.0207 3256 HTTP - ok
    08:22:10.0222 3256 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    08:22:10.0222 3256 hwpolicy - ok
    08:22:10.0258 3256 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    08:22:10.0260 3256 i8042prt - ok
    08:22:10.0303 3256 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    08:22:10.0309 3256 iaStorV - ok
    08:22:10.0366 3256 [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    08:22:10.0369 3256 ICCS - ok
    08:22:10.0422 3256 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    08:22:10.0425 3256 IDriverT - ok
    08:22:10.0470 3256 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    08:22:10.0485 3256 idsvc - ok
    08:22:10.0700 3256 [ 3FB253E8059A1AAC3A8B83A31D094CC5 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    08:22:10.0880 3256 igfx - ok
    08:22:10.0911 3256 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    08:22:10.0912 3256 iirsp - ok
    08:22:10.0960 3256 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    08:22:10.0975 3256 IKEEXT - ok
    08:22:11.0080 3256 [ ACACD1B925D448558C1C9D0258749451 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    08:22:11.0098 3256 IntcAzAudAddService - ok
    08:22:11.0132 3256 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    08:22:11.0135 3256 IntcDAud - ok
    08:22:11.0211 3256 [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    08:22:11.0216 3256 Intel(R) Capability Licensing Service Interface - ok
    08:22:11.0253 3256 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    08:22:11.0254 3256 intelide - ok
    08:22:11.0282 3256 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    08:22:11.0284 3256 intelppm - ok
    08:22:11.0329 3256 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    08:22:11.0332 3256 IPBusEnum - ok
    08:22:11.0372 3256 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    08:22:11.0374 3256 IpFilterDriver - ok
    08:22:11.0398 3256 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    08:22:11.0400 3256 IPMIDRV - ok
    08:22:11.0416 3256 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    08:22:11.0418 3256 IPNAT - ok
    08:22:11.0468 3256 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    08:22:11.0482 3256 iPod Service - ok
    08:22:11.0496 3256 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    08:22:11.0498 3256 IRENUM - ok
    08:22:11.0527 3256 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    08:22:11.0528 3256 isapnp - ok
    08:22:11.0554 3256 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    08:22:11.0558 3256 iScsiPrt - ok
    08:22:11.0583 3256 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
    08:22:11.0584 3256 iusb3hcs - ok
    08:22:11.0613 3256 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
    08:22:11.0616 3256 iusb3hub - ok
    08:22:11.0631 3256 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
    08:22:11.0636 3256 iusb3xhc - ok
    08:22:11.0686 3256 [ 166FC0B36842135BC2D3C32DF70ED0D6 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    08:22:11.0687 3256 jhi_service - ok
    08:22:11.0716 3256 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    08:22:11.0717 3256 kbdclass - ok
    08:22:11.0734 3256 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    08:22:11.0735 3256 kbdhid - ok
    08:22:11.0763 3256 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    08:22:11.0764 3256 KeyIso - ok
    08:22:11.0787 3256 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    08:22:11.0788 3256 KSecDD - ok
    08:22:11.0795 3256 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    08:22:11.0796 3256 KSecPkg - ok
    08:22:11.0828 3256 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    08:22:11.0828 3256 ksthunk - ok
    08:22:11.0873 3256 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    08:22:11.0879 3256 KtmRm - ok
    08:22:11.0903 3256 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    08:22:11.0904 3256 L1C - ok
    08:22:11.0931 3256 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    08:22:11.0934 3256 LanmanServer - ok
    08:22:11.0956 3256 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    08:22:11.0959 3256 LanmanWorkstation - ok
    08:22:12.0008 3256 [ 02538E602280C07438C94489DCBE77D5 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
    08:22:12.0010 3256 libusb0 - ok
    08:22:12.0037 3256 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    08:22:12.0038 3256 lltdio - ok
    08:22:12.0067 3256 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    08:22:12.0073 3256 lltdsvc - ok
    08:22:12.0083 3256 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    08:22:12.0084 3256 lmhosts - ok
    08:22:12.0130 3256 [ C56E64BA70DC822B84D100A6F8D690D3 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    08:22:12.0132 3256 LMS - ok
    08:22:12.0175 3256 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    08:22:12.0177 3256 LSI_FC - ok
    08:22:12.0187 3256 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    08:22:12.0190 3256 LSI_SAS - ok
    08:22:12.0212 3256 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    08:22:12.0214 3256 LSI_SAS2 - ok
    08:22:12.0223 3256 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    08:22:12.0225 3256 LSI_SCSI - ok
    08:22:12.0244 3256 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    08:22:12.0245 3256 luafv - ok
    08:22:12.0277 3256 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    08:22:12.0279 3256 Mcx2Svc - ok
    08:22:12.0292 3256 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    08:22:12.0294 3256 megasas - ok
    08:22:12.0308 3256 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    08:22:12.0313 3256 MegaSR - ok
    08:22:12.0358 3256 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    08:22:12.0359 3256 MEIx64 - ok
    08:22:12.0428 3256 Microsoft SharePoint Workspace Audit Service - ok
    08:22:12.0451 3256 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    08:22:12.0453 3256 MMCSS - ok
    08:22:12.0470 3256 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    08:22:12.0472 3256 Modem - ok
    08:22:12.0501 3256 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    08:22:12.0502 3256 monitor - ok
    08:22:12.0532 3256 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    08:22:12.0533 3256 mouclass - ok
    08:22:12.0543 3256 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    08:22:12.0545 3256 mouhid - ok
    08:22:12.0569 3256 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    08:22:12.0570 3256 mountmgr - ok
    08:22:12.0585 3256 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    08:22:12.0588 3256 mpio - ok
    08:22:12.0600 3256 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    08:22:12.0602 3256 mpsdrv - ok
    08:22:12.0628 3256 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    08:22:12.0631 3256 MRxDAV - ok
    08:22:12.0649 3256 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    08:22:12.0651 3256 mrxsmb - ok
    08:22:12.0665 3256 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    08:22:12.0668 3256 mrxsmb10 - ok
    08:22:12.0696 3256 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    08:22:12.0697 3256 mrxsmb20 - ok
    08:22:12.0721 3256 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    08:22:12.0723 3256 msahci - ok
    08:22:12.0735 3256 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    08:22:12.0738 3256 msdsm - ok
    08:22:12.0768 3256 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    08:22:12.0772 3256 MSDTC - ok
    08:22:12.0810 3256 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    08:22:12.0812 3256 Msfs - ok
    08:22:12.0823 3256 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    08:22:12.0825 3256 mshidkmdf - ok
    08:22:12.0831 3256 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    08:22:12.0832 3256 msisadrv - ok
    08:22:12.0859 3256 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    08:22:12.0862 3256 MSiSCSI - ok
    08:22:12.0865 3256 msiserver - ok
    08:22:12.0884 3256 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    08:22:12.0885 3256 MSKSSRV - ok
    08:22:12.0888 3256 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    08:22:12.0889 3256 MSPCLOCK - ok
    08:22:12.0892 3256 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    08:22:12.0893 3256 MSPQM - ok
    08:22:12.0917 3256 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    08:22:12.0920 3256 MsRPC - ok
    08:22:12.0934 3256 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    08:22:12.0934 3256 mssmbios - ok
    08:22:12.0937 3256 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    08:22:12.0938 3256 MSTEE - ok
    08:22:12.0941 3256 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    08:22:12.0941 3256 MTConfig - ok
    08:22:12.0953 3256 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    08:22:12.0954 3256 Mup - ok
    08:22:12.0964 3256 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    08:22:12.0969 3256 napagent - ok
  10. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    08:22:12.0989 3256 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    08:22:12.0992 3256 NativeWifiP - ok
    08:22:13.0034 3256 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    08:22:13.0038 3256 NDIS - ok
    08:22:13.0050 3256 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    08:22:13.0051 3256 NdisCap - ok
    08:22:13.0065 3256 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    08:22:13.0066 3256 NdisTapi - ok
    08:22:13.0109 3256 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    08:22:13.0111 3256 Ndisuio - ok
    08:22:13.0136 3256 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    08:22:13.0139 3256 NdisWan - ok
    08:22:13.0180 3256 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    08:22:13.0182 3256 NDProxy - ok
    08:22:13.0195 3256 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    08:22:13.0196 3256 NetBIOS - ok
    08:22:13.0231 3256 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    08:22:13.0234 3256 NetBT - ok
    08:22:13.0263 3256 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    08:22:13.0265 3256 Netlogon - ok
    08:22:13.0287 3256 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    08:22:13.0292 3256 Netman - ok
    08:22:13.0301 3256 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    08:22:13.0306 3256 netprofm - ok
    08:22:13.0342 3256 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    08:22:13.0345 3256 NetTcpPortSharing - ok
    08:22:13.0366 3256 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    08:22:13.0368 3256 nfrd960 - ok
    08:22:13.0396 3256 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    08:22:13.0400 3256 NlaSvc - ok
    08:22:13.0411 3256 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    08:22:13.0413 3256 Npfs - ok
    08:22:13.0436 3256 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    08:22:13.0438 3256 nsi - ok
    08:22:13.0447 3256 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    08:22:13.0449 3256 nsiproxy - ok
    08:22:13.0496 3256 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    08:22:13.0508 3256 Ntfs - ok
    08:22:13.0558 3256 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
    08:22:13.0559 3256 NuidFltr - ok
    08:22:13.0563 3256 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    08:22:13.0564 3256 Null - ok
    08:22:13.0600 3256 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    08:22:13.0604 3256 nvraid - ok
    08:22:13.0618 3256 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    08:22:13.0620 3256 nvstor - ok
    08:22:13.0644 3256 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    08:22:13.0646 3256 nv_agp - ok
    08:22:13.0671 3256 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    08:22:13.0673 3256 ohci1394 - ok
    08:22:13.0718 3256 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    08:22:13.0720 3256 ose - ok
    08:22:13.0845 3256 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    08:22:13.0863 3256 osppsvc - ok
    08:22:13.0885 3256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    08:22:13.0888 3256 p2pimsvc - ok
    08:22:13.0901 3256 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    08:22:13.0905 3256 p2psvc - ok
    08:22:13.0928 3256 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    08:22:13.0930 3256 Parport - ok
    08:22:13.0952 3256 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    08:22:13.0953 3256 partmgr - ok
    08:22:13.0963 3256 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    08:22:13.0965 3256 PcaSvc - ok
    08:22:13.0991 3256 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    08:22:13.0992 3256 pci - ok
    08:22:14.0019 3256 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    08:22:14.0020 3256 pciide - ok
    08:22:14.0026 3256 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    08:22:14.0029 3256 pcmcia - ok
    08:22:14.0041 3256 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    08:22:14.0042 3256 pcw - ok
    08:22:14.0064 3256 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    08:22:14.0069 3256 PEAUTH - ok
    08:22:14.0102 3256 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    08:22:14.0128 3256 PeerDistSvc - ok
    08:22:14.0218 3256 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    08:22:14.0220 3256 PerfHost - ok
    08:22:14.0268 3256 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    08:22:14.0295 3256 pla - ok
    08:22:14.0342 3256 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    08:22:14.0347 3256 PlugPlay - ok
    08:22:14.0369 3256 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    08:22:14.0372 3256 PNRPAutoReg - ok
    08:22:14.0386 3256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    08:22:14.0389 3256 PNRPsvc - ok
    08:22:14.0411 3256 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    08:22:14.0412 3256 Point64 - ok
    08:22:14.0437 3256 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    08:22:14.0443 3256 PolicyAgent - ok
    08:22:14.0454 3256 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    08:22:14.0457 3256 Power - ok
    08:22:14.0496 3256 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    08:22:14.0498 3256 PptpMiniport - ok
    08:22:14.0518 3256 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    08:22:14.0520 3256 Processor - ok
    08:22:14.0546 3256 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    08:22:14.0549 3256 ProfSvc - ok
    08:22:14.0559 3256 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    08:22:14.0561 3256 ProtectedStorage - ok
    08:22:14.0582 3256 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    08:22:14.0584 3256 Psched - ok
    08:22:14.0629 3256 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    08:22:14.0654 3256 ql2300 - ok
    08:22:14.0661 3256 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    08:22:14.0663 3256 ql40xx - ok
    08:22:14.0684 3256 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    08:22:14.0688 3256 QWAVE - ok
    08:22:14.0692 3256 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    08:22:14.0694 3256 QWAVEdrv - ok
    08:22:14.0709 3256 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    08:22:14.0710 3256 RasAcd - ok
    08:22:14.0738 3256 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    08:22:14.0740 3256 RasAgileVpn - ok
    08:22:14.0760 3256 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    08:22:14.0764 3256 RasAuto - ok
    08:22:14.0789 3256 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    08:22:14.0792 3256 Rasl2tp - ok
    08:22:14.0819 3256 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    08:22:14.0824 3256 RasMan - ok
    08:22:14.0836 3256 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    08:22:14.0838 3256 RasPppoe - ok
    08:22:14.0849 3256 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    08:22:14.0851 3256 RasSstp - ok
    08:22:14.0880 3256 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    08:22:14.0884 3256 rdbss - ok
    08:22:14.0894 3256 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    08:22:14.0895 3256 rdpbus - ok
    08:22:14.0902 3256 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    08:22:14.0903 3256 RDPCDD - ok
    08:22:14.0929 3256 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    08:22:14.0931 3256 RDPDR - ok
    08:22:14.0941 3256 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    08:22:14.0942 3256 RDPENCDD - ok
    08:22:14.0954 3256 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    08:22:14.0955 3256 RDPREFMP - ok
    08:22:14.0989 3256 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    08:22:14.0991 3256 RdpVideoMiniport - ok
    08:22:15.0014 3256 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    08:22:15.0017 3256 RDPWD - ok
    08:22:15.0056 3256 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    08:22:15.0059 3256 rdyboost - ok
    08:22:15.0084 3256 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    08:22:15.0087 3256 RemoteAccess - ok
    08:22:15.0092 3256 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    08:22:15.0097 3256 RemoteRegistry - ok
    08:22:15.0107 3256 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    08:22:15.0109 3256 RpcEptMapper - ok
    08:22:15.0134 3256 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    08:22:15.0136 3256 RpcLocator - ok
    08:22:15.0159 3256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    08:22:15.0164 3256 RpcSs - ok
    08:22:15.0201 3256 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    08:22:15.0202 3256 rspndr - ok
    08:22:15.0229 3256 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    08:22:15.0231 3256 s3cap - ok
    08:22:15.0242 3256 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    08:22:15.0244 3256 SamSs - ok
    08:22:15.0256 3256 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    08:22:15.0258 3256 sbp2port - ok
    08:22:15.0270 3256 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    08:22:15.0274 3256 SCardSvr - ok
    08:22:15.0296 3256 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    08:22:15.0297 3256 scfilter - ok
    08:22:15.0329 3256 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    08:22:15.0339 3256 Schedule - ok
    08:22:15.0366 3256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    08:22:15.0367 3256 SCPolicySvc - ok
    08:22:15.0383 3256 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    08:22:15.0387 3256 SDRSVC - ok
    08:22:15.0419 3256 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    08:22:15.0420 3256 secdrv - ok
    08:22:15.0443 3256 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    08:22:15.0446 3256 seclogon - ok
    08:22:15.0476 3256 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    08:22:15.0478 3256 SENS - ok
    08:22:15.0491 3256 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    08:22:15.0494 3256 SensrSvc - ok
    08:22:15.0518 3256 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    08:22:15.0520 3256 Serenum - ok
    08:22:15.0544 3256 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    08:22:15.0546 3256 Serial - ok
    08:22:15.0583 3256 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    08:22:15.0585 3256 sermouse - ok
    08:22:15.0615 3256 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    08:22:15.0618 3256 SessionEnv - ok
    08:22:15.0643 3256 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    08:22:15.0645 3256 sffdisk - ok
    08:22:15.0655 3256 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    08:22:15.0656 3256 sffp_mmc - ok
    08:22:15.0659 3256 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    08:22:15.0660 3256 sffp_sd - ok
    08:22:15.0667 3256 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    08:22:15.0668 3256 sfloppy - ok
    08:22:15.0690 3256 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    08:22:15.0693 3256 ShellHWDetection - ok
    08:22:15.0707 3256 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    08:22:15.0709 3256 SiSRaid2 - ok
    08:22:15.0719 3256 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    08:22:15.0721 3256 SiSRaid4 - ok
    08:22:15.0746 3256 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    08:22:15.0748 3256 Smb - ok
    08:22:15.0781 3256 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    08:22:15.0782 3256 SNMPTRAP - ok
    08:22:15.0792 3256 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    08:22:15.0792 3256 spldr - ok
    08:22:15.0817 3256 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    08:22:15.0819 3256 Spooler - ok
    08:22:15.0891 3256 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    08:22:15.0906 3256 sppsvc - ok
    08:22:15.0919 3256 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    08:22:15.0920 3256 sppuinotify - ok
    08:22:15.0941 3256 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    08:22:15.0943 3256 srv - ok
    08:22:15.0953 3256 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    08:22:15.0955 3256 srv2 - ok
    08:22:15.0962 3256 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    08:22:15.0962 3256 srvnet - ok
    08:22:15.0991 3256 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    08:22:15.0994 3256 SSDPSRV - ok
    08:22:16.0006 3256 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    08:22:16.0008 3256 SstpSvc - ok
    08:22:16.0034 3256 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    08:22:16.0035 3256 stexstor - ok
    08:22:16.0066 3256 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    08:22:16.0072 3256 stisvc - ok
    08:22:16.0092 3256 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    08:22:16.0093 3256 storflt - ok
    08:22:16.0100 3256 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    08:22:16.0102 3256 storvsc - ok
    08:22:16.0129 3256 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    08:22:16.0130 3256 swenum - ok
    08:22:16.0137 3256 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    08:22:16.0143 3256 swprv - ok
    08:22:16.0160 3256 Synth3dVsc - ok
    08:22:16.0200 3256 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    08:22:16.0210 3256 SysMain - ok
    08:22:16.0228 3256 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    08:22:16.0230 3256 TabletInputService - ok
    08:22:16.0244 3256 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    08:22:16.0250 3256 TapiSrv - ok
    08:22:16.0259 3256 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    08:22:16.0262 3256 TBS - ok
    08:22:16.0311 3256 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    08:22:16.0321 3256 Tcpip - ok
    08:22:16.0358 3256 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    08:22:16.0365 3256 TCPIP6 - ok
    08:22:16.0382 3256 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    08:22:16.0382 3256 tcpipreg - ok
    08:22:16.0404 3256 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    08:22:16.0405 3256 TDPIPE - ok
    08:22:16.0431 3256 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    08:22:16.0432 3256 TDTCP - ok
    08:22:16.0467 3256 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    08:22:16.0468 3256 tdx - ok
    08:22:16.0488 3256 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    08:22:16.0489 3256 TermDD - ok
    08:22:16.0510 3256 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    08:22:16.0525 3256 TermService - ok
    08:22:16.0549 3256 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    08:22:16.0552 3256 Themes - ok
    08:22:16.0563 3256 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    08:22:16.0565 3256 THREADORDER - ok
    08:22:16.0582 3256 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    08:22:16.0585 3256 TrkWks - ok
    08:22:16.0622 3256 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    08:22:16.0625 3256 TrustedInstaller - ok
    08:22:16.0649 3256 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    08:22:16.0650 3256 tssecsrv - ok
    08:22:16.0676 3256 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    08:22:16.0678 3256 TsUsbFlt - ok
    08:22:16.0682 3256 tsusbhub - ok
    08:22:16.0718 3256 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    08:22:16.0720 3256 tunnel - ok
    08:22:16.0746 3256 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    08:22:16.0749 3256 uagp35 - ok
    08:22:16.0774 3256 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    08:22:16.0779 3256 udfs - ok
    08:22:16.0805 3256 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    08:22:16.0807 3256 UI0Detect - ok
    08:22:16.0843 3256 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    08:22:16.0845 3256 uliagpkx - ok
    08:22:16.0877 3256 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    08:22:16.0879 3256 umbus - ok
    08:22:16.0898 3256 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    08:22:16.0899 3256 UmPass - ok
    08:22:16.0914 3256 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    08:22:16.0918 3256 UmRdpService - ok
    08:22:17.0036 3256 [ 0F9E1BC7E2BEA1A4108EC9736CF0C2D9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    08:22:17.0040 3256 UNS - ok
    08:22:17.0069 3256 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    08:22:17.0075 3256 upnphost - ok
    08:22:17.0105 3256 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    08:22:17.0107 3256 USBAAPL64 - ok
    08:22:17.0141 3256 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    08:22:17.0144 3256 usbccgp - ok
    08:22:17.0180 3256 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    08:22:17.0182 3256 usbcir - ok
    08:22:17.0195 3256 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    08:22:17.0197 3256 usbehci - ok
    08:22:17.0228 3256 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    08:22:17.0233 3256 usbhub - ok
    08:22:17.0249 3256 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    08:22:17.0250 3256 usbohci - ok
    08:22:17.0279 3256 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    08:22:17.0281 3256 usbprint - ok
    08:22:17.0288 3256 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    08:22:17.0290 3256 USBSTOR - ok
    08:22:17.0301 3256 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    08:22:17.0303 3256 usbuhci - ok
    08:22:17.0326 3256 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    08:22:17.0328 3256 UxSms - ok
    08:22:17.0355 3256 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    08:22:17.0356 3256 VaultSvc - ok
    08:22:17.0381 3256 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    08:22:17.0382 3256 vdrvroot - ok
    08:22:17.0418 3256 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    08:22:17.0426 3256 vds - ok
    08:22:17.0437 3256 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    08:22:17.0439 3256 vga - ok
    08:22:17.0443 3256 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    08:22:17.0445 3256 VgaSave - ok
    08:22:17.0455 3256 VGPU - ok
    08:22:17.0477 3256 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    08:22:17.0480 3256 vhdmp - ok
    08:22:17.0519 3256 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    08:22:17.0521 3256 viaide - ok
    08:22:17.0550 3256 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    08:22:17.0552 3256 vmbus - ok
    08:22:17.0569 3256 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    08:22:17.0571 3256 VMBusHID - ok
    08:22:17.0595 3256 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    08:22:17.0596 3256 volmgr - ok
    08:22:17.0624 3256 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    08:22:17.0627 3256 volmgrx - ok
    08:22:17.0644 3256 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    08:22:17.0647 3256 volsnap - ok
    08:22:17.0669 3256 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    08:22:17.0672 3256 vsmraid - ok
    08:22:17.0711 3256 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    08:22:17.0721 3256 VSS - ok
    08:22:17.0762 3256 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    08:22:17.0766 3256 vToolbarUpdater12.2.6 - ok
    08:22:17.0777 3256 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    08:22:17.0778 3256 vwifibus - ok
    08:22:17.0828 3256 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    08:22:17.0835 3256 W32Time - ok
    08:22:17.0844 3256 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    08:22:17.0845 3256 WacomPen - ok
    08:22:17.0873 3256 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    08:22:17.0875 3256 WANARP - ok
    08:22:17.0895 3256 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    08:22:17.0897 3256 Wanarpv6 - ok
    08:22:17.0939 3256 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    08:22:17.0962 3256 WatAdminSvc - ok
    08:22:18.0002 3256 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    08:22:18.0029 3256 wbengine - ok
    08:22:18.0066 3256 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    08:22:18.0069 3256 WbioSrvc - ok
    08:22:18.0085 3256 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    08:22:18.0090 3256 wcncsvc - ok
    08:22:18.0101 3256 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    08:22:18.0103 3256 WcsPlugInService - ok
    08:22:18.0127 3256 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    08:22:18.0128 3256 Wd - ok
    08:22:18.0145 3256 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    08:22:18.0150 3256 Wdf01000 - ok
    08:22:18.0166 3256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    08:22:18.0169 3256 WdiServiceHost - ok
    08:22:18.0173 3256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    08:22:18.0176 3256 WdiSystemHost - ok
    08:22:18.0201 3256 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    08:22:18.0206 3256 WebClient - ok
    08:22:18.0213 3256 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    08:22:18.0217 3256 Wecsvc - ok
    08:22:18.0226 3256 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    08:22:18.0229 3256 wercplsupport - ok
    08:22:18.0256 3256 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    08:22:18.0260 3256 WerSvc - ok
    08:22:18.0294 3256 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    08:22:18.0295 3256 WfpLwf - ok
    08:22:18.0304 3256 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    08:22:18.0306 3256 WIMMount - ok
    08:22:18.0309 3256 WinHttpAutoProxySvc - ok
    08:22:18.0349 3256 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    08:22:18.0352 3256 Winmgmt - ok
    08:22:18.0407 3256 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    08:22:18.0439 3256 WinRM - ok
    08:22:18.0482 3256 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    08:22:18.0483 3256 WinUsb - ok
    08:22:18.0517 3256 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    08:22:18.0535 3256 Wlansvc - ok
    08:22:18.0549 3256 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    08:22:18.0550 3256 WmiAcpi - ok
    08:22:18.0574 3256 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    08:22:18.0578 3256 wmiApSrv - ok
    08:22:18.0617 3256 WMPNetworkSvc - ok
    08:22:18.0648 3256 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    08:22:18.0651 3256 WPCSvc - ok
    08:22:18.0676 3256 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    08:22:18.0680 3256 WPDBusEnum - ok
    08:22:18.0706 3256 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    08:22:18.0708 3256 ws2ifsl - ok
    08:22:18.0711 3256 WSearch - ok
    08:22:18.0760 3256 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    08:22:18.0803 3256 wuauserv - ok
    08:22:18.0828 3256 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    08:22:18.0830 3256 WudfPf - ok
    08:22:18.0843 3256 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    08:22:18.0846 3256 WUDFRd - ok
    08:22:18.0860 3256 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    08:22:18.0862 3256 wudfsvc - ok
    08:22:18.0885 3256 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    08:22:18.0889 3256 WwanSvc - ok
    08:22:18.0901 3256 ================ Scan global ===============================
    08:22:18.0921 3256 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    08:22:18.0941 3256 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    08:22:18.0947 3256 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    08:22:18.0958 3256 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    08:22:18.0985 3256 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    08:22:18.0988 3256 [Global] - ok
    08:22:18.0988 3256 ================ Scan MBR ==================================
    08:22:18.0998 3256 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    08:22:19.0164 3256 \Device\Harddisk0\DR0 - ok
    08:22:19.0166 3256 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    08:22:19.0259 3256 \Device\Harddisk1\DR1 - ok
    08:22:19.0267 3256 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR2
    08:22:20.0374 3256 \Device\Harddisk2\DR2 - ok
    08:22:20.0374 3256 ================ Scan VBR ==================================
    08:22:20.0375 3256 [ DEE2BD07E046FCA4CA6B9B92A1C35212 ] \Device\Harddisk0\DR0\Partition1
    08:22:20.0376 3256 \Device\Harddisk0\DR0\Partition1 - ok
    08:22:20.0387 3256 [ 4A4167E66F5FA93107848070B91A7C30 ] \Device\Harddisk0\DR0\Partition2
    08:22:20.0388 3256 \Device\Harddisk0\DR0\Partition2 - ok
    08:22:20.0390 3256 [ 165062540011CE382EA07E04113CAD1E ] \Device\Harddisk1\DR1\Partition1
    08:22:20.0391 3256 \Device\Harddisk1\DR1\Partition1 - ok
    08:22:20.0392 3256 [ 7881AA670BED1231BA05CE31D2706700 ] \Device\Harddisk1\DR1\Partition2
    08:22:20.0393 3256 \Device\Harddisk1\DR1\Partition2 - ok
    08:22:20.0396 3256 [ 05C5C808A776F1FB0FB5F7E93ACB62F1 ] \Device\Harddisk2\DR2\Partition1
    08:22:20.0397 3256 \Device\Harddisk2\DR2\Partition1 - ok
    08:22:20.0397 3256 ============================================================
    08:22:20.0397 3256 Scan finished
    08:22:20.0397 3256 ============================================================
    08:22:20.0402 2744 Detected object count: 0
    08:22:20.0402 2744 Actual detected object count: 0
  11. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    RogueKiller V8.2.0 [10/22/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Home [Admin rights]
    Mode : Remove -- Date : 10/27/2012 08:25:24
    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]
    [SUSP PATH] TDSSKiller.exe -- C:\Users\Home\Desktop\TDSSKiller.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> DELETED
    [TASK][SUSP PATH] {BAB52A72-2167-4C90-BDF2-801A4FEEEFBF} : C:\Windows\system32\pcalua.exe -a C:\Users\Home\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Users\Home\AppData\Local\Temp\Rar$EXa0.754 -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [RUN][SUSP PATH] [ON_D:]HKLM\Software[...]\Run : BigDog305 (C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)) -> DELETED
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Documents and Settings\Default User\NTUSER.DAT
    -> D:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
    -> D:\Documents and Settings\Lev\NTUSER.DAT
    -> D:\Documents and Settings\Lev.HOME\NTUSER.DAT
    -> D:\Documents and Settings\LocalService\NTUSER.DAT
    -> D:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
    -> D:\Documents and Settings\Moran\NTUSER.DAT
    -> D:\Documents and Settings\NetworkService\NTUSER.DAT
    -> D:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000AAKX-221CA1 ATA Device +++++
    --- User ---
    [MBR] 526ea908fdcd35c83f46728cfc0b0897
    [BSP] 7f93e658156f8d297a4aaa12132b4df4 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: HDT722516DLA380 ATA Device +++++
    --- User ---
    [MBR] d5f27f8685ee24d208ca3676e309cbef
    [BSP] 221b8d215e69dddabc7b63d5eac2423c : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131061 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268414020 | Size: 26003 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: Kingston DataTraveler 2.0 USB Device +++++
    --- User ---
    [MBR] 294c86c918fd1e1b055ce0cbdba3c3c4
    [BSP] 15476bfbd2357c5b440acbe30a658bbc : Standard MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 488 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  12. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.10.27.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Home :: HOME-PC [administrator]
    27/10/2012 08:26:31
    mbam-log-2012-10-27 (08-26-31).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228281
    Time elapsed: 1 minute(s), 42 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  13. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    Hi!

    everything worked fine except the last scan with aswmbr. It stops every time and says "A problem coused this program stop working correctly..." Print screen atached.
    Tried to run it in a safe mode - same result.
    here's the log it's missing - right?
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-27 08:57:39
    -----------------------------
    08:57:39.584 OS Version: Windows x64 6.1.7601 Service Pack 1
    08:57:39.584 Number of processors: 4 586 0x3A09
    08:57:39.584 ComputerName: HOME-PC UserName: Home
    08:57:40.161 Initialize success
    08:57:44.357 AVAST engine defs: 12102601
    08:57:44.825 The log file has been saved successfully to "C:\Users\Home\Documents\aswMBR.txt"
    08:57:56.220 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"


    What should I do next?
    aswmbr.jpg
  14. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    That's fine.

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ========================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  15. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    ComboFix 12-10-26.05 - Home 10/28/2012 0:24.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.8083.6473 [GMT 2:00]
    Running from: c:\users\Home\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\blekkotb_031\blEKkotb_019x.dll
    c:\windows\SysWow64\lsprst7.dll
    c:\windows\SysWow64\prsgrc.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-27 to 2012-10-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-27 22:27 . 2012-10-27 22:27--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-27 22:27 . 2012-10-27 22:27--------d-----w-c:\users\moran\AppData\Local\temp
    2012-10-26 13:02 . 2012-10-26 13:02--------d-----w-c:\program files (x86)\Common Files\McAfee
    2012-10-26 13:02 . 2012-10-26 13:02--------d-----w-c:\program files\McAfee
    2012-10-26 13:02 . 2012-10-26 13:02--------d-----w-c:\program files (x86)\McAfee
    2012-10-26 12:49 . 2012-10-27 01:13--------d-----w-c:\programdata\McAfee
    2012-10-26 12:21 . 2012-10-26 12:21--------d-----w-c:\programdata\ISI ResearchSoft
    2012-10-26 12:21 . 2012-10-26 12:21--------d-----w-c:\program files (x86)\Common Files\ResearchSoft
    2012-10-26 12:20 . 2012-10-26 15:14--------d-----w-c:\program files (x86)\Reference Manager 12 Demo
    2012-10-26 12:20 . 2012-10-27 01:13--------d-----w-c:\programdata\Thomson.ResearchSoft.Installers
    2012-10-26 12:06 . 2012-10-27 01:13--------d-----w-c:\windows\SysWow64\Macromed
    2012-10-25 20:36 . 2012-10-27 01:13--------d-----w-c:\program files (x86)\Common Files\Risxtd
    2012-10-25 20:36 . 2012-10-26 12:25--------d-----w-c:\users\Home\AppData\Roaming\ISI ResearchSoft
    2012-10-25 20:36 . 2012-10-27 01:12--------d-----w-c:\program files (x86)\Reference Manager 11
    2012-10-25 20:32 . 2012-10-25 20:32--------d-----w-c:\programdata\NortonInstaller
    2012-10-15 18:31 . 2012-10-15 18:42--------d-----w-c:\program files (x86)\JDownloader
    2012-10-15 18:30 . 2012-10-15 18:30--------d-----w-c:\programdata\SweetIM
    2012-10-15 18:30 . 2012-10-15 18:30--------d-----w-c:\program files (x86)\SweetIM
    2012-10-13 07:30 . 2012-10-13 07:30--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
    2012-10-10 06:32 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-10 06:32 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2012-10-10 06:32 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2012-10-10 06:32 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 06:32 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2012-10-10 06:32 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-10-07 05:33 . 2012-10-07 05:33--------d-----w-c:\users\Home\AppData\Roaming\AVG2013
    2012-10-06 20:52 . 2012-10-06 20:52--------d-----w-c:\users\Home\AppData\Roaming\TuneUp Software
    2012-10-06 20:50 . 2012-10-27 22:13--------d-----w-c:\programdata\AVG2013
    2012-10-06 20:45 . 2012-10-16 04:25--------d-----w-c:\users\Home\AppData\Local\Avg2013
    2012-10-06 20:45 . 2012-10-06 20:45--------d-----w-c:\users\Home\AppData\Local\MFAData
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-27 22:28 . 2012-08-18 20:4325640----a-w-c:\windows\gdrv.sys
    2012-10-27 22:16 . 2012-08-18 20:4330528----a-w-c:\windows\GVTDrv64.sys
    2012-10-11 01:02 . 2012-08-18 21:0265309168----a-w-c:\windows\system32\MRT.exe
    2012-08-29 05:12 . 2012-08-29 05:1249152----a-r-c:\users\Home\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
    2012-08-29 05:11 . 2012-08-29 05:11335872----a-r-c:\users\Home\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
    2012-08-29 05:10 . 2012-08-29 05:1057344----a-r-c:\users\Home\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
    2012-08-29 05:04 . 2003-03-19 09:05106496----a-w-c:\windows\SysWow64\ATL71.DLL
    2012-08-24 11:15 . 2012-09-26 19:4017810944----a-w-c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-26 19:4010925568----a-w-c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-26 19:402312704----a-w-c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-26 19:401346048----a-w-c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-26 19:401392128----a-w-c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-26 19:401494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-26 19:40237056----a-w-c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-26 19:4085504----a-w-c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-26 19:40173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-26 19:40816640----a-w-c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-26 19:40599040----a-w-c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-26 19:402144768----a-w-c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-26 19:40729088----a-w-c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-26 19:4096768----a-w-c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-26 19:402382848----a-w-c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-26 19:40248320----a-w-c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-26 19:401800704----a-w-c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-26 19:401129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-26 19:401427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-26 19:40142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-26 19:40420864----a-w-c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-26 19:402382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 10:031913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 10:04950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 10:03376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 10:03288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-22 11:35 . 2012-08-22 11:3595208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-08-22 11:35 . 2012-08-19 10:40821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-08-22 11:35 . 2012-08-19 10:40746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-08-21 21:01 . 2012-09-26 19:04245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-08-21 10:01 . 2012-09-14 19:5933240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 10:01 . 2012-08-18 22:54125872----a-w-c:\windows\system32\GEARAspi64.dll
    2012-08-21 10:01 . 2012-08-18 22:54106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2012-08-20 17:38 . 2012-10-10 06:3344032----a-w-c:\windows\apppatch\acwow64.dll
    2012-08-20 13:59 . 2009-07-14 02:36175616----a-w-c:\windows\system32\msclmd.dll
    2012-08-20 13:59 . 2009-07-14 02:36152576----a-w-c:\windows\SysWow64\msclmd.dll
    2012-08-19 07:39 . 2012-08-19 07:39163048----a-w-c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-08-18 21:53 . 2012-08-18 21:5325640----a-w-c:\windows\etdrv.sys
    2012-08-18 21:14 . 2012-08-18 21:1491648----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2012-08-18 21:14 . 2012-08-18 21:1489088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
    2012-08-18 21:14 . 2012-08-18 21:1489088----a-w-c:\windows\system32\ie4uinit.exe
    2012-08-18 21:14 . 2012-08-18 21:1486528----a-w-c:\windows\SysWow64\iesysprep.dll
    2012-08-18 21:14 . 2012-08-18 21:1485504----a-w-c:\windows\system32\iesetup.dll
    2012-08-18 21:14 . 2012-08-18 21:1482432----a-w-c:\windows\system32\icardie.dll
    2012-08-18 21:14 . 2012-08-18 21:1476800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-08-18 21:14 . 2012-08-18 21:1476800----a-w-c:\windows\system32\tdc.ocx
    2012-08-18 21:14 . 2012-08-18 21:1474752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-08-18 21:14 . 2012-08-18 21:1474752----a-w-c:\windows\SysWow64\iesetup.dll
    2012-08-18 21:14 . 2012-08-18 21:1465024----a-w-c:\windows\system32\pngfilt.dll
    2012-08-18 21:14 . 2012-08-18 21:1463488----a-w-c:\windows\SysWow64\tdc.ocx
    2012-08-18 21:14 . 2012-08-18 21:1455296----a-w-c:\windows\system32\msfeedsbs.dll
    2012-08-18 21:14 . 2012-08-18 21:14534528----a-w-c:\windows\system32\ieapfltr.dll
    2012-08-18 21:14 . 2012-08-18 21:1449664----a-w-c:\windows\system32\imgutil.dll
    2012-08-18 21:14 . 2012-08-18 21:1448640----a-w-c:\windows\SysWow64\mshtmler.dll
    2012-08-18 21:14 . 2012-08-18 21:1448640----a-w-c:\windows\system32\mshtmler.dll
    2012-08-18 21:14 . 2012-08-18 21:14452608----a-w-c:\windows\system32\dxtmsft.dll
    2012-08-18 21:14 . 2012-08-18 21:14448512----a-w-c:\windows\system32\html.iec
    2012-08-18 21:14 . 2012-08-18 21:14403248----a-w-c:\windows\system32\iedkcs32.dll
    2012-08-18 21:14 . 2012-08-18 21:1439936----a-w-c:\windows\system32\iernonce.dll
    2012-08-18 21:14 . 2012-08-18 21:143695416----a-w-c:\windows\system32\ieapfltr.dat
    2012-08-18 21:14 . 2012-08-18 21:14367104----a-w-c:\windows\SysWow64\html.iec
    2012-08-18 21:14 . 2012-08-18 21:1435840----a-w-c:\windows\SysWow64\imgutil.dll
    2012-08-18 21:14 . 2012-08-18 21:1430720----a-w-c:\windows\system32\licmgr10.dll
    2012-08-18 21:14 . 2012-08-18 21:14282112----a-w-c:\windows\system32\dxtrans.dll
    2012-08-18 21:14 . 2012-08-18 21:14267776----a-w-c:\windows\system32\ieaksie.dll
    2012-08-18 21:14 . 2012-08-18 21:14249344----a-w-c:\windows\system32\webcheck.dll
    2012-08-18 21:14 . 2012-08-18 21:1423552----a-w-c:\windows\SysWow64\licmgr10.dll
    2012-08-18 21:14 . 2012-08-18 21:14222208----a-w-c:\windows\system32\msls31.dll
    2012-08-18 21:14 . 2012-08-18 21:14197120----a-w-c:\windows\system32\msrating.dll
    2012-08-18 21:14 . 2012-08-18 21:14165888----a-w-c:\windows\system32\iexpress.exe
    2012-08-18 21:14 . 2012-08-18 21:14163840----a-w-c:\windows\system32\ieakui.dll
    2012-08-18 21:14 . 2012-08-18 21:14161792----a-w-c:\windows\SysWow64\msls31.dll
    2012-08-18 21:14 . 2012-08-18 21:14160256----a-w-c:\windows\system32\wextract.exe
    2012-08-18 21:14 . 2012-08-18 21:14160256----a-w-c:\windows\system32\ieakeng.dll
    2012-08-18 21:14 . 2012-08-18 21:14152064----a-w-c:\windows\SysWow64\wextract.exe
    2012-08-18 21:14 . 2012-08-18 21:14150528----a-w-c:\windows\SysWow64\iexpress.exe
    2012-08-18 21:14 . 2012-08-18 21:14149504----a-w-c:\windows\system32\occache.dll
    2012-08-18 21:14 . 2012-08-18 21:14145920----a-w-c:\windows\system32\iepeers.dll
    2012-08-18 21:14 . 2012-08-18 21:14135168----a-w-c:\windows\system32\IEAdvpack.dll
    2012-08-18 21:14 . 2012-08-18 21:1412288----a-w-c:\windows\system32\mshta.exe
    2012-08-18 21:14 . 2012-08-18 21:1411776----a-w-c:\windows\SysWow64\mshta.exe
    2012-08-18 21:14 . 2012-08-18 21:14114176----a-w-c:\windows\system32\admparse.dll
    2012-08-18 21:14 . 2012-08-18 21:14111616----a-w-c:\windows\system32\iesysprep.dll
    2012-08-18 21:14 . 2012-08-18 21:14110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
    2012-08-18 21:14 . 2012-08-18 21:1410752----a-w-c:\windows\system32\msfeedssync.exe
    2012-08-18 21:14 . 2012-08-18 21:14103936----a-w-c:\windows\system32\inseng.dll
    2012-08-18 21:14 . 2012-08-18 21:14101888----a-w-c:\windows\SysWow64\admparse.dll
    2012-08-15 16:52 . 2012-08-15 16:524472832----a-w-c:\windows\SysWow64\GPhotos.scr
    2012-08-02 17:58 . 2012-09-12 10:04574464----a-w-c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 10:04490496----a-w-c:\windows\SysWow64\d3d10level9.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
    c:\program files (x86)\blekkotb_031\blekkotb_019X.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2012-07-04 13:031310040----a-r-c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files (x86)\blekkotb_031\blekkotb_019X.dll" [BU]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
    .
    [HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
    "ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [BU]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [BU]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
    "Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;שירות עדכון Google (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-18 136176]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-30 276248]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-08-18 25640]
    R3 gupdatem;שירות עדכון Google (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-18 136176]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-10-27 30528]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
    R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-05-17 44480]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-18 20:57]
    .
    2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-18 20:57]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=73449B05B68520BFFDE9DC50557433B8&tbp=homepage
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &ייצוא אל Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: ש&לח אל OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: samsungsetup.com\www
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-28 00:31:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-27 22:31
    ComboFix2.txt 2012-10-26 14:58
    ComboFix3.txt 2012-10-26 14:13
    ComboFix4.txt 2012-10-26 14:05
    .
    Pre-Run: 373,327,802,368 bytes free
    Post-Run: 373,261,582,336 bytes free
    .
    - - End Of File - - 765577E5B825C4D85197E3E70E284DD3
  16. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Looks good :)

    Any current issues?

    You can reinstall AVG now.

    ==============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    No issues right now.
    when I was trying to uninstall AVG I wasn't able to do it with the appremover - it didn;t find it (!) maybe because it's AVG2013. Uninstall using windows tools... Now reinstalled.
  18. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    Can't paste the files - it says "you don't have permission to tag people". Have no idea why?!
    the files are attached.

    Thanks alot.

    Attached Files:

  19. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Yes. There is some glitch I reported to the board owners.

    OTL logfile created on: 28/10/2012 01:07:57 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

    7.89 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.05% Memory free
    15.79 Gb Paging File | 13.80 Gb Available in Paging File | 87.40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 348.10 Gb Free Space | 74.75% Space Free | Partition Type: NTFS
    Drive D: | 127.99 Gb Total Space | 8.82 Gb Free Space | 6.89% Space Free | Partition Type: NTFS
    Drive E: | 25.39 Gb Total Space | 12.22 Gb Free Space | 48.11% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive G: | 488.60 Mb Total Space | 71.87 Mb Free Space | 14.71% Space Free | Partition Type: FAT
    Drive I: | 3.74 Gb Total Space | 1.56 Gb Free Space | 41.63% Space Free | Partition Type: FAT32

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/28 01:07:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/10/10 12:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/08/15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    PRC - [2012/03/23 14:09:38 | 014,749,544 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
    PRC - [2012/01/27 11:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2011/08/30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    PRC - [2008/12/16 15:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/10 12:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
    MOD - [2012/10/10 12:06:13 | 012,435,992 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    MOD - [2012/10/10 12:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    MOD - [2012/10/10 12:04:57 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
    MOD - [2012/10/10 12:04:55 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libegl.dll
    MOD - [2012/10/10 12:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
    MOD - [2012/10/10 12:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
    MOD - [2012/10/10 12:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
    MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/12/08 15:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
    SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/31 00:43:34 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2011/08/30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/09/13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/06/26 20:38:30 | 000,023,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2012/06/24 21:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/03/27 04:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/27 11:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/01/27 11:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/01/27 11:39:33 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2011/12/06 13:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/11/10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011/11/02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
    DRV:64bit: - [2011/08/12 00:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011/05/17 15:44:46 | 000,044,480 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2012/10/28 00:28:57 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
    DRV - [2012/10/28 00:16:46 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
    DRV - [2012/08/18 23:53:27 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
    DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=c3348d...73449B05B68520BFFDE9DC50557433B8&tbp=homepage
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he-IL
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 60 5E 32 F9 7D CD 01 [binary data]
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348d...49B05B68520BFFDE9DC50557433B8&q={searchTerms}
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\..\SearchScopes\{47A4D194-3D70-4665-AD0A-024A13FDC665}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    ========== Chrome ==========

    CHR - homepage: http://start.facemoods.com/?a=ddrnw
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://start.facemoods.com/?a=ddrnw
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U6 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - Extension: Angry Birds = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
    CHR - Extension: Better Pop Up Blocker = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
    CHR - Extension: Angry Birds = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
    CHR - Extension: Better Pop Up Blocker = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\

    O1 HOSTS File: ([2012/10/28 00:28:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll File not found
    O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
    O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKU\S-1-5-21-309147355-1302797153-2281797774-1000..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{373A3DD9-B40C-49BA-B1E6-B385CE577EF3}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/16 19:14:24 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/28 01:07:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2012/10/28 00:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/10/28 00:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012/10/28 00:31:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/28 00:29:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/28 00:23:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/28 00:23:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/28 00:23:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/28 00:00:42 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
    [2012/10/27 08:50:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe
    [2012/10/27 08:24:09 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\RK_Quarantine
    [2012/10/27 08:21:28 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe
    [2012/10/27 07:59:27 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/26 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
    [2012/10/26 17:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/26 17:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/26 17:38:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/26 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/26 15:40:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Diagnostics
    [2012/10/26 15:18:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/26 15:18:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/26 15:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
    [2012/10/26 15:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2012/10/26 15:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2012/10/26 15:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
    [2012/10/26 14:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/10/26 14:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
    [2012/10/26 14:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ISI ResearchSoft
    [2012/10/26 14:20:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reference Manager 12
    [2012/10/26 14:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Manager 12 Demo
    [2012/10/26 14:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
    [2012/10/26 14:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2012/10/25 22:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
    [2012/10/25 22:36:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\ISI ResearchSoft
    [2012/10/25 22:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reference Manager 11
    [2012/10/25 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
    [2012/10/25 22:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Manager 11
    [2012/10/25 22:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2012/10/18 22:02:59 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Moran
    [2012/10/15 20:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
    [2012/10/15 20:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
    [2012/10/15 20:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
    [2012/10/07 07:33:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\AVG2013
    [2012/10/06 22:52:34 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\TuneUp Software
    [2012/10/06 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012/10/06 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\MFAData
    [2012/10/06 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Avg2013
    [2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012/10/02 14:20:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/10/02 14:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    [2012/10/02 13:58:51 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\disc on key lev
    [2012/10/02 07:29:45 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\georgia pics
    [2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [1 C:\Users\Home\Desktop\*.tmp files -> C:\Users\Home\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/28 01:07:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2012/10/28 00:41:10 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/28 00:41:10 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/28 00:40:26 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/10/28 00:39:09 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/28 00:39:09 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/28 00:39:09 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/28 00:34:09 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/28 00:33:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/28 00:33:51 | 2061,811,711 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/28 00:28:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/28 00:16:46 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
    [2012/10/28 00:13:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/28 00:00:43 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
    [2012/10/27 09:12:18 | 000,336,734 | ---- | M] () -- C:\Users\Home\Desktop\aswmbr.jpg
    [2012/10/27 08:20:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe
    [2012/10/15 20:30:29 | 000,000,228 | ---- | M] () -- C:\Users\Home\Desktop\Search the Web.url
    [2012/10/15 20:30:29 | 000,000,222 | ---- | M] () -- C:\Users\Home\Desktop\SweetPcFix.url
    [2012/10/14 16:07:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
    [2012/10/14 16:05:35 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
    [2012/10/12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe
    [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012/10/02 14:20:40 | 731,613,479 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/10/02 14:13:02 | 000,001,130 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
    [2012/10/02 14:13:02 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
    [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2012/09/29 20:53:05 | 000,642,662 | ---- | M] () -- C:\Users\Home\Desktop\ICMJE-COIform (1).pdf
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Users\Home\Desktop\*.tmp files -> C:\Users\Home\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/28 00:40:26 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/10/28 00:23:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/28 00:23:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/28 00:23:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/28 00:23:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/28 00:23:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/27 09:12:18 | 000,336,734 | ---- | C] () -- C:\Users\Home\Desktop\aswmbr.jpg
    [2012/10/15 20:31:46 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
    [2012/10/15 20:31:46 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
    [2012/10/15 20:31:46 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
    [2012/10/15 20:30:29 | 000,000,228 | ---- | C] () -- C:\Users\Home\Desktop\Search the Web.url
    [2012/10/15 20:30:29 | 000,000,222 | ---- | C] () -- C:\Users\Home\Desktop\SweetPcFix.url
    [2012/10/02 14:20:40 | 731,613,479 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/10/02 14:11:05 | 000,001,130 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
    [2012/10/02 14:11:05 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
    [2012/10/01 15:25:40 | 004,302,836 | ---- | C] () -- C:\Users\Home\Desktop\DSC_6342.JPG
    [2012/09/29 20:53:05 | 000,642,662 | ---- | C] () -- C:\Users\Home\Desktop\ICMJE-COIform (1).pdf
    [2012/09/16 08:44:17 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
    [2012/09/07 12:07:15 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
    [2012/09/07 12:07:15 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
    [2012/08/29 16:53:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2012/08/29 07:08:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\BookService
    [2012/08/29 07:08:34 | 000,000,268 | RH-- | C] () -- C:\Users\Home\AppData\Roaming\Basics
    [2012/08/29 07:08:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
    [2012/08/29 07:04:30 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bass Amp
    [2012/08/29 07:04:30 | 000,000,268 | RH-- | C] () -- C:\Users\Home\AppData\Roaming\Basic Synth
    [2012/08/29 07:04:30 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2012/08/20 19:39:13 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
    [2012/08/20 19:39:13 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/08/20 19:39:09 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
    [2012/08/20 19:39:09 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
    [2012/08/19 14:03:35 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\PicaText.dll
    [2012/08/18 22:43:39 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
    [2012/08/18 22:34:25 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2011/12/08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/13 09:30:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/10/13 09:30:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/10/07 07:33:36 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\AVG2013
    [2012/08/22 07:44:30 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Garmin
    [2012/10/26 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ISI ResearchSoft
    [2012/08/29 21:41:32 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Nikon
    [2012/08/19 14:03:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PicABook
    [2012/10/06 22:52:34 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    < End of report >
  20. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    OTL Extras logfile created on: 28/10/2012 01:07:57 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

    7.89 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.05% Memory free
    15.79 Gb Paging File | 13.80 Gb Available in Paging File | 87.40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 348.10 Gb Free Space | 74.75% Space Free | Partition Type: NTFS
    Drive D: | 127.99 Gb Total Space | 8.82 Gb Free Space | 6.89% Space Free | Partition Type: NTFS
    Drive E: | 25.39 Gb Total Space | 12.22 Gb Free Space | 48.11% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive G: | 488.60 Mb Total Space | 71.87 Mb Free Space | 14.71% Space Free | Partition Type: FAT
    Drive I: | 3.74 Gb Total Space | 1.56 Gb Free Space | 41.63% Space Free | Partition Type: FAT32

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-309147355-1302797153-2281797774-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{031CDF8D-2609-4E73-9001-2D7C071CE498}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{4FF71D0C-48B6-420B-A8AA-55ACF7CDF7FB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5C84DB8B-6579-42D3-97D5-053C4967B845}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{76CEFBD7-D3A0-44A3-B5D8-BA02215BFD2A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8D4BE58E-D9AD-4C9F-AD45-9391755E32E9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{9D9ED3E9-DE96-4119-93F3-36512FB4CD37}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{9EE7CAD3-FEA6-4EA3-9B1E-9898AEE5C962}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{ACA9E0A1-84EF-4A8B-9AAD-228E4B403760}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{18D5FAA9-D2A2-4291-AFBC-B9476A813BC1}" = AVG 2013
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
    "{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2010
    "{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "AVG" = AVG 2013
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
    "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
    "{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{90140000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
    "{90140000-0015-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
    "{90140000-0016-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
    "{90140000-0018-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
    "{90140000-0019-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
    "{90140000-001A-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
    "{90140000-001B-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
    "{90140000-001F-0401-0000-0000000FF1CE}_Office14.PROPLUSR_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
    "{90140000-001F-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{16C5AEEC-D632-4FAA-BFDC-BBF36F473E09}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
    "{90140000-001F-0419-0000-0000000FF1CE}_Office14.PROPLUSR_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-040D-1000-0000000FF1CE}_Office14.PROPLUSR_{7B83617F-4668-43FE-93D4-F523A986118F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
    "{90140000-002C-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{6DE4A120-C7C5-4DED-AA3E-F32EE37012C5}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
    "{90140000-0044-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
    "{90140000-006E-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{C52DDB57-C2DE-4CBE-ABF8-EF39F9F396B2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
    "{90140000-00A1-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-040D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
    "{90140000-00BA-040D-0000-0000000FF1CE}_Office14.PROPLUSR_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = BIOS
    "{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}" = Reference Manager 11
    "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
    "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
    "{CB5F6422-502E-477C-B31D-25ECE8F829E6}" = Garmin ANT Agent
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
    "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "5513-1208-7298-9440" = JDownloader 0.9
    "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
    "blekkotb_031" = blekko search bar
    "DC53D144-F8E1-41E9-9EE5-A4752BB24CE5_is1" = Pic-A-Book Designer 4.01.05
    "Google Chrome" = Google Chrome
    "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
    "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
    "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
    "lupa_is1" = lupa 3.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Picasa 3" = Picasa 3

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 27/10/2012 02:12:59 | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 18177190

    Error - 27/10/2012 02:12:59 | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 18177190

    Error - 27/10/2012 02:38:14 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x8f4 Faulting application start time: 0x01cdb40c807cd48a Faulting application path:
    C:\Users\Home\Downloads\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: e1fd619a-2000-11e2-aece-902b3417cb61

    Error - 27/10/2012 02:42:18 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x95c Faulting application start time: 0x01cdb40df4b358e3 Faulting application path:
    C:\Users\Home\Downloads\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 72f30c3a-2001-11e2-aece-902b3417cb61

    Error - 27/10/2012 02:52:19 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x91c Faulting application start time: 0x01cdb40f592101fd Faulting application path:
    C:\Users\Home\Desktop\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: d9905064-2002-11e2-8053-902b3417cb61

    Error - 27/10/2012 02:55:59 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0xa4c Faulting application start time: 0x01cdb40fa8ba2f8c Faulting application path:
    C:\Users\Home\Desktop\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 5c534ec9-2003-11e2-8053-902b3417cb61

    Error - 27/10/2012 03:03:45 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x5f0 Faulting application start time: 0x01cdb410eeedce76 Faulting application path:
    C:\Users\Home\Desktop\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 72715900-2004-11e2-8906-a44e97a7ccea

    Error - 27/10/2012 03:09:51 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0xbc0 Faulting application start time: 0x01cdb411ca44d967 Faulting application path:
    C:\Users\Home\Desktop\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 4c733acb-2005-11e2-97b6-902b3417cb61

    Error - 27/10/2012 11:23:26 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: GUI.exe, version: 1.0.0.1, time stamp:
    0x4f0fc8d2 Faulting module name: HM.dll, version: 1.0.0.1, time stamp: 0x4f4ecd84
    Exception
    code: 0xc0000005 Fault offset: 0x000067d3 Faulting process id: 0x8ec Faulting application
    start time: 0x01cdb41190cc5848 Faulting application path: C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
    Faulting
    module path: C:\Program Files (x86)\GIGABYTE\ET6\HM.dll Report Id: 40b2146c-204a-11e2-97b6-902b3417cb61

    Error - 27/10/2012 18:17:03 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ANT Agent.exe, version: 2.3.3.0, time stamp:
    0x4f6cf3f8 Faulting module name: ANT Agent.exe, version: 2.3.3.0, time stamp: 0x4f6cf3f8
    Exception
    code: 0xc0000417 Fault offset: 0x0002a380 Faulting process id: 0xaa4 Faulting application
    start time: 0x01cdb490bd7112bd Faulting application path: C:\Program Files (x86)\Garmin\ANT
    Agent\ANT Agent.exe Faulting module path: C:\Program Files (x86)\Garmin\ANT Agent\ANT
    Agent.exe Report Id: 08718c45-2084-11e2-a1f1-902b3417cb61

    [ System Events ]
    Error - 27/10/2012 10:12:25 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 27/10/2012 10:12:25 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 27/10/2012 12:29:01 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 27/10/2012 12:29:01 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 27/10/2012 18:16:24 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 27/10/2012 18:17:04 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 27/10/2012 18:17:04 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 27/10/2012 18:26:32 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 27/10/2012 18:27:34 | Computer Name = Home-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 27/10/2012 18:27:54 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.



    < End of report >
  21. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    What should I do next?
  22. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll File not found
      O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll File not found
      O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
      O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      O15 - HKU\S-1-5-21-309147355-1302797153-2281797774-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
      O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
      [2012/10/27 07:59:27 | 000,000,000 | ---D | C] -- C:\FRST
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =====================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  23. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8769adce-dba5-48e9-afb5-67b12cdf2e61} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-309147355-1302797153-2281797774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\samsungsetup.com\www\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
    C:\FRST\Quarantine\{a0330169-c0e7-0c91-77ff-0fe27956ee83}\U folder moved successfully.
    C:\FRST\Quarantine\{a0330169-c0e7-0c91-77ff-0fe27956ee83}\L folder moved successfully.
    C:\FRST\Quarantine\{a0330169-c0e7-0c91-77ff-0fe27956ee83} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Home
    ->Temp folder emptied: 67833 bytes
    ->Temporary Internet Files folder emptied: 158875537 bytes
    ->Java cache emptied: 1147571 bytes
    ->Google Chrome cache emptied: 454959434 bytes

    User: moran
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 37733 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 346 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 587.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Home
    ->Java cache emptied: 0 bytes

    User: moran

    User: Public
  24. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    Results of screen317's Security Check version 0.99.53
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    JavaFX 2.1.1
    Java 7 Update 6
    Java version out of Date!
    Adobe Reader X (10.1.4)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  25. Levka

    Levka Newcomer, in training Topic Starter Posts: 23

    Farbar Service Scanner Version: 27-10-2012
    Ran by Home (administrator) on 28-10-2012 at 01:43:55
    Running from "C:\Users\Home\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.