Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Detects Adware.GamePlayLab but then crashes...


  • This topic is locked This topic is locked
20 replies to this topic

#1 Magic Dude

Magic Dude

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 10 October 2012 - 01:57 PM

Malwarebytes detects Adware.GamePlayLab but then crashes. I have aborted the scan before it crashes and tried to remove the infections, but it fails to remove it and will come up in new scans upon rebooting.

No GMER run as instructed (64-bit OS). Here is my dds.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Matt at 11:43:22 on 2012-10-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3944.1562 [GMT -7:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe
C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe
C:\Windows\jmesoft\Service.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Windows\jmesoft\JME_LOAD.exe
C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe
C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe
C:\Windows\V0350Mon.exe
C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\x64\..\FireTray.exe
C:\Windows\SysWOW64\SAiAdmin.exe
C:\Windows\SysWOW64\SAiDownloaderVista.exe
C:\Windows\SysWOW64\SAiLicSvr.exe
C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe
C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
uStart Page = hxxp://yahoo.com/
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uInternet Settings,ProxyOverride = *.local
BHO: JetMP3: {134da043-566e-4572-82e6-8978d0ed03d8} - C:\Users\Matt\AppData\Local\jetmp3\ie\jetmp3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [jmekey] C:\windows\jmesoft\hotkey.exe
mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun: [SafeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"
mRun: [SafeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [V0350Mon.exe] C:\windows\V0350Mon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] 0
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ORACLE~1.LNK - C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - hxxps://strtc.oracle.com/imtapp/res/jar/cnsload.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://myaccess.oraclevpn.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61
TCP: Interfaces\{A8CA2FFE-D291-46DD-9181-CBBBF5716867} : DhcpNameServer = 192.168.1.1 209.18.47.61
TCP: Interfaces\{CB3495AA-6FF6-42DC-B284-14AAB5D378A4} : DhcpNameServer = 66.174.92.14 69.78.96.14
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = sbnp scecli
BHO-X64: JetMP3: {134DA043-566E-4572-82E6-8978D0ED03D8} - C:\Users\Matt\AppData\Local\jetmp3\ie\jetmp3.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [jmekey] C:\windows\jmesoft\hotkey.exe
mRun-x64: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
mRun-x64: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
mRun-x64: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
mRun-x64: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun-x64: [SafeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"
mRun-x64: [SafeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [V0350Mon.exe] C:\windows\V0350Mon.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] 0
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tj2rtfuq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.http - fe80::1507:d591:d080:9681%13
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 21fd583a-c6e6-4601-b193-853a7ae82693
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 MfeEERM;MfeEERM;C:\Windows\System32\drivers\MfeEERM.sys [2010-12-17 226504]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 RapportKE64;RapportKE64;C:\windows\system32\Drivers\RapportKE64.sys --> C:\windows\system32\Drivers\RapportKE64.sys [?]
R0 SBAlg;SBAlg;C:\Windows\System32\drivers\SbAlg.sys [2011-10-10 60128]
R0 SBAlg00;SBAlg00;C:\Windows\System32\drivers\SbAlg00.sys [2009-6-4 18176]
R0 SBAlg01;SBAlg01;C:\Windows\System32\drivers\SbAlg01.sys [2009-6-4 18176]
R0 SBAlg11;SBAlg11;C:\Windows\System32\drivers\SbAlg11.sys [2009-6-4 36096]
R0 SBAlg12;SBAlg12;C:\Windows\System32\drivers\SbAlg12.sys [2009-6-4 60160]
R0 SbCe;SbCe;C:\Windows\System32\drivers\SbCe.sys [2010-12-17 698312]
R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2011-7-28 15688]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-9 397720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240]
R1 RsvLock;RsvLock;C:\Windows\System32\drivers\RsvLock.sys [2011-7-28 58184]
R1 SbFlop;SbFlop;C:\Windows\System32\drivers\SbFlop.sys [2011-7-28 23368]
R1 SbRegFlt;SbRegFlt;C:\Windows\System32\drivers\SbRegFlt.sys [2011-7-28 15688]
R2 Sentinel64;Sentinel64;C:\windows\system32\Drivers\Sentinel64.sys --> C:\windows\system32\Drivers\Sentinel64.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?]
R3 FirehkMP;FirehkMP;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]
R3 HIPK;McAfee Inc. HIPK;C:\windows\system32\drivers\HIPK.sys --> C:\windows\system32\drivers\HIPK.sys [?]
R3 HIPPSK;McAfee Inc. HIPPSK;C:\windows\system32\drivers\HIPPSK.sys --> C:\windows\system32\drivers\HIPPSK.sys [?]
R3 HIPQK;McAfee Inc. HIPQK;C:\windows\system32\drivers\HIPQK.sys --> C:\windows\system32\drivers\HIPQK.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
R3 SbCeCd;SbCeCd;C:\Windows\System32\drivers\SbCeCd.sys [2010-12-17 132808]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
R3 VF0350Vfx;VF0350 Video FX;C:\windows\system32\DRIVERS\V0350VFx.sys --> C:\windows\system32\DRIVERS\V0350VFx.sys [?]
R3 VF0350Vid;Live! Cam Video IM (VF0350);C:\windows\system32\DRIVERS\V0350Vid.sys --> C:\windows\system32\DRIVERS\V0350Vid.sys [?]
S3 Firehk;McAfee NDIS Intermediate Filter;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\windows\system32\drivers\mfesmfk.sys --> C:\windows\system32\drivers\mfesmfk.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\system32\DRIVERS\netaapl64.sys --> C:\windows\system32\DRIVERS\netaapl64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-10-10 18:38:35 40328 ----a-w- C:\windows\SysWow64\HIPIS0e011b5.dll
2012-10-10 18:38:34 47080 ----a-w- C:\windows\System32\HIPIS0e011b5.dll
2012-10-10 18:34:42 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2785D563-AB84-4396-BBF6-65DB1F2C760D}\offreg.dll
2012-10-08 20:41:13 226656 ------w- C:\Users\Matt\cnsload_1349728873207.tmp
2012-10-05 16:23:25 544240 ----a-w- C:\windows\System32\npdeployJava1.dll
2012-09-28 05:23:02 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-09-28 05:23:02 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-09-28 03:03:12 226656 ------w- C:\Users\Matt\cnsload_1348801392448.tmp
2012-09-28 03:03:11 226656 ------w- C:\Users\Matt\cnsload_1348801391060.tmp
2012-09-28 03:03:10 226656 ------w- C:\Users\Matt\cnsload_1348801390842.tmp
2012-09-27 21:36:54 226656 ------w- C:\Users\Matt\cnsload_1348781814750.tmp
2012-09-27 19:56:50 226656 ------w- C:\Users\Matt\cnsload_1348775810807.tmp
2012-09-25 22:06:01 226656 ------w- C:\Users\Matt\cnsload_1348610761297.tmp
2012-09-25 18:14:51 226656 ------w- C:\Users\Matt\cnsload_1348596891349.tmp
2012-09-15 16:02:50 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-09-15 16:01:38 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-15 16:01:38 -------- d-----w- C:\Program Files\iTunes
2012-09-15 16:01:38 -------- d-----w- C:\Program Files\iPod
2012-09-15 16:01:38 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-14 23:41:41 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-14 23:41:41 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-14 23:41:38 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-14 23:41:37 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-14 23:41:35 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-14 23:41:35 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-14 23:41:35 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-09-14 15:33:29 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-14 15:15:37 -------- d-s---w- C:\CFix
2012-09-14 15:08:26 98816 ----a-w- C:\windows\sed.exe
2012-09-14 15:08:26 518144 ----a-w- C:\windows\SWREG.exe
2012-09-14 15:08:26 256000 ----a-w- C:\windows\PEV.exe
2012-09-14 15:08:26 208896 ----a-w- C:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-10-05 16:23:14 525808 ----a-w- C:\windows\System32\deployJava1.dll
2012-10-04 07:36:24 143040 ----a-w- C:\windows\SysWow64\KevlarSigs.dll
2012-09-22 23:34:44 101688 ----a-w- C:\windows\System32\drivers\RapportKE64.sys
2012-09-08 00:04:46 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-08-30 15:32:03 404680 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 03:24:56 477168 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-08-29 03:24:53 473072 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-21 20:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-08-21 20:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 11:46:25.32 ===============

BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:52 AM

Posted 11 October 2012 - 07:26 PM

Hello Magic Dude :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

First, attach the ATTACH.txt that was generated after the DDS scan.

Next:
  • Please download and install CCleaner Slim
  • Open CCleaner and click the Options button
  • Now choose Advanced
  • Uncheck everything here except for Skip User Account Control warning
  • Now click the Cleaner button and press the Run Cleaner button at the bottom right of the program.
  • If this is your first time running this program, a prompt may appear asking for confirmation to delete temporary files. Go ahead and proceed.

__

Posted Image Please download RogueKiller to your desktop.
  • Now rename RogueKiller.exe to winlogon.exe
  • Double-click winlogon.exe to run. Right-click winlogon.exe and select "Run as administrator"
  • When it opens, press the Scan button
  • When the scan is finished, press the Delete button.
  • Post the contents of the latest numbered RKReport in your next message.

__

Posted Image Please download and run TDSSKiller
  • VERY IMPORTANT: In the event that threats are detected, allow TDSSKiller to perform the default action by simply pressing the Continue button.
  • Do NOT change the default action on your own unless instructed by a malware helper! Doing so may render your computer unbootable.
  • If threats were detected, TDSSKiller will require a reboot in order to attempt to clean the system.
  • After the scan is complete, you can find the TDSSKiller log at the root of your C: drive.
    • Example: C:\TDSSKiller.2.8.10.0_29.09.2012_00.22.50_log.txt
  • Post the contents of this log in your next message.

__

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Very important that you run the tool in this manner:
    Right-mouse click JRT.exe and select Run as administrator
    Do NOT double-click it as most of the tasks the tool aims to perform will fail.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.

__

Posted Image Please download OTL.

  • Save it to your desktop.
  • Right mouse click on the OTL icon on your desktop and select Run as Administrator
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the Posted Image text-field.
    activex
    netsvcs
    %windir%\system32\drivers\*.sys /lockedfiles
    
  • Now click the Posted Image button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Paste the contents of OTL.txt here for me to review but attach Extras.txt

Edited by thisisu, 11 October 2012 - 07:36 PM.


#3 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 12 October 2012 - 11:23 AM

Thanks thisisu for your help on this. I have followed your detailed instructions and here is the output.

1. Attach.txt is now attached Attached File  attach.txt   7.99KB   2 downloads
2. CCleaner successfully run
3. RougueKiller log is below:

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Remove -- Date : 10/12/2012 08:41:47

Bad processes : 0

Registry Entries : 6
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : V0350Mon.exe (C:\windows\V0350Mon.exe) -> DELETED
[TASK][SUSP PATH] {83BF9B7A-0990-4724-A542-3279F4D4BC17} : C:\windows\system32\pcalua.exe -a "C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOZ7COTV\jre-1.6.0_20-en.exe" -d C:\Users\Matt\Desktop -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] a8d3f014c475e12b4c1f17305fe245cf
[BSP] 4914a2c143f8a517a0e5837b90f7fb4e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 928093 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1900941312 | Size: 25675 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] e4af51ece3547b34898ef00be9bb4614
[BSP] abf76be27aa75bcff6d60d0bc84d7e4a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


4. TDSSKiller log:

08:43:10.0047 6672 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:43:10.0458 6672 ============================================================
08:43:10.0459 6672 Current date / time: 2012/10/12 08:43:10.0458
08:43:10.0459 6672 SystemInfo:
08:43:10.0459 6672
08:43:10.0459 6672 OS Version: 6.1.7601 ServicePack: 1.0
08:43:10.0459 6672 Product type: Workstation
08:43:10.0459 6672 ComputerName: LENOVO-PC
08:43:10.0459 6672 UserName: Matt
08:43:10.0459 6672 Windows directory: C:\windows
08:43:10.0459 6672 System windows directory: C:\windows
08:43:10.0459 6672 Running under WOW64
08:43:10.0459 6672 Processor architecture: Intel x64
08:43:10.0459 6672 Number of processors: 2
08:43:10.0459 6672 Page size: 0x1000
08:43:10.0459 6672 Boot type: Normal boot
08:43:10.0459 6672 ============================================================
08:43:11.0564 6672 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:43:15.0317 6672 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:43:15.0319 6672 ============================================================
08:43:15.0319 6672 \Device\Harddisk0\DR0:
08:43:15.0320 6672 MBR partitions:
08:43:15.0320 6672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:43:15.0320 6672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800
08:43:15.0320 6672 \Device\Harddisk1\DR1:
08:43:15.0320 6672 MBR partitions:
08:43:15.0320 6672 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
08:43:15.0320 6672 ============================================================
08:43:15.0337 6672 E: <-> \Device\Harddisk1\DR1\Partition1
08:43:15.0338 6672 ============================================================
08:43:15.0338 6672 Initialize success
08:43:15.0338 6672 ============================================================
08:43:38.0751 6392 ============================================================
08:43:38.0751 6392 Scan started
08:43:38.0751 6392 Mode: Manual;
08:43:38.0751 6392 ============================================================
08:43:38.0755 6392 ================ Scan system memory ========================
08:43:38.0755 6392 System memory - ok
08:43:38.0756 6392 ================ Scan services =============================
08:43:38.0776 6392 1394ohci - ok
08:43:38.0783 6392 ACPI - ok
08:43:38.0787 6392 AcpiPmi - ok
08:43:38.0803 6392 AdobeARMservice - ok
08:43:38.0807 6392 adp94xx - ok
08:43:38.0811 6392 adpahci - ok
08:43:38.0814 6392 adpu320 - ok
08:43:38.0821 6392 AeLookupSvc - ok
08:43:38.0829 6392 AFD - ok
08:43:38.0835 6392 agp440 - ok
08:43:38.0843 6392 ALG - ok
08:43:38.0862 6392 aliide - ok
08:43:38.0867 6392 amdide - ok
08:43:38.0874 6392 AmdK8 - ok
08:43:38.0879 6392 AmdPPM - ok
08:43:38.0885 6392 amdsata - ok
08:43:38.0891 6392 amdsbs - ok
08:43:38.0893 6392 amdxata - ok
08:43:38.0899 6392 AppID - ok
08:43:38.0903 6392 AppIDSvc - ok
08:43:38.0906 6392 Appinfo - ok
08:43:38.0913 6392 Apple Mobile Device - ok
08:43:38.0920 6392 arc - ok
08:43:38.0924 6392 arcsas - ok
08:43:38.0936 6392 AsyncMac - ok
08:43:38.0939 6392 atapi - ok
08:43:38.0942 6392 atikmdag - ok
08:43:38.0947 6392 AudioEndpointBuilder - ok
08:43:38.0952 6392 AudioSrv - ok
08:43:38.0956 6392 AxInstSV - ok
08:43:38.0960 6392 b06bdrv - ok
08:43:38.0964 6392 b57nd60a - ok
08:43:38.0972 6392 BDESVC - ok
08:43:38.0976 6392 Beep - ok
08:43:38.0980 6392 BFE - ok
08:43:38.0986 6392 BITS - ok
08:43:38.0988 6392 blbdrive - ok
08:43:38.0993 6392 Bonjour Service - ok
08:43:38.0997 6392 bowser - ok
08:43:39.0002 6392 BPntDrv - ok
08:43:39.0005 6392 BrFiltLo - ok
08:43:39.0009 6392 BrFiltUp - ok
08:43:39.0013 6392 BridgeMP - ok
08:43:39.0017 6392 Browser - ok
08:43:39.0021 6392 Brserid - ok
08:43:39.0025 6392 BrSerWdm - ok
08:43:39.0028 6392 BrUsbMdm - ok
08:43:39.0032 6392 BrUsbSer - ok
08:43:39.0036 6392 BTHMODEM - ok
08:43:39.0041 6392 bthserv - ok
08:43:39.0044 6392 cdfs - ok
08:43:39.0049 6392 cdrom - ok
08:43:39.0055 6392 CertPropSvc - ok
08:43:39.0058 6392 circlass - ok
08:43:39.0062 6392 CLFS - ok
08:43:39.0066 6392 clr_optimization_v2.0.50727_32 - ok
08:43:39.0070 6392 clr_optimization_v2.0.50727_64 - ok
08:43:39.0075 6392 CmBatt - ok
08:43:39.0077 6392 cmdide - ok
08:43:39.0081 6392 CNG - ok
08:43:39.0085 6392 Compbatt - ok
08:43:39.0089 6392 CompositeBus - ok
08:43:39.0092 6392 COMSysApp - ok
08:43:39.0100 6392 crcdisk - ok
08:43:39.0105 6392 CryptSvc - ok
08:43:39.0110 6392 DcomLaunch - ok
08:43:39.0114 6392 defragsvc - ok
08:43:39.0118 6392 DfsC - ok
08:43:39.0123 6392 Dhcp - ok
08:43:39.0126 6392 discache - ok
08:43:39.0130 6392 Disk - ok
08:43:39.0135 6392 Dnscache - ok
08:43:39.0139 6392 dot3svc - ok
08:43:39.0142 6392 Dot4 - ok
08:43:39.0146 6392 Dot4Print - ok
08:43:39.0150 6392 dot4usb - ok
08:43:39.0154 6392 DPS - ok
08:43:39.0158 6392 drmkaud - ok
08:43:39.0161 6392 DXGKrnl - ok
08:43:39.0166 6392 e1cexpress - ok
08:43:39.0170 6392 EapHost - ok
08:43:39.0174 6392 ebdrv - ok
08:43:39.0177 6392 EFS - ok
08:43:39.0183 6392 ehRecvr - ok
08:43:39.0187 6392 ehSched - ok
08:43:39.0190 6392 elxstor - ok
08:43:39.0194 6392 enterceptAgent - ok
08:43:39.0198 6392 ErrDev - ok
08:43:39.0206 6392 EventSystem - ok
08:43:39.0211 6392 exfat - ok
08:43:39.0213 6392 fastfat - ok
08:43:39.0219 6392 Fax - ok
08:43:39.0222 6392 fbfmon - ok
08:43:39.0226 6392 fdc - ok
08:43:39.0233 6392 fdPHost - ok
08:43:39.0236 6392 FDResPub - ok
08:43:39.0240 6392 FileInfo - ok
08:43:39.0244 6392 Filetrace - ok
08:43:39.0251 6392 Firehk - ok
08:43:39.0254 6392 FirehkMP - ok
08:43:39.0258 6392 firelm01 - ok
08:43:39.0262 6392 FirePM - ok
08:43:39.0268 6392 FireTDI - ok
08:43:39.0272 6392 flpydisk - ok
08:43:39.0276 6392 FltMgr - ok
08:43:39.0279 6392 FontCache - ok
08:43:39.0285 6392 FontCache3.0.0.0 - ok
08:43:39.0290 6392 FreeAgentGoNext Service - ok
08:43:39.0294 6392 FsDepends - ok
08:43:39.0299 6392 Fs_Rec - ok
08:43:39.0303 6392 fvevol - ok
08:43:39.0306 6392 gagp30kx - ok
08:43:39.0310 6392 GEARAspiWDM - ok
08:43:39.0314 6392 gpsvc - ok
08:43:39.0319 6392 gupdate - ok
08:43:39.0336 6392 gupdatem - ok
08:43:39.0340 6392 gusvc - ok
08:43:39.0344 6392 hcw85cir - ok
08:43:39.0349 6392 HdAudAddService - ok
08:43:39.0353 6392 HDAudBus - ok
08:43:39.0356 6392 HidBatt - ok
08:43:39.0360 6392 HidBth - ok
08:43:39.0364 6392 HidIr - ok
08:43:39.0369 6392 hidserv - ok
08:43:39.0385 6392 HidUsb - ok
08:43:39.0389 6392 HIPK - ok
08:43:39.0392 6392 HIPPSK - ok
08:43:39.0396 6392 HIPQK - ok
08:43:39.0401 6392 hips - ok
08:43:39.0405 6392 hkmsvc - ok
08:43:39.0409 6392 HomeGroupListener - ok
08:43:39.0413 6392 HomeGroupProvider - ok
08:43:39.0418 6392 HpSAMD - ok
08:43:39.0424 6392 HPSLPSVC - ok
08:43:39.0429 6392 HTTP - ok
08:43:39.0435 6392 hwpolicy - ok
08:43:39.0439 6392 i8042prt - ok
08:43:39.0446 6392 iaStorV - ok
08:43:39.0451 6392 idsvc - ok
08:43:39.0456 6392 igfx - ok
08:43:39.0459 6392 iirsp - ok
08:43:39.0463 6392 IKEEXT - ok
08:43:39.0473 6392 IntcAzAudAddService - ok
08:43:39.0476 6392 IntcDAud - ok
08:43:39.0480 6392 intelide - ok
08:43:39.0485 6392 intelppm - ok
08:43:39.0489 6392 IPBusEnum - ok
08:43:39.0493 6392 IpFilterDriver - ok
08:43:39.0497 6392 iphlpsvc - ok
08:43:39.0502 6392 IPMIDRV - ok
08:43:39.0505 6392 IPNAT - ok
08:43:39.0510 6392 iPod Service - ok
08:43:39.0514 6392 IRENUM - ok
08:43:39.0519 6392 isapnp - ok
08:43:39.0523 6392 iScsiPrt - ok
08:43:39.0527 6392 JME Keyboard - ok
08:43:39.0533 6392 kbdclass - ok
08:43:39.0537 6392 kbdhid - ok
08:43:39.0540 6392 KeyIso - ok
08:43:39.0544 6392 KSecDD - ok
08:43:39.0549 6392 KSecPkg - ok
08:43:39.0554 6392 ksthunk - ok
08:43:39.0558 6392 KtmRm - ok
08:43:39.0562 6392 LanmanServer - ok
08:43:39.0568 6392 LanmanWorkstation - ok
08:43:39.0575 6392 lltdio - ok
08:43:39.0579 6392 lltdsvc - ok
08:43:39.0584 6392 lmhosts - ok
08:43:39.0589 6392 LMS - ok
08:43:39.0595 6392 LSI_FC - ok
08:43:39.0601 6392 LSI_SAS - ok
08:43:39.0606 6392 LSI_SAS2 - ok
08:43:39.0612 6392 LSI_SCSI - ok
08:43:39.0618 6392 luafv - ok
08:43:39.0622 6392 McAfeeEngineService - ok
08:43:39.0627 6392 McAfeeFramework - ok
08:43:39.0632 6392 McComponentHostService - ok
08:43:39.0636 6392 McShield - ok
08:43:39.0640 6392 McTaskManager - ok
08:43:39.0645 6392 Mcx2Svc - ok
08:43:39.0649 6392 megasas - ok
08:43:39.0654 6392 MegaSR - ok
08:43:39.0658 6392 MEIx64 - ok
08:43:39.0666 6392 mfeapfk - ok
08:43:39.0670 6392 mfeavfk - ok
08:43:39.0674 6392 MfeEERM - ok
08:43:39.0679 6392 mfehidk - ok
08:43:39.0686 6392 mferkdet - ok
08:43:39.0691 6392 mfesmfk - ok
08:43:39.0696 6392 mfetdik - ok
08:43:39.0701 6392 mfevtp - ok
08:43:39.0706 6392 MMCSS - ok
08:43:39.0710 6392 Modem - ok
08:43:39.0716 6392 monitor - ok
08:43:39.0720 6392 mouclass - ok
08:43:39.0724 6392 mouhid - ok
08:43:39.0730 6392 mountmgr - ok
08:43:39.0737 6392 MozillaMaintenance - ok
08:43:39.0741 6392 mpio - ok
08:43:39.0745 6392 mpsdrv - ok
08:43:39.0752 6392 MpsSvc - ok
08:43:39.0756 6392 MRxDAV - ok
08:43:39.0760 6392 mrxsmb - ok
08:43:39.0764 6392 mrxsmb10 - ok
08:43:39.0769 6392 mrxsmb20 - ok
08:43:39.0773 6392 msahci - ok
08:43:39.0777 6392 msdsm - ok
08:43:39.0782 6392 MSDTC - ok
08:43:39.0788 6392 Msfs - ok
08:43:39.0792 6392 mshidkmdf - ok
08:43:39.0797 6392 msisadrv - ok
08:43:39.0802 6392 MSiSCSI - ok
08:43:39.0806 6392 msiserver - ok
08:43:39.0811 6392 MSKSSRV - ok
08:43:39.0816 6392 MSPCLOCK - ok
08:43:39.0821 6392 MSPQM - ok
08:43:39.0825 6392 MsRPC - ok
08:43:39.0833 6392 mssmbios - ok
08:43:39.0838 6392 MSTEE - ok
08:43:39.0842 6392 MTConfig - ok
08:43:39.0847 6392 Mup - ok
08:43:39.0852 6392 MyDesktopWindows - ok
08:43:39.0857 6392 napagent - ok
08:43:39.0862 6392 NativeWifiP - ok
08:43:39.0876 6392 NDIS - ok
08:43:39.0880 6392 NdisCap - ok
08:43:39.0885 6392 NdisTapi - ok
08:43:39.0890 6392 Ndisuio - ok
08:43:39.0894 6392 NdisWan - ok
08:43:39.0899 6392 NDProxy - ok
08:43:39.0905 6392 Net Driver HPZ12 - ok
08:43:39.0909 6392 Netaapl - ok
08:43:39.0914 6392 NetBIOS - ok
08:43:39.0919 6392 NetBT - ok
08:43:39.0923 6392 Netlogon - ok
08:43:39.0928 6392 Netman - ok
08:43:39.0933 6392 netprofm - ok
08:43:39.0938 6392 NetTcpPortSharing - ok
08:43:39.0944 6392 nfrd960 - ok
08:43:39.0949 6392 NlaSvc - ok
08:43:39.0953 6392 Npfs - ok
08:43:39.0957 6392 nsi - ok
08:43:39.0962 6392 nsiproxy - ok
08:43:39.0970 6392 Ntfs - ok
08:43:39.0974 6392 Null - ok
08:43:39.0979 6392 nvraid - ok
08:43:39.0985 6392 nvstor - ok
08:43:39.0989 6392 nv_agp - ok
08:43:39.0994 6392 odserv - ok
08:43:39.0999 6392 ohci1394 - ok
08:43:40.0021 6392 ose - ok
08:43:40.0029 6392 p2pimsvc - ok
08:43:40.0035 6392 p2psvc - ok
08:43:40.0039 6392 Parport - ok
08:43:40.0044 6392 partmgr - ok
08:43:40.0050 6392 PcaSvc - ok
08:43:40.0055 6392 pci - ok
08:43:40.0059 6392 pciide - ok
08:43:40.0064 6392 pcmcia - ok
08:43:40.0070 6392 pcouffin - ok
08:43:40.0074 6392 pcw - ok
08:43:40.0079 6392 PEAUTH - ok
08:43:40.0088 6392 PerfHost - ok
08:43:40.0101 6392 pla - ok
08:43:40.0110 6392 PlugPlay - ok
08:43:40.0116 6392 Pml Driver HPZ12 - ok
08:43:40.0121 6392 PNRPAutoReg - ok
08:43:40.0125 6392 PNRPsvc - ok
08:43:40.0130 6392 PolicyAgent - ok
08:43:40.0138 6392 Power - ok
08:43:40.0143 6392 PptpMiniport - ok
08:43:40.0149 6392 Processor - ok
08:43:40.0154 6392 ProfSvc - ok
08:43:40.0159 6392 ProtectedStorage - ok
08:43:40.0163 6392 Psched - ok
08:43:40.0169 6392 ql2300 - ok
08:43:40.0173 6392 ql40xx - ok
08:43:40.0178 6392 QOSMyDesktop - ok
08:43:40.0184 6392 QWAVE - ok
08:43:40.0189 6392 QWAVEdrv - ok
08:43:40.0203 6392 RapportCerberus_42020 - ok
08:43:40.0207 6392 RapportEI64 - ok
08:43:40.0212 6392 RapportKE64 - ok
08:43:40.0219 6392 RapportMgmtService - ok
08:43:40.0224 6392 RapportPG64 - ok
08:43:40.0229 6392 RasAcd - ok
08:43:40.0236 6392 RasAgileVpn - ok
08:43:40.0240 6392 RasAuto - ok
08:43:40.0246 6392 Rasl2tp - ok
08:43:40.0252 6392 RasMan - ok
08:43:40.0257 6392 RasPppoe - ok
08:43:40.0262 6392 RasSstp - ok
08:43:40.0269 6392 rdbss - ok
08:43:40.0274 6392 rdpbus - ok
08:43:40.0279 6392 RDPCDD - ok
08:43:40.0289 6392 RDPENCDD - ok
08:43:40.0297 6392 RDPREFMP - ok
08:43:40.0302 6392 RDPWD - ok
08:43:40.0307 6392 rdyboost - ok
08:43:40.0313 6392 RealNetworks Downloader Resolver Service - ok
08:43:40.0319 6392 RemoteAccess - ok
08:43:40.0324 6392 RemoteRegistry - ok
08:43:40.0329 6392 RpcEptMapper - ok
08:43:40.0335 6392 RpcLocator - ok
08:43:40.0341 6392 RpcSs - ok
08:43:40.0345 6392 rspndr - ok
08:43:40.0352 6392 RSUSBSTOR - ok
08:43:40.0359 6392 RsvLock - ok
08:43:40.0366 6392 SafeBoot - ok
08:43:40.0373 6392 SafeBootClientManager - ok
08:43:40.0382 6392 SAiAdmin - ok
08:43:40.0388 6392 SAiDownloaderVista - ok
08:43:40.0394 6392 SAiLicSvr - ok
08:43:40.0399 6392 SamSs - ok
08:43:40.0404 6392 SBAlg - ok
08:43:40.0410 6392 SBAlg00 - ok
08:43:40.0416 6392 SBAlg01 - ok
08:43:40.0420 6392 SBAlg11 - ok
08:43:40.0426 6392 SBAlg12 - ok
08:43:40.0432 6392 SbCe - ok
08:43:40.0437 6392 SbCeCd - ok
08:43:40.0442 6392 SbCeCoreService - ok
08:43:40.0447 6392 SbFlop - ok
08:43:40.0453 6392 SbFsLock - ok
08:43:40.0458 6392 sbp2port - ok
08:43:40.0463 6392 SbRegFlt - ok
08:43:40.0469 6392 SCardSvr - ok
08:43:40.0474 6392 scfilter - ok
08:43:40.0479 6392 Schedule - ok
08:43:40.0486 6392 SCPolicySvc - ok
08:43:40.0491 6392 SDRSVC - ok
08:43:40.0496 6392 secdrv - ok
08:43:40.0503 6392 seclogon - ok
08:43:40.0509 6392 SENS - ok
08:43:40.0514 6392 SensrSvc - ok
08:43:40.0520 6392 Sentinel64 - ok
08:43:40.0527 6392 SentinelKeysServer - ok
08:43:40.0532 6392 SentinelProtectionServer - ok
08:43:40.0538 6392 Serenum - ok
08:43:40.0544 6392 Serial - ok
08:43:40.0549 6392 sermouse - ok
08:43:40.0565 6392 SessionEnv - ok
08:43:40.0570 6392 sffdisk - ok
08:43:40.0575 6392 sffp_mmc - ok
08:43:40.0580 6392 sffp_sd - ok
08:43:40.0586 6392 sfloppy - ok
08:43:40.0591 6392 SharedAccess - ok
08:43:40.0596 6392 ShellHWDetection - ok
08:43:40.0602 6392 SiSRaid2 - ok
08:43:40.0608 6392 SiSRaid4 - ok
08:43:40.0616 6392 Skype C2C Service - ok
08:43:40.0622 6392 SkypeUpdate - ok
08:43:40.0627 6392 Smb - ok
08:43:40.0639 6392 SNMPTRAP - ok
08:43:40.0645 6392 spldr - ok
08:43:40.0650 6392 Spooler - ok
08:43:40.0656 6392 sppsvc - ok
08:43:40.0662 6392 sppuinotify - ok
08:43:40.0669 6392 sptd - ok
08:43:40.0675 6392 srv - ok
08:43:40.0680 6392 srv2 - ok
08:43:40.0686 6392 srvnet - ok
08:43:40.0692 6392 SSDPSRV - ok
08:43:40.0699 6392 SstpSvc - ok
08:43:40.0703 6392 stexstor - ok
08:43:40.0709 6392 stisvc - ok
08:43:40.0715 6392 swenum - ok
08:43:40.0720 6392 swprv - ok
08:43:40.0726 6392 SysMain - ok
08:43:40.0732 6392 TabletInputService - ok
08:43:40.0738 6392 TapiSrv - ok
08:43:40.0744 6392 TBS - ok
08:43:40.0750 6392 Tcpip - ok
08:43:40.0757 6392 TCPIP6 - ok
08:43:40.0765 6392 tcpipreg - ok
08:43:40.0775 6392 TDPIPE - ok
08:43:40.0780 6392 TDTCP - ok
08:43:40.0787 6392 tdx - ok
08:43:40.0792 6392 TermDD - ok
08:43:40.0799 6392 TermService - ok
08:43:40.0804 6392 Themes - ok
08:43:40.0810 6392 THREADORDER - ok
08:43:40.0816 6392 TrkWks - ok
08:43:40.0822 6392 TrustedInstaller - ok
08:43:40.0832 6392 tssecsrv - ok
08:43:40.0838 6392 TsUsbFlt - ok
08:43:40.0843 6392 TsUsbGD - ok
08:43:40.0850 6392 tunnel - ok
08:43:40.0856 6392 uagp35 - ok
08:43:40.0862 6392 udfs - ok
08:43:40.0876 6392 UI0Detect - ok
08:43:40.0882 6392 uliagpkx - ok
08:43:40.0888 6392 umbus - ok
08:43:40.0894 6392 UmPass - ok
08:43:40.0900 6392 UNS - ok
08:43:40.0906 6392 upnphost - ok
08:43:40.0912 6392 USBAAPL64 - ok
08:43:40.0919 6392 usbaudio - ok
08:43:40.0925 6392 usbccgp - ok
08:43:40.0932 6392 usbcir - ok
08:43:40.0937 6392 usbehci - ok
08:43:40.0944 6392 usbhub - ok
08:43:40.0949 6392 usbohci - ok
08:43:40.0955 6392 usbprint - ok
08:43:40.0961 6392 usbscan - ok
08:43:40.0968 6392 USBSTOR - ok
08:43:40.0973 6392 usbuhci - ok
08:43:40.0979 6392 UxSms - ok
08:43:40.0986 6392 VaultSvc - ok
08:43:40.0992 6392 vdrvroot - ok
08:43:40.0999 6392 vds - ok
08:43:41.0005 6392 VF0350Vfx - ok
08:43:41.0011 6392 VF0350Vid - ok
08:43:41.0018 6392 vga - ok
08:43:41.0024 6392 VgaSave - ok
08:43:41.0029 6392 vhdmp - ok
08:43:41.0036 6392 viaide - ok
08:43:41.0041 6392 volmgr - ok
08:43:41.0047 6392 volmgrx - ok
08:43:41.0053 6392 volsnap - ok
08:43:41.0060 6392 vpnagent - ok
08:43:41.0066 6392 vpnva - ok
08:43:41.0072 6392 vsmraid - ok
08:43:41.0078 6392 VSS - ok
08:43:41.0085 6392 vwifibus - ok
08:43:41.0091 6392 W32Time - ok
08:43:41.0103 6392 WacomPen - ok
08:43:41.0109 6392 WANARP - ok
08:43:41.0116 6392 Wanarpv6 - ok
08:43:41.0123 6392 wbengine - ok
08:43:41.0129 6392 WbioSrvc - ok
08:43:41.0136 6392 wcncsvc - ok
08:43:41.0142 6392 WcsPlugInService - ok
08:43:41.0148 6392 Wd - ok
08:43:41.0155 6392 WDC_SAM - ok
08:43:41.0161 6392 WDDMService - ok
08:43:41.0169 6392 Wdf01000 - ok
08:43:41.0174 6392 WdiServiceHost - ok
08:43:41.0180 6392 WdiSystemHost - ok
08:43:41.0187 6392 WDSmartWareBackgroundService - ok
08:43:41.0195 6392 WebClient - ok
08:43:41.0203 6392 Wecsvc - ok
08:43:41.0209 6392 wercplsupport - ok
08:43:41.0216 6392 WerSvc - ok
08:43:41.0222 6392 WfpLwf - ok
08:43:41.0228 6392 WIMMount - ok
08:43:41.0236 6392 WinDefend - ok
08:43:41.0245 6392 WinHttpAutoProxySvc - ok
08:43:41.0253 6392 WinI2C-DDC - ok
08:43:41.0259 6392 Winmgmt - ok
08:43:41.0266 6392 WinRM - ok
08:43:41.0282 6392 WinUsb - ok
08:43:41.0289 6392 Wlansvc - ok
08:43:41.0295 6392 wlcrasvc - ok
08:43:41.0303 6392 wlidsvc - ok
08:43:41.0310 6392 WmiAcpi - ok
08:43:41.0320 6392 wmiApSrv - ok
08:43:41.0325 6392 WMPNetworkSvc - ok
08:43:41.0334 6392 WPCSvc - ok
08:43:41.0340 6392 WPDBusEnum - ok
08:43:41.0346 6392 ws2ifsl - ok
08:43:41.0353 6392 wscsvc - ok
08:43:41.0359 6392 WSearch - ok
08:43:41.0374 6392 wsvd - ok
08:43:41.0379 6392 wuauserv - ok
08:43:41.0386 6392 WudfPf - ok
08:43:41.0393 6392 WUDFRd - ok
08:43:41.0399 6392 wudfsvc - ok
08:43:41.0406 6392 WwanSvc - ok
08:43:41.0417 6392 yukonw7 - ok
08:43:41.0436 6392 ================ Scan global ===============================
08:43:41.0438 6392 [Global] - ok
08:43:41.0439 6392 ================ Scan MBR ==================================
08:43:41.0447 6392 [ 7DE5D32A99893D2A80290F2D58E8119E ] \Device\Harddisk0\DR0
08:43:41.0958 6392 \Device\Harddisk0\DR0 - ok
08:43:41.0961 6392 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
08:43:41.0966 6392 \Device\Harddisk1\DR1 - ok
08:43:41.0966 6392 ================ Scan VBR ==================================
08:43:41.0968 6392 [ D3214C181A64F0C5A655C83E61DDB251 ] \Device\Harddisk0\DR0\Partition1
08:43:41.0969 6392 \Device\Harddisk0\DR0\Partition1 - ok
08:43:41.0986 6392 [ D4DB5A4449E27F2AEDC3C6C725C79A93 ] \Device\Harddisk0\DR0\Partition2
08:43:41.0987 6392 \Device\Harddisk0\DR0\Partition2 - ok
08:43:41.0990 6392 [ 1F7D81EDE9019FF8AD598C40119196CA ] \Device\Harddisk1\DR1\Partition1
08:43:41.0992 6392 \Device\Harddisk1\DR1\Partition1 - ok
08:43:41.0992 6392 ============================================================
08:43:41.0992 6392 Scan finished
08:43:41.0992 6392 ============================================================
08:43:42.0001 2356 Detected object count: 0
08:43:42.0001 2356 Actual detected object count: 0
08:43:53.0309 0708 Deinitialize success

5. Junkware Removal Log:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.4.9 (10.12.2012)
OS: Windows 7 Home Premium x64
Ran by Matt on Fri 10/12/2012 at 8:44:47.34
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{134da043-566e-4572-82e6-8978d0ed03d8}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{134da043-566e-4572-82e6-8978d0ed03d8}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{134da043-566e-4572-82e6-8978d0ed03d8}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{134da043-566e-4572-82e6-8978d0ed03d8}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}
Successfully deleted: [KEY] hkey_classes_root\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
Successfully deleted: [KEY] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}



*** Files:

Successfully deleted: [FILE] C:\Users\Matt\appdata\local\jetmp3\jtlicense.txt
Successfully deleted: [FILE] C:\Users\Matt\appdata\local\jetmp3\sqlite3.exe
Successfully deleted: [FILE] C:\Users\Matt\appdata\local\jetmp3\uninst.exe
Successfully deleted: [FILE] C:\Users\Matt\appdata\local\jetmp3\ie\jetmp3.dll
Successfully deleted: [FILE] C:\Program Files (x86)\yontoo\YontooIEClient.dll



*** Folders:

Successfully deleted: [FOLDER] "C:\ProgramData\blekko toolbars"
Successfully deleted: [FOLDER] "C:\Users\Matt\appdata\local\jetmp3"
Successfully deleted: [FOLDER] "C:\Program Files (x86)\yontoo"



*** FireFox detected and repaired

Successfully deleted: [user.js] from C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tj2rtfuq.default
Successfully deleted: [plugin@yontoo.com] from C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tj2rtfuq.default\extensions
Successfully deleted: [search.xml] from "C:\Program Files (x86)\mozilla firefox\searchplugins"
Removed the following from [PREFS.JS] :

user_pref("browser.search.defaultenginename", "Blekko");
user_pref("browser.search.order.1", "Blekko");
user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
user_pref("extentions.y2layers.installId", "21fd583a-c6e6-4601-b193-853a7ae82693");


*** Event Viewer Logs - Cleared

6. OLT Log below and Extras attached:

OTL logfile created on: 10/12/2012 9:02:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.85 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 48.19% Memory free
7.70 Gb Paging File | 5.41 Gb Available in Paging File | 70.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 781.56 Gb Free Space | 86.23% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 175.71 Gb Free Space | 37.73% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/12 09:00:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2012/09/22 16:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/09/08 13:10:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/06 09:22:56 | 000,049,321 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2012/06/19 12:12:28 | 000,645,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2012/04/06 13:35:09 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/02 18:24:04 | 000,031,408 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/07/28 06:30:00 | 000,172,092 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
PRC - [2011/07/28 06:29:07 | 000,385,084 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe
PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/05/19 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/05/19 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2011/03/21 14:12:54 | 000,020,480 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe
PRC - [2011/03/21 14:06:46 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe
PRC - [2011/03/15 20:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe
PRC - [2011/01/12 18:55:32 | 003,514,368 | ---- | M] (Helios Software Solutions) -- C:\Program Files (x86)\TextPad 5\TextPad.exe
PRC - [2010/12/23 12:56:54 | 000,831,488 | ---- | M] () -- C:\Program Files (x86)\Ditto\Ditto.exe
PRC - [2010/12/17 09:54:06 | 000,150,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe
PRC - [2010/11/25 12:31:24 | 011,322,880 | ---- | M] (Oracle) -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe
PRC - [2010/11/25 12:31:24 | 011,314,688 | ---- | M] (Oracle) -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin
PRC - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010/10/08 09:49:40 | 000,285,696 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
PRC - [2010/10/05 06:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 06:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/09 11:19:08 | 000,265,216 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
PRC - [2010/06/15 11:50:54 | 000,979,104 | ---- | M] () -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\x64\..\FireTray.exe
PRC - [2010/06/15 11:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/04 16:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/08/19 06:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 15:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/08/13 05:39:08 | 003,297,280 | ---- | M] (EPIM Ltd) -- C:\Program Files (x86)\EssentialPIM Pro\EssentialPIM.exe
PRC - [2008/03/18 17:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/12/19 13:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\Windows\SysWOW64\SAiLicSvr.exe
PRC - [2007/09/11 12:23:40 | 000,077,824 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysWOW64\SAiDownloaderVista.exe
PRC - [2007/08/27 15:01:48 | 000,065,536 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysWOW64\SAiAdmin.exe
PRC - [2007/04/27 08:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/27 02:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/08 13:10:38 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/08/09 10:10:40 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2012/08/09 10:10:40 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2012/08/09 10:10:40 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2012/08/09 10:10:40 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2012/08/09 10:10:39 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2012/08/09 10:10:39 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2012/08/09 10:10:39 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2012/08/09 10:10:39 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2012/08/09 10:10:39 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2012/07/06 09:22:56 | 000,284,936 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2012/07/06 09:22:56 | 000,190,403 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2012/07/06 09:22:56 | 000,178,081 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2012/07/06 09:22:56 | 000,145,897 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2012/07/06 09:22:56 | 000,117,957 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2012/07/06 09:22:56 | 000,093,436 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2012/07/06 09:22:56 | 000,087,621 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2012/07/06 09:22:56 | 000,087,595 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2012/07/06 09:22:56 | 000,075,639 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2012/07/06 09:22:56 | 000,071,089 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2012/07/06 09:22:56 | 000,063,326 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2012/07/06 09:22:56 | 000,044,389 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2012/07/06 09:22:56 | 000,040,118 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2012/07/06 09:22:56 | 000,036,197 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2012/07/06 09:22:56 | 000,030,942 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2012/07/06 09:22:56 | 000,024,616 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2012/07/06 09:22:56 | 000,024,235 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2012/07/06 09:22:56 | 000,024,031 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2012/07/06 09:22:56 | 000,023,542 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2012/07/06 09:22:56 | 000,023,498 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2012/07/06 09:22:56 | 000,022,976 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2012/07/06 09:22:56 | 000,020,495 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2012/07/06 09:22:56 | 000,019,699 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2012/07/06 09:22:56 | 000,018,592 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2012/07/06 09:22:56 | 000,018,119 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2012/07/06 09:22:56 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2012/07/06 09:22:56 | 000,015,592 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2012/07/06 09:22:56 | 000,015,546 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2012/07/06 09:22:56 | 000,015,260 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2012/07/06 09:22:56 | 000,014,710 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2012/07/06 09:22:56 | 000,014,681 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2012/07/06 09:22:56 | 000,012,822 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2012/07/06 09:22:56 | 000,012,818 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2012/07/06 09:22:56 | 000,012,794 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2012/07/06 09:22:56 | 000,011,804 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2012/07/06 09:22:56 | 000,011,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2012/07/06 09:22:56 | 000,011,356 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2012/07/06 09:22:56 | 000,010,873 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2012/07/06 09:22:56 | 000,010,753 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2012/07/06 09:22:56 | 000,010,716 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2012/07/06 09:22:56 | 000,010,667 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2012/07/06 09:22:56 | 000,009,946 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2012/07/06 09:22:56 | 000,009,767 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2012/07/06 09:22:56 | 000,009,052 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2012/07/06 09:22:56 | 000,008,664 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2012/07/06 09:22:56 | 000,007,803 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2012/07/06 09:22:54 | 000,323,801 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2012/07/06 09:22:54 | 000,248,914 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2012/07/06 09:22:46 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2012/07/06 09:22:46 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2012/07/06 09:21:56 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2012/07/06 09:21:50 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2012/07/06 09:21:50 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
MOD - [2012/07/06 09:21:50 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2012/07/06 09:21:44 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2012/06/18 07:15:39 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/17 23:12:18 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/17 23:12:04 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/17 23:11:58 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/17 23:11:50 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/30 07:03:39 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/12 12:22:03 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 11:52:55 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 11:52:40 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 11:51:57 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 11:51:52 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 11:51:49 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 11:51:48 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 11:51:40 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/11/03 20:00:31 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\libxml2.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/23 12:56:54 | 000,831,488 | ---- | M] () -- C:\Program Files (x86)\Ditto\Ditto.exe
MOD - [2010/12/23 12:55:44 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Ditto\focus.dll
MOD - [2010/12/23 12:55:30 | 000,511,383 | ---- | M] () -- C:\Program Files (x86)\Ditto\sqlite3.dll
MOD - [2010/12/23 12:55:26 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Ditto\zlib1.dll
MOD - [2010/09/20 18:55:52 | 000,182,272 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll
MOD - [2010/09/20 10:08:10 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
MOD - [2010/09/09 11:19:30 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll
MOD - [2010/09/09 11:18:58 | 000,211,456 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll
MOD - [2010/06/15 11:50:54 | 000,979,104 | ---- | M] () -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\x64\..\FireTray.exe
MOD - [2009/12/04 17:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 16:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/19 06:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe
MOD - [2008/03/18 17:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll
MOD - [2008/03/18 17:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll
MOD - [2008/01/08 15:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll
MOD - [2007/12/31 10:27:42 | 000,007,168 | ---- | M] () -- C:\Windows\jmesoft\VistaVolume.dll
MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/03 14:32:46 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/11/13 11:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/09/08 13:10:38 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 12:12:28 | 000,645,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/02 18:24:04 | 000,031,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/10/28 14:46:24 | 001,038,848 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2011/07/28 06:29:07 | 000,385,084 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/03/15 20:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)
SRV - [2010/12/17 09:53:56 | 000,203,080 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe -- (SbCeCoreService)
SRV - [2010/10/22 20:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/10/22 20:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2010/10/05 06:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 06:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/06/15 11:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2010/01/26 17:45:24 | 000,039,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe -- (hips)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/13 12:18:12 | 000,470,016 | ---- | M] (Oracle) [Auto | Stopped] -- C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2009/09/08 12:51:24 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/12/19 13:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\Windows\SysWOW64\SAiLicSvr.exe -- (SAiLicSvr)
SRV - [2007/09/11 12:23:40 | 000,077,824 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Windows\SysWOW64\SAiDownloaderVista.exe -- (SAiDownloaderVista)
SRV - [2007/08/27 15:01:48 | 000,065,536 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Windows\SysWOW64\SAiAdmin.exe -- (SAiAdmin)
SRV - [2007/04/27 08:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/27 02:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)


========== Driver Services (All) ==========

DRV:64bit: - [2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/08/22 11:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2012/08/22 11:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2012/08/22 11:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/20 12:16:36 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2012/06/19 11:59:13 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/06/01 22:50:10 | 000,458,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2012/06/01 22:48:16 | 000,151,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2012/06/01 22:48:16 | 000,095,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2012/04/27 20:55:21 | 000,210,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\rdpwd.sys -- (RDPWD)
DRV:64bit: - [2012/03/17 00:58:57 | 000,075,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 17:42:57 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/02/16 21:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)
DRV:64bit: - [2011/10/10 09:40:56 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\sbalg.sys -- (SBAlg)
DRV:64bit: - [2011/08/18 07:56:37 | 001,659,776 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\windows\SysNative\drivers\ntfs.sys -- (Ntfs)
DRV:64bit: - [2011/08/18 07:56:37 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2011/08/18 07:56:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2011/08/18 07:56:37 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2011/08/18 07:56:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/18 07:56:37 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2011/08/18 07:56:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/18 07:30:16 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/08/18 07:30:16 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/08/02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/07/28 06:28:08 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\sbregflt.sys -- (SbRegFlt)
DRV:64bit: - [2011/07/28 06:27:42 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\sbfslock.sys -- (SbFsLock)
DRV:64bit: - [2011/07/28 06:27:37 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\rsvlock.sys -- (RsvLock)
DRV:64bit: - [2011/07/28 06:27:28 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\sbflop.sys -- (SbFlop)
DRV:64bit: - [2011/07/28 06:27:13 | 000,062,792 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\safeboot.sys -- (SafeBoot)
DRV:64bit: - [2011/07/08 19:46:28 | 000,288,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2011/04/28 20:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)
DRV:64bit: - [2011/04/28 20:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2011/04/28 20:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2011/04/26 19:40:40 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2011/04/26 19:39:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2011/03/24 20:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2011/03/24 20:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2011/03/24 20:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2011/03/24 20:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2011/03/24 20:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2011/02/22 21:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2010/12/17 09:54:08 | 000,226,504 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\mfeeerm.sys -- (MfeEERM)
DRV:64bit: - [2010/12/17 09:54:07 | 000,698,312 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\sbce.sys -- (SbCe)
DRV:64bit: - [2010/12/17 09:54:07 | 000,132,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\sbcecd.sys -- (SbCeCd)
DRV:64bit: - [2010/11/20 20:24:39 | 000,223,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2010/11/20 20:24:36 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2010/11/20 20:24:33 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2010/11/20 20:24:33 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp)
DRV:64bit: - [2010/11/20 20:24:33 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:24:32 | 000,982,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2010/11/20 20:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2010/11/20 20:24:32 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2010/11/20 20:24:27 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2010/11/20 20:24:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2010/11/20 20:24:24 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2010/11/20 20:24:15 | 000,366,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\msrpc.sys -- (MsRPC)
DRV:64bit: - [2010/11/20 20:24:15 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2010/11/20 20:24:15 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2010/11/20 20:24:14 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\ndproxy.sys -- (NDProxy)
DRV:64bit: - [2010/11/20 20:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2010/11/20 20:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2010/11/20 20:24:09 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2010/11/20 20:24:08 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2010/11/20 20:24:08 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2010/11/20 20:24:08 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2010/11/20 20:24:00 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2010/11/20 20:23:55 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)
DRV:64bit: - [2010/11/20 20:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/20 20:23:53 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2010/11/20 20:23:52 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2010/11/20 20:23:51 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2010/11/20 20:23:50 | 000,172,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2010/11/20 20:23:50 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2010/11/20 20:23:48 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2010/11/20 20:23:47 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2010/11/20 20:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2010/11/20 20:23:47 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2010/11/20 20:23:47 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2010/11/20 20:23:47 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)
DRV:64bit: - [2010/11/20 20:23:47 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2010/11/20 20:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2010/11/20 20:23:47 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2010/11/20 20:23:47 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio)
DRV:64bit: - [2010/11/20 20:23:47 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2010/11/20 20:23:47 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2010/11/20 20:23:47 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2010/11/20 20:23:47 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)
DRV:64bit: - [2010/11/20 20:23:47 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4Prt.sys -- (Dot4Print)
DRV:64bit: - [2010/11/20 20:23:47 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2010/11/20 20:23:47 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2010/11/11 21:53:18 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/10/26 06:51:26 | 002,530,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVHD64.sys -- (IntcAzAudAddService)
DRV:64bit: - [2010/10/22 20:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/22 20:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/22 20:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/10/22 20:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/14 09:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/20 23:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/09/20 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/03 14:32:02 | 000,059,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/08/03 14:31:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/07/20 02:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/06/15 11:49:38 | 000,038,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firelm01.sys -- (firelm01)
DRV:64bit: - [2010/06/15 11:49:32 | 000,254,520 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FireTDI.sys -- (FireTDI)
DRV:64bit: - [2010/06/15 11:49:28 | 000,186,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FirePM.sys -- (FirePM)
DRV:64bit: - [2010/01/26 17:45:04 | 000,040,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPQK.sys -- (HIPQK)
DRV:64bit: - [2010/01/26 17:44:48 | 000,045,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPPSK.sys -- (HIPPSK)
DRV:64bit: - [2010/01/26 17:44:34 | 000,138,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPK.sys -- (HIPK)
DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS)
DRV:64bit: - [2009/07/13 18:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009/07/13 18:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 18:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 18:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 18:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 18:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 18:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)
DRV:64bit: - [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2009/07/13 18:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2009/07/13 18:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009/07/13 18:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009/07/13 18:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009/07/13 18:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009/07/13 18:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)
DRV:64bit: - [2009/07/13 18:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 18:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 18:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 18:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 18:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009/07/13 18:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 18:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 18:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2009/07/13 18:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009/07/13 18:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009/07/13 18:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV:64bit: - [2009/07/13 18:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2009/07/13 18:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 18:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV:64bit: - [2009/07/13 18:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)
DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2009/07/13 18:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\spldr.sys -- (spldr)
DRV:64bit: - [2009/07/13 18:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 18:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009/07/13 18:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 18:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 18:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009/07/13 18:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 18:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2009/07/13 18:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid)
DRV:64bit: - [2009/07/13 18:01:48 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (BridgeMP)
DRV:64bit: - [2009/07/13 18:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009/07/13 17:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2009/07/13 17:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbscan.sys -- (usbscan)
DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009/07/13 17:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009/07/13 17:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009/07/13 17:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009/07/13 17:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 17:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp)
DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)
DRV:64bit: - [2009/07/13 17:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009/07/13 17:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009/07/13 17:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009/07/13 17:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009/07/13 17:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009/07/13 17:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009/07/13 17:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb)
DRV:64bit: - [2009/07/13 17:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009/07/13 17:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009/07/13 17:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009/07/13 17:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2009/07/13 17:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394)
DRV:64bit: - [2009/07/13 17:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir)
DRV:64bit: - [2009/07/13 17:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2009/07/13 17:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009/07/13 17:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009/07/13 17:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009/07/13 17:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009/07/13 17:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)
DRV:64bit: - [2009/07/13 17:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009/07/13 17:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2009/07/13 17:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)
DRV:64bit: - [2009/07/13 17:00:20 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4usb.sys -- (dot4usb)
DRV:64bit: - [2009/07/13 17:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)
DRV:64bit: - [2009/07/13 17:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2009/07/13 17:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009/07/13 17:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009/07/13 17:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009/07/13 17:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009/07/13 17:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009/07/13 17:00:16 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4.sys -- (Dot4)
DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009/07/13 16:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009/07/13 16:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009/07/13 16:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009/07/13 16:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009/07/13 16:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\windows\SysNative\drivers\fastfat.sys -- (fastfat)
DRV:64bit: - [2009/07/13 16:23:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\drivers\exfat.sys -- (exfat)
DRV:64bit: - [2009/07/13 16:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009/07/13 16:19:48 | 000,044,032 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\SysNative\drivers\npfs.sys -- (Npfs)
DRV:64bit: - [2009/07/13 16:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/13 16:19:47 | 000,026,112 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\SysNative\drivers\msfs.sys -- (Msfs)
DRV:64bit: - [2009/07/13 16:19:38 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\drivers\null.sys -- (Null)
DRV:64bit: - [2009/07/13 16:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009/07/13 16:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 13:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 13:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 13:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 13:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 13:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 13:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\secdrv.sys -- (secdrv)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 04:32:52 | 000,018,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\sbalg00.sys -- (SBAlg00)
DRV:64bit: - [2009/06/04 04:32:51 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\sbalg12.sys -- (SBAlg12)
DRV:64bit: - [2009/06/04 04:32:51 | 000,036,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\sbalg11.sys -- (SBAlg11)
DRV:64bit: - [2009/06/04 04:32:50 | 000,018,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\sbalg01.sys -- (SBAlg01)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/10/17 15:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firehk.sys -- (FirehkMP)
DRV:64bit: - [2008/10/17 15:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\firehk.sys -- (Firehk)
DRV:64bit: - [2008/04/08 06:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV:64bit: - [2007/08/29 01:03:00 | 000,214,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\V0350Vid.sys -- (VF0350Vid)
DRV:64bit: - [2007/04/27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2007/03/05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\V0350Vfx.sys -- (VF0350Vfx)
DRV - [2012/09/22 16:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/09/22 16:34:42 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/08/09 07:12:23 | 000,397,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys -- (RapportCerberus_42020)
DRV - [2011/10/10 09:40:56 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SBAlg)
DRV - [2011/07/28 06:28:08 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\SbRegFlt.sys -- (SbRegFlt)
DRV - [2011/07/28 06:27:42 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2011/07/28 06:27:37 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\RsvLock.sys -- (RsvLock)
DRV - [2011/07/28 06:27:28 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\SbFlop.sys -- (SbFlop)
DRV - [2011/07/28 06:27:13 | 000,062,792 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2010/12/17 09:54:08 | 000,226,504 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\MfeEERM.sys -- (MfeEERM)
DRV - [2010/12/17 09:54:07 | 000,698,312 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbCe.sys -- (SbCe)
DRV - [2010/12/17 09:54:07 | 000,132,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysWow64\drivers\SbCeCd.sys -- (SbCeCd)
DRV - [2010/03/22 18:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/04 04:32:52 | 000,018,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg00.sys -- (SBAlg00)
DRV - [2009/06/04 04:32:51 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg12.sys -- (SBAlg12)
DRV - [2009/06/04 04:32:51 | 000,036,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg11.sys -- (SBAlg11)
DRV - [2009/06/04 04:32:50 | 000,018,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg01.sys -- (SBAlg01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
IE - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_enUS455US456
IE - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: FFToolbar@upromise:7.1.0.5277
FF - prefs.js..extensions.enabledAddons: syncplaces@andyhalford.com:5.1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.http: "fe80::1507:d591:d080:9681%13"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.0.2: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.0.2: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/01/25 12:06:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 13:10:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/04 10:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 13:10:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/11/02 11:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2012/10/12 08:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tj2rtfuq.default\extensions
[2012/06/20 12:16:30 | 000,000,000 | ---D | M] (JetMP3) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tj2rtfuq.default\extensions\jetmp3@jetpack
[2011/12/06 11:50:51 | 000,455,818 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tj2rtfuq.default\extensions\FFToolbar@upromise.xpi
[2012/05/10 10:46:36 | 000,246,320 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tj2rtfuq.default\extensions\syncplaces@andyhalford.com.xpi
[2012/09/08 13:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/08 13:10:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/08 13:10:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/08 13:10:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/08 13:10:39 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 19:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/06 21:00:40 | 000,001,567 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml
[2012/08/24 19:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=12B5D6225BFF28115074784FE221644D&tbp=homepage
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=12B5D6225BFF28115074784FE221644D&tbp=homepage
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: ShipRush FedEx (Enabled) = C:\Users\Matt\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: JetMP3 = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgiejbjcehlnlnkahbijgjplhgpbjpoh\1.0_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealNetworks Downloader Extension = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SbCeCore] C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SafeBootTokenWatcher] C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] 0 File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-1984785585-1157001359-3577575477-1001..\Run: [GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk = C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} https://strtc.oracle.com/imtapp/res/jar/cnsload.cab (Reg Error: Value error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://myaccess.oraclevpn.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8CA2FFE-D291-46DD-9181-CBBBF5716867}: DhcpNameServer = 192.168.1.1 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB3495AA-6FF6-42DC-B284-14AAB5D378A4}: DhcpNameServer = 66.174.92.14 69.78.96.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/14 19:33:19 | 000,000,067 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{85d0e8d9-06ea-11e1-b695-c89cdc53d4e0}\Shell - "" = AutoRun
O33 - MountPoints2\{85d0e8d9-06ea-11e1-b695-c89cdc53d4e0}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 09:00:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/10/12 08:44:46 | 000,000,000 | ---D | C] -- C:\JRT
[2012/10/12 08:39:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
[2012/10/12 08:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/10/12 08:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/12 06:41:36 | 000,047,080 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\HIPIS0e011b5.dll
[2012/10/12 06:41:36 | 000,040,328 | ---- | C] (McAfee, Inc.) -- C:\windows\SysWow64\HIPIS0e011b5.dll
[2012/10/10 11:42:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\dds.com
[2012/10/05 09:23:25 | 000,544,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\npdeployJava1.dll
[2012/10/05 09:23:25 | 000,191,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaws.exe
[2012/10/05 09:23:25 | 000,172,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaw.exe
[2012/10/05 09:23:24 | 000,172,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\java.exe
[2012/09/27 22:23:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/09/27 22:23:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/09/27 22:22:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/09/27 22:22:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/09/27 22:22:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/09/27 22:22:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/09/27 22:22:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/09/27 22:22:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/09/27 22:22:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/09/27 22:22:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/09/27 22:22:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/09/27 22:22:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/09/27 22:22:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/09/27 22:22:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/09/27 22:22:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/09/24 10:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/09/15 09:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/15 09:02:50 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/15 09:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/15 09:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/15 09:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/15 09:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/14 16:41:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
[2012/09/14 16:41:38 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012/09/14 16:41:35 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/09/14 16:41:35 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/14 08:33:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/14 08:15:37 | 000,000,000 | --SD | C] -- C:\CFix
[2012/09/14 08:08:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/14 08:08:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/09/14 08:08:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/14 08:04:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/14 08:04:23 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/06/20 12:16:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Matt\AppData\Roaming\pcouffin.sys
[2012/01/27 10:48:49 | 000,136,592 | ---- | C] (Oracle Corporation) -- C:\Users\Matt\STELCOAO.EXE
[2011/08/18 07:29:36 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[15 C:\Users\Matt\*.tmp files -> C:\Users\Matt\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/12 09:05:02 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/12 09:00:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/10/12 08:44:13 | 000,551,926 | ---- | M] () -- C:\Users\Matt\Desktop\JRT.exe
[2012/10/12 08:39:59 | 001,422,336 | ---- | M] () -- C:\Users\Matt\Desktop\winlogon.exe
[2012/10/12 08:05:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/12 07:55:04 | 000,000,366 | ---- | M] () -- C:\windows\tasks\ReclaimerUpdateFiles_Matt.job
[2012/10/12 06:51:06 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 06:51:06 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 06:44:15 | 000,000,372 | ---- | M] () -- C:\windows\tasks\RNUpgradeHelperLogonPrompt_Matt.job
[2012/10/12 06:42:02 | 000,126,945 | ---- | M] () -- C:\windows\SysWow64\api_hook_list.dat
[2012/10/12 06:41:59 | 000,002,033 | ---- | M] () -- C:\windows\SysNative\api_hook_list.dat
[2012/10/12 06:41:56 | 000,111,039 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/10/12 06:41:49 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/12 06:41:32 | 000,000,322 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2012/10/12 06:41:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/12 06:40:56 | 3101,966,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/11 17:02:03 | 000,000,362 | ---- | M] () -- C:\windows\tasks\ReclaimerUpdateXML_Matt.job
[2012/10/10 11:42:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\dds.com
[2012/10/10 11:35:30 | 000,000,020 | ---- | M] () -- C:\Users\Matt\defogger_reenable
[2012/10/05 09:23:15 | 000,191,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaws.exe
[2012/10/05 09:23:15 | 000,172,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaw.exe
[2012/10/05 09:23:15 | 000,172,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\java.exe
[2012/10/05 09:23:14 | 000,544,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\npdeployJava1.dll
[2012/10/05 09:23:14 | 000,525,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\deployJava1.dll
[2012/10/04 10:59:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/04 10:38:05 | 000,002,114 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/10/04 10:38:05 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/10/04 06:16:43 | 000,006,807 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\PrimoPDFSet.xml
[2012/10/04 00:36:24 | 000,143,040 | ---- | M] (McAfee, Inc.) -- C:\windows\SysWow64\KevlarSigs.dll
[2012/09/30 16:55:17 | 000,717,892 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/30 16:55:17 | 000,618,026 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/30 16:55:17 | 000,104,340 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\windows\SysNative\drivers\RapportKE64.sys
[2012/09/15 09:02:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[15 C:\Users\Matt\*.tmp files -> C:\Users\Matt\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/12 08:44:12 | 000,551,926 | ---- | C] () -- C:\Users\Matt\Desktop\JRT.exe
[2012/10/12 08:39:58 | 001,422,336 | ---- | C] () -- C:\Users\Matt\Desktop\winlogon.exe
[2012/10/12 08:05:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/12 06:42:01 | 000,126,945 | ---- | C] () -- C:\windows\SysWow64\api_hook_list.dat
[2012/10/12 06:41:59 | 000,002,033 | ---- | C] () -- C:\windows\SysNative\api_hook_list.dat
[2012/10/10 11:35:28 | 000,000,020 | ---- | C] () -- C:\Users\Matt\defogger_reenable
[2012/09/21 16:45:03 | 000,000,372 | ---- | C] () -- C:\windows\tasks\RNUpgradeHelperLogonPrompt_Matt.job
[2012/09/21 16:45:01 | 000,000,366 | ---- | C] () -- C:\windows\tasks\ReclaimerUpdateFiles_Matt.job
[2012/09/21 16:45:00 | 000,000,362 | ---- | C] () -- C:\windows\tasks\ReclaimerUpdateXML_Matt.job
[2012/09/15 09:02:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/14 08:08:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/14 08:08:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/14 08:08:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/14 08:08:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/14 08:08:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/06/20 12:16:37 | 000,099,384 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\inst.exe
[2012/06/20 12:16:37 | 000,007,859 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\pcouffin.cat
[2012/06/20 12:16:36 | 000,001,167 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\pcouffin.inf
[2012/06/14 16:03:15 | 000,962,560 | ---- | C] () -- C:\windows\tesseract.exe
[2012/05/17 08:38:18 | 000,000,855 | ---- | C] () -- C:\Users\Matt\.recently-used.xbel
[2012/04/02 12:26:34 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
[2011/11/16 09:50:30 | 000,006,807 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\PrimoPDFSet.xml
[2011/11/15 17:58:21 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/11/10 12:44:40 | 000,143,058 | ---- | C] () -- C:\windows\hpwins28.dat
[2011/11/10 12:44:40 | 000,000,418 | ---- | C] () -- C:\windows\hpwmdl28.dat
[2011/11/08 09:11:46 | 000,072,080 | ---- | C] () -- C:\Users\Matt\g2mdlhlpx.exe
[2011/11/02 12:23:18 | 000,730,638 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/11/02 12:16:21 | 000,114,240 | ---- | C] () -- C:\windows\tlist.exe
[2011/08/18 08:06:16 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2011/08/18 08:06:16 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2011/08/18 07:12:08 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/02/12 12:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/11/19 03:22:36 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2010/11/19 03:22:33 | 000,206,952 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2010/11/19 03:22:29 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %windir%\system32\drivers\*.sys /lockedfiles >

< End of report >

Attached File  Extras.Txt   66.26KB   0 downloads

#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:52 AM

Posted 12 October 2012 - 01:08 PM

Hi,

Please update MBAM and try scanning again. Let me know if it still crashes. If it does not, post the Malwarebytes log here for review.

#5 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 12 October 2012 - 01:15 PM

I ran MBAM but it still crashes shortly after it detects 4 issues. I ran again and aborted the scan just prior to it crashing. Here is the log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Matt :: LENOVO-PC [administrator]

10/12/2012 11:12:42 AM
mbam-log-2012-10-12 (11-13-26).txt

Scan type: Quick scan
Scan options enabled: Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | File System | P2P
Objects scanned: 129000
Time elapsed: 32 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\program files\i want this (Adware.GamePlayLab) -> No action taken.
c:\program files (x86)\i want this (Adware.GamePlayLab) -> No action taken.

Files Detected: 2
c:\program files\i want this\i want this.ini (Adware.GamePlayLab) -> No action taken.
c:\program files (x86)\i want this\i want this.ini (Adware.GamePlayLab) -> No action taken.

(end)

#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:52 AM

Posted 12 October 2012 - 01:51 PM

Posted Image From Programs and Features (via Control Panel), please uninstall the below:
  • Java™ 6 Update 35
  • JetMP3 (will probably report as already uninstalled, just delete the entry if possible)


Posted Image Fix items using OTL

  • Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
  • Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
  • Download the following file to your desktop:
  • Then drag OTLfix.txt into the Posted Image text-field.
  • You should see a bunch of text transferred over into the text-field.
  • Now click the Posted Image button.
  • The fix will need a reboot. Please allow the computer to boot into Normal Mode.
  • Click the OK button (upon reboot).
  • When OTL is finished, Notepad will open.
  • Post the contents of this log to your next message.

__

Let me know what problems remain after you have completed these steps.

#7 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 12 October 2012 - 02:17 PM

I ran the OLT and script as instructed, HOWEVER, I mistakenly did not Run as Administrator as instructed.

I did remove the Java Update 35, but left the Java Update 35 (64-bit).

Let me know if that is what was intended and if I need to do anything else.

See log below:


Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgiejbjcehlnlnkahbijgjplhgpbjpoh\1.0_0 folder moved successfully.
C:\Users\Matt\cnsload_1323277580538.tmp deleted successfully.
C:\Users\Matt\cnsload_1323277711811.tmp deleted successfully.
C:\Users\Matt\cnsload_1323277764801.tmp deleted successfully.
C:\Users\Matt\cnsload_1323277907453.tmp deleted successfully.
C:\Users\Matt\cnsload_1323278070663.tmp deleted successfully.
C:\Users\Matt\cnsload_1328132302179.tmp deleted successfully.
C:\Users\Matt\cnsload_1332776798567.tmp deleted successfully.
C:\Users\Matt\cnsload_1348596891349.tmp deleted successfully.
C:\Users\Matt\cnsload_1348610761297.tmp deleted successfully.
C:\Users\Matt\cnsload_1348775810807.tmp deleted successfully.
C:\Users\Matt\cnsload_1348781814750.tmp deleted successfully.
C:\Users\Matt\cnsload_1348801390842.tmp deleted successfully.
C:\Users\Matt\cnsload_1348801391060.tmp deleted successfully.
C:\Users\Matt\cnsload_1348801392448.tmp deleted successfully.
C:\Users\Matt\cnsload_1349728873207.tmp deleted successfully.
========== FILES ==========
< dir /s C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 /c >
Volume in drive C has no label.
Volume Serial Number is 7ACC-AB55
Directory of C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
09/15/2012 09:02 AM <DIR> .
09/15/2012 09:02 AM <DIR> ..
08/21/2012 01:01 PM 1,977,816 GEARDIFx.exe
09/15/2012 09:02 AM <DIR> x64
1 File(s) 1,977,816 bytes
Directory of C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64
09/15/2012 09:02 AM <DIR> .
09/15/2012 09:02 AM <DIR> ..
08/21/2012 01:01 PM 519,048 DIFxAPI.dll
08/21/2012 01:01 PM 131,544 DifXInst64.exe
09/15/2012 09:02 AM 4,842 DIFxInstallLog.txt
08/21/2012 01:01 PM 106,928 GEARAspi.dll
08/21/2012 01:01 PM 125,872 GEARAspi64.dll
08/21/2012 01:01 PM 2,561 GEARAspiWDM.inf
08/21/2012 01:01 PM 7,638 gearaspiwdmx64.cat
09/15/2012 09:02 AM <DIR> x64
7 File(s) 898,433 bytes
Directory of C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64
09/15/2012 09:02 AM <DIR> .
09/15/2012 09:02 AM <DIR> ..
08/21/2012 01:01 PM 33,240 GEARAspiWDM.sys
1 File(s) 33,240 bytes
Total Files Listed:
9 File(s) 2,909,489 bytes
8 Dir(s) 839,945,756,672 bytes free
C:\Users\Matt\Desktop\cmd.bat deleted successfully.
C:\Users\Matt\Desktop\cmd.txt deleted successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgiejbjcehlnlnkahbijgjplhgpbjpoh folder deleted successfully.
File\Folder c:\program files\i want this not found.
File\Folder c:\program files (x86)\i want this not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matt
->Temp folder emptied: 3147617 bytes
->Temporary Internet Files folder emptied: 2286447 bytes
->Java cache emptied: 2658966 bytes
->FireFox cache emptied: 68657344 bytes
->Google Chrome cache emptied: 9977050 bytes
->Flash cache emptied: 1781 bytes

User: Mattr

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55601 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10122012_120641

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\gnserv.dat scheduled to be moved on reboot.
File move failed. C:\windows\temp\spserv.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:52 AM

Posted 12 October 2012 - 03:29 PM

That looks fine.

Are you still having issues?

#9 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 12 October 2012 - 03:36 PM

I still get the same 4 issues with MBAM and then it crashes

#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:52 AM

Posted 12 October 2012 - 03:44 PM

The folders and files that MBAM detects are not present (according to OTL). This may just be a quirk with MBAM.

Let's try this:

Unininstall Malwarebytes from Programs and Features (via Control Panel)

Reboot your computer (even if it does not ask you to)

Upon reboot, download this: http://www.malwarebytes.org/mbam-clean.exe

Run it, and reboot again (even if it does not ask you to)

__

Then following these instructions for installing Malwarebytes and retry a scan.

Posted Image Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Edited by thisisu, 12 October 2012 - 03:44 PM.


#11 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 12 October 2012 - 04:42 PM

I uninstalled, then cleaned, and reinstalled but I still get the same 4 issues with MBAM and then it crashes. It seemed to take longer then before to find the 4 issues but eventually found them and were the same 4 as before. I alsi tried the Chameleon but got same result.

#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:52 AM

Posted 12 October 2012 - 04:52 PM

Hi,

Check if the following folders exist using Windows Explorer:

  • c:\program files (x86)\I want this
  • c:\program files\I want this


#13 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 12 October 2012 - 05:02 PM

I don't see them there

#14 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:52 AM

Posted 12 October 2012 - 07:16 PM

Hi,

Please download the newest version of JRT from here.
Replace your existing version with this new version.

Then right-mouse click JRT.exe and select Run as administrator.

Post the newest JRT.txt for me to review.

Also let me know what problems you are experiencing with the computer (other than MBAM crashing).

Edited by thisisu, 12 October 2012 - 07:17 PM.


#15 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 13 October 2012 - 01:15 AM

The JRT log is included below. I haven't really seen any problems other than MBAM scans which are reporting the issues. I had clicked on a link in an email a while back which ended up spamming my entire yahoo mailing list and shortly after that I used MBAM to see what it could find. I haven't been able to ever get MBAM to run correctly.


Junkware Removal Tool (JRT) by Thisisu
Version: 1.5.2 (10.12.2012)
OS: Windows 7 Home Premium x64
Ran by Matt on Fri 10/12/2012 at 17:36:13.47
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Fri 10/12/2012 at 17:52:01.72
End of Report




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users