Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't figure out what's hogging my system's physical memory


  • This topic is locked This topic is locked
39 replies to this topic

#1 morganj23

morganj23

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 16 February 2013 - 02:25 PM

Hello All,
 
Really hoping someone can help me with this. For the past few months, something's been using up a big chunk of my physical memory. I have 6 gigs of memory. When I start my computer, before I open any browsers or apps, I'm already using 40-50% of my available memory. I've tried manually terminating processes one by one, even uninstalling a bunch of programs I don't use anymore, but nothing seems to work. If anyone can help, I'd greatly appreciate it. 
 
Thank you in advance, all. 
 
Regards,
Jim

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:20 AM, on 2/16/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jim\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [S-Bar] %PROGRAMFILES%\S-Bar\S-Bar.exe
O4 - HKLM\..\Run: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
O4 - HKLM\..\Run: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [76C34C4F529FAADC3A9D6C7D5C900CABAB119D54._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: BTGuard Updates.lnk = C:\BTGUARD\settings.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\S-Bar\MSIService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: MSI Foundation Service - MSI - C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 18096 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:53 PM

Posted 16 February 2013 - 04:41 PM

Hi and Welcome!!   smile.png   My name is Jeff.

 

 

Please download DDS from either of these links
 
 
and save it to your desktop.
  •  
  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.
 
Click the image to enlarge it
----------
 

  •  
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • ----------

 


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 morganj23

morganj23
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 16 February 2013 - 08:10 PM

Jeff,

 

Thank you soo much for the reply. I've followed your directions. I've pasted the logfile text below, and it's also attached. Please let me know if you find anything. Seriously, thank you soo much.

 

Regards,

Jim

 

dds.txt:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.13.2
Run by Jim at 16:46:51 on 2013-02-16
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6051.2102 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\SysWow64\IntelCpHeciSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\S-Bar\S-Bar.exe
C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msi.msn.com
uDefault_Page_URL = hxxp://msi.msn.com
mStart Page = hxxp://msi.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [VPNCheck] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe
mRun: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
mRun: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\windows\UpdReg.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BTGUAR~1.LNK - C:\BTGUARD\settings.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{17A8F0A9-2F0C-4065-865B-24D48D7C91EC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FEFD81B6-89B2-49FB-BA4F-02C9F76CAD3A} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [THXCfg64] C:\windows\System32\RunDLL32.exe C:\windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-18 659472]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-6-18 1095616]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-6-18 1333184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-6-18 1124288]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-23 135984]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-1 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2011-6-7 160768]
R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-8-23 3342640]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-11-22 245760]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-7-1 138024]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-2-16 169752]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2012-11-29 25528]
R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2011-7-1 32344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-1 412776]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\drivers\usb3Hub.sys [2012-11-29 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\drivers\xHCIPort.sys [2012-10-9 188896]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-1 2656536]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2012-5-21 111104]
S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2012-6-9 849408]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-10-31 130976]
S3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2012-7-9 60928]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2012-11-29 35256]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUVStor.sys [2011-7-1 307304]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-11-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-16 15:45:46    16365936    ----a-w-    C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-16 05:52:52    697712    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-02-16 05:38:20    95648    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-16 05:32:22    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-16 05:32:22    --------    d-----w-    C:\Program Files\iTunes
2013-02-16 05:32:22    --------    d-----w-    C:\Program Files\iPod
2013-02-16 05:32:22    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-02-16 02:52:42    9161176    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A7DA02E-B47E-464F-83E7-A0E5B719464C}\mpengine.dll
2013-02-16 02:43:21    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 02:43:21    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 05:16:49    5553512    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-02-13 05:16:49    3967848    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 05:16:48    3913064    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-02-13 05:16:46    3153408    ----a-w-    C:\windows\System32\win32k.sys
2013-02-13 05:16:44    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-02-13 05:16:44    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-02-13 05:16:44    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2013-02-13 05:16:44    215040    ----a-w-    C:\windows\System32\winsrv.dll
2013-02-13 05:16:44    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-02-13 05:16:43    2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-02-13 05:16:42    288088    ----a-w-    C:\windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 05:16:42    1913192    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-02-13 03:34:30    9161176    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-09 06:31:24    --------    d-s---w-    C:\windows\SysWow64\Microsoft
2013-02-09 06:30:08    --------    d-----w-    C:\Users\Jim\AppData\Local\doubleTwist Corporation
2013-02-09 06:29:57    --------    d-----w-    C:\Program Files (x86)\ffdshow
2013-02-08 23:57:03    --------    d-----w-    C:\Users\Jim\Skyfall.2012.720p.BluRay.x264-DAA [PublicHD]
2013-01-20 20:44:10    --------    d-----w-    C:\Users\Jim\AppData\Local\IsolatedStorage
2013-01-20 20:41:12    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Intuit
2013-01-20 20:39:34    --------    d-----w-    C:\ProgramData\Intuit
2013-01-20 20:39:34    --------    d-----w-    C:\Program Files (x86)\Common Files\Intuit
2013-01-20 20:39:17    --------    d-----w-    C:\Program Files (x86)\TurboTax
2013-01-20 02:54:58    --------    d-----w-    C:\Program Files\Intel Corporation
2013-01-19 20:55:39    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Postbox
2013-01-19 20:55:39    --------    d-----w-    C:\Users\Jim\AppData\Local\Postbox
.
==================== Find3M  ====================
.
2013-02-16 15:46:12    74096    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-16 05:38:15    861088    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-02-16 05:38:15    782240    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-01-30 10:53:22    273840    ------w-    C:\windows\System32\MpSigStub.exe
2013-01-09 01:19:09    2312704    ----a-w-    C:\windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\windows\System32\mshtml.tlb
2013-01-08 22:23:50    277488    ----a-w-    C:\windows\SysWow64\IntelCpHeciSvc.exe
2013-01-08 22:23:48    511984    ----a-w-    C:\windows\System32\igfxsrvc.exe
2013-01-08 22:23:48    172016    ----a-w-    C:\windows\System32\igfxtray.exe
2013-01-08 22:23:46    5905904    ----a-w-    C:\windows\System32\GfxUI.exe
2013-01-08 22:23:46    441840    ----a-w-    C:\windows\System32\igfxpers.exe
2013-01-08 22:23:46    399856    ----a-w-    C:\windows\System32\hkcmd.exe
2013-01-08 22:23:46    254960    ----a-w-    C:\windows\System32\igfxext.exe
2013-01-08 22:23:44    185840    ----a-w-    C:\windows\System32\difx64.exe
2013-01-08 22:11:21    1800704    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2012-12-16 17:11:22    46080    ----a-w-    C:\windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\windows\SysWow64\atmlib.dll
2012-12-13 21:23:46    116224    ----a-w-    C:\windows\System32\igfxCoIn_v2932.dll
2012-12-12 21:45:06    12858368    ----a-w-    C:\windows\System32\igd10umd64.dll
2012-12-12 21:44:04    11174912    ----a-w-    C:\windows\SysWow64\igd10umd32.dll
2012-12-12 21:42:46    384512    ----a-w-    C:\windows\System32\igfxpph.dll
2012-12-12 21:42:44    410112    ----a-w-    C:\windows\System32\igfxTMM.dll
2012-12-12 21:42:44    28672    ----a-w-    C:\windows\System32\igfxexps.dll
2012-12-12 21:42:36    126976    ----a-w-    C:\windows\System32\igfxcpl.cpl
2012-12-12 21:42:36    12615680    ----a-w-    C:\windows\System32\igdumd64.dll
2012-12-12 21:42:34    142336    ----a-w-    C:\windows\System32\igfxdo.dll
2012-12-12 21:42:28    64000    ----a-w-    C:\windows\System32\igfxsrvc.dll
2012-12-12 21:42:28    5353888    ----a-w-    C:\windows\System32\drivers\igdkmd64.sys
2012-12-12 21:42:24    80384    ----a-w-    C:\windows\System32\igdde64.dll
2012-12-12 21:42:06    110592    ----a-w-    C:\windows\System32\hccutils.dll
2012-12-12 21:41:56    9728    ----a-w-    C:\windows\System32\IGFXDEVLib.dll
2012-12-12 21:41:56    175104    ----a-w-    C:\windows\System32\gfxSrvc.dll
2012-12-12 21:41:54    442880    ----a-w-    C:\windows\System32\igfxdev.dll
2012-12-12 21:41:38    11049472    ----a-w-    C:\windows\SysWow64\igdumd32.dll
2012-12-12 21:41:26    286208    ----a-w-    C:\windows\System32\igfxrenu.lrc
2012-12-12 21:41:24    64512    ----a-w-    C:\windows\SysWow64\igdde32.dll
2012-12-12 21:41:22    9007616    ----a-w-    C:\windows\System32\igfxress.dll
2012-12-12 21:40:42    25088    ----a-w-    C:\windows\SysWow64\igfxexps32.dll
2012-12-12 21:40:34    13030400    ----a-w-    C:\windows\System32\ig4icd64.dll
2012-12-12 21:40:08    330752    ----a-w-    C:\windows\SysWow64\igfxdv32.dll
2012-12-12 21:39:58    10812416    ----a-w-    C:\windows\SysWow64\ig4icd32.dll
2012-12-12 21:38:20    640512    ----a-w-    C:\windows\SysWow64\igfxcmrt32.dll
2012-12-12 21:38:20    518656    ----a-w-    C:\windows\System32\igfxcmrt64.dll
2012-12-12 21:38:18    483840    ----a-w-    C:\windows\System32\igfx11cmrt64.dll
2012-12-12 21:38:18    459264    ----a-w-    C:\windows\SysWow64\igfx11cmrt32.dll
2012-12-12 21:38:18    3511296    ----a-w-    C:\windows\System32\igfxcmjit64.dll
2012-12-12 21:38:18    3121152    ----a-w-    C:\windows\SysWow64\igfxcmjit32.dll
2012-12-07 13:20:16    441856    ----a-w-    C:\windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\windows\System32\wow64cpu.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\windows\System32\KernelBase.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\windows\System32\conhost.exe
2012-11-30 02:38:59    6144    ---ha-w-    C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-29 20:27:38    47072    ----a-w-    C:\windows\System32\drivers\usb3Hub.sys
2012-11-29 20:27:38    35256    ----a-w-    C:\windows\System32\drivers\intelaud.sys
2012-11-29 20:27:38    25528    ----a-w-    C:\windows\System32\drivers\iwdbus.sys
2012-11-23 17:30:01    231376    ----a-w-    C:\windows\System32\drivers\truecrypt.sys
2012-11-23 03:13:57    68608    ----a-w-    C:\windows\System32\taskhost.exe
2012-11-22 05:44:23    800768    ----a-w-    C:\windows\System32\usp10.dll
2012-11-22 04:45:03    626688    ----a-w-    C:\windows\SysWow64\usp10.dll
2012-11-20 05:48:49    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2012-11-20 04:51:09    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
.
============= FINISH: 16:47:49.90 ===============
 

attach.txt:

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/7/2012 7:04:27 PM
System Uptime: 2/16/2013 10:41:09 AM (6 hours ago)
.
Motherboard: Micro-Star International Co., Ltd. |  | MS-1491
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz | SOCKET 0 | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 413 GiB total, 208.65 GiB free.
D: is FIXED (NTFS) - 275 GiB total, 275.372 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP55: 1/20/2013 3:39:40 PM - Installed TurboTax 2012 wrapper
RP56: 1/20/2013 4:01:07 PM - Installed TurboTax 2012 wnjiper
RP57: 1/20/2013 4:01:18 PM - Installed TurboTax 2012 wnyiper
RP58: 1/21/2013 9:09:38 PM - Windows Update
RP59: 1/25/2013 12:10:32 AM - Windows Update
RP60: 1/28/2013 8:50:18 PM - Windows Update
RP61: 1/31/2013 10:40:20 PM - Windows Update
RP62: 2/4/2013 8:14:54 PM - Windows Update
RP63: 2/7/2013 10:54:27 PM - Windows Update
RP65: 2/15/2013 9:40:26 PM - Windows Update
RP66: 2/16/2013 12:37:33 AM - Installed Java 7 Update 13
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.01)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battery Calibration
Bing Bar
Bonjour
BTGuard 2.5
BurnRecovery
Cinema ProII Setup
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DNS Leak Fix for OpenVPN version 1.2
DVD Shrink 3.2
EasyFace2
EasyViewer
ETDWare PS/2-X64 8.0.5.1_WHQL
Firebird SQL Server - MAGIX Edition
Futuremark SystemInfo
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
HL-2270DW
i-Charger
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Turbo Boost Technology Monitor 2.0
Intel® WiDi
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software
iTunes
Java 7 Update 13
Java Auto Updater
Junk Mail filter update
MAGIX Music Maker 16 Download Version
MAGIX Photo Manager 9
MAGIX Screenshare
MAGIX Speed burnR
MAGIX Video easy SE
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MSI HOUSE
MSI Software Install
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
PDF Settings CS6
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Renesas Electronics USB 3.0 Host Controller Driver
RoboForm 7-8-5-7 (All Users)
S-Bar
Seagate Manager Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Stone Giant 1.0
System Requirements Lab for Intel
Text-To-Speech-Runtime
THX TruStudio Pro
TrueCrypt
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnjiper
TurboTax 2012 wnyiper
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VLC media player 2.0.4
VPNCheck 1.5
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/16/2013 10:45:05 AM, Error: Service Control Manager [7000]  - The Intel® Management and Security Application User Notification Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/16/2013 10:45:04 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.
.
==== End Of File ===========================
 
aswMBR:
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-16 16:50:23
-----------------------------
16:50:23.743    OS Version: Windows x64 6.1.7601 Service Pack 1
16:50:23.743    Number of processors: 8 586 0x2A07
16:50:23.744    ComputerName: JIM-MSI  UserName: Jim
16:50:25.470    Initialize success
16:51:36.316    AVAST engine defs: 13021602
16:51:41.741    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:51:41.753    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
16:51:41.770    Disk 0 MBR read successfully
16:51:41.777    Disk 0 MBR scan
16:51:41.788    Disk 0 Windows 7 default MBR code
16:51:41.796    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10100 MB offset 2048
16:51:41.854    Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS          100 MB offset 20686848
16:51:41.902    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       423122 MB offset 20891648
16:51:41.946    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       282081 MB offset 887445504
16:51:42.019    Disk 0 scanning C:\windows\system32\drivers
16:51:58.918    Service scanning
16:52:35.309    Modules scanning
16:52:35.312    Disk 0 trace - called modules:
16:52:35.326    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:52:35.329    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f7d790]
16:52:35.330    3 CLASSPNP.SYS[fffff88001aff43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80059ff050]
16:52:37.067    AVAST engine scan C:\windows
16:52:40.626    AVAST engine scan C:\windows\system32
16:56:34.478    AVAST engine scan C:\windows\system32\drivers
16:56:52.412    AVAST engine scan C:\Users\Jim
17:09:09.643    AVAST engine scan C:\ProgramData
17:10:17.916    Scan finished successfully
17:10:55.940    Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\next post\MBR.dat"
17:10:55.944    The log file has been saved successfully to "C:\Users\Jim\Desktop\next post\aswMBR.txt"
 
AdwCleaner.txt:
 
# AdwCleaner v2.112 - Logfile created 02/16/2013 at 20:00:58
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jim - JIM-MSI
# Boot Mode : Normal
# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
[OK] Registry is clean.
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [747 octets] - [16/02/2013 20:00:58]
 
########## EOF - C:\AdwCleaner[S1].txt - [806 octets] ##########
 
 
 

Attached Files



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:53 PM

Posted 16 February 2013 - 08:27 PM

ComboFix
 
Download Combofix from the link below, and save it to your desktop.  
 
**Note:  It is important that it is saved directly to your desktop**
 If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.  
  • Please post the C:\ComboFix.txt for further review.
  • ----------

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #5 morganj23

    morganj23
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:53 PM

    Posted 17 February 2013 - 07:20 PM

    Jeff,

     

    Please find the combofix text below and attached. Thank you again.

     

    Regards,

    Jim

     

     

     

    ComboFix 13-02-15.01 - Jim 02/17/2013  19:09:57.1.8 - x64
    Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6051.4136 [GMT -5:00]
    Running from: c:\users\Jim\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\windows\security\Database\tmp.edb
    c:\windows\SysWow64\DEBUG.log
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-01-18 to 2013-02-18  )))))))))))))))))))))))))))))))
    .
    .
    2013-02-18 00:14 . 2013-02-18 00:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-02-17 01:43 . 2013-02-17 01:43    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A7DA02E-B47E-464F-83E7-A0E5B719464C}\offreg.dll
    2013-02-16 15:45 . 2013-02-16 15:45    16365936    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-02-16 05:52 . 2013-02-16 15:46    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-16 05:52 . 2013-02-16 05:52    --------    d-----w-    c:\windows\system32\Macromed
    2013-02-16 05:38 . 2013-02-16 05:38    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-16 05:38 . 2013-02-16 05:38    --------    d-----w-    c:\program files (x86)\Java
    2013-02-16 05:32 . 2013-02-16 05:32    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-02-16 05:32 . 2013-02-16 05:32    --------    d-----w-    c:\program files\iTunes
    2013-02-16 05:32 . 2013-02-16 05:32    --------    d-----w-    c:\program files (x86)\iTunes
    2013-02-16 05:32 . 2013-02-16 05:32    --------    d-----w-    c:\program files\iPod
    2013-02-16 02:52 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A7DA02E-B47E-464F-83E7-A0E5B719464C}\mpengine.dll
    2013-02-16 02:43 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-16 02:43 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 05:16 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
    2013-02-13 05:16 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 05:16 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 05:16 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
    2013-02-13 05:16 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
    2013-02-13 05:16 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
    2013-02-13 05:16 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
    2013-02-13 05:16 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
    2013-02-13 05:16 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 05:16 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
    2013-02-13 05:16 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
    2013-02-13 05:16 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-13 03:34 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-09 06:31 . 2013-02-09 06:31    --------    d-s---w-    c:\windows\SysWow64\Microsoft
    2013-02-09 06:30 . 2013-02-09 06:30    --------    d-----w-    c:\users\Jim\AppData\Local\doubleTwist Corporation
    2013-02-09 06:29 . 2013-02-16 05:28    --------    d-----w-    c:\program files (x86)\ffdshow
    2013-02-08 23:57 . 2013-02-08 23:57    --------    d-----w-    c:\users\Jim\Skyfall.2012.720p.BluRay.x264-DAA [PublicHD]
    2013-01-20 20:44 . 2013-01-20 20:44    --------    d-----w-    c:\users\Jim\AppData\Local\IsolatedStorage
    2013-01-20 20:41 . 2013-01-20 20:41    --------    d-----w-    c:\users\Jim\AppData\Roaming\Intuit
    2013-01-20 20:39 . 2013-01-20 20:40    --------    d-----w-    c:\programdata\Intuit
    2013-01-20 20:39 . 2013-01-20 20:40    --------    d-----w-    c:\program files (x86)\Common Files\Intuit
    2013-01-20 20:39 . 2013-01-20 20:39    --------    d-----w-    c:\program files (x86)\TurboTax
    2013-01-20 02:54 . 2013-01-20 02:54    --------    d-----w-    c:\program files\Intel Corporation
    2013-01-20 02:41 . 2013-01-20 02:41    --------    d-----w-    c:\users\Jim\AppData\Roaming\dvdcss
    2013-01-19 20:55 . 2013-02-16 05:28    --------    d-----w-    c:\users\Jim\AppData\Local\Postbox
    2013-01-19 20:55 . 2013-01-19 20:55    --------    d-----w-    c:\users\Jim\AppData\Roaming\Postbox
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-16 15:46 . 2012-11-29 01:56    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-16 05:38 . 2012-11-08 00:36    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
    2013-02-16 05:38 . 2012-11-08 00:36    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
    2013-02-16 02:45 . 2012-11-11 21:06    70004024    ----a-w-    c:\windows\system32\MRT.exe
    2013-01-30 10:53 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
    2013-01-08 22:23 . 2013-01-08 22:23    277488    ----a-w-    c:\windows\SysWow64\IntelCpHeciSvc.exe
    2013-01-08 22:23 . 2013-01-08 22:23    511984    ----a-w-    c:\windows\system32\igfxsrvc.exe
    2013-01-08 22:23 . 2013-01-08 22:23    172016    ----a-w-    c:\windows\system32\igfxtray.exe
    2013-01-08 22:23 . 2013-01-08 22:23    5905904    ----a-w-    c:\windows\system32\GfxUI.exe
    2013-01-08 22:23 . 2013-01-08 22:23    441840    ----a-w-    c:\windows\system32\igfxpers.exe
    2013-01-08 22:23 . 2013-01-08 22:23    399856    ----a-w-    c:\windows\system32\hkcmd.exe
    2013-01-08 22:23 . 2013-01-08 22:23    254960    ----a-w-    c:\windows\system32\igfxext.exe
    2013-01-08 22:23 . 2013-01-08 22:23    185840    ----a-w-    c:\windows\system32\difx64.exe
    2013-01-04 04:43 . 2013-02-13 05:16    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-23 02:40    46080    ----a-w-    c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-23 02:40    367616    ----a-w-    c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 02:40    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 02:40    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
    2012-12-13 21:23 . 2012-12-13 21:23    116224    ----a-w-    c:\windows\system32\igfxCoIn_v2932.dll
    2012-12-12 21:45 . 2011-07-02 00:15    12858368    ----a-w-    c:\windows\system32\igd10umd64.dll
    2012-12-12 21:44 . 2012-10-22 22:40    11174912    ----a-w-    c:\windows\SysWow64\igd10umd32.dll
    2012-12-12 21:43 . 2012-12-12 21:43    437760    ----a-w-    c:\windows\system32\igfxrtrk.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    439296    ----a-w-    c:\windows\system32\igfxrrus.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438784    ----a-w-    c:\windows\system32\igfxrsky.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    437760    ----a-w-    c:\windows\system32\igfxrsve.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    437760    ----a-w-    c:\windows\system32\igfxrslv.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    437248    ----a-w-    c:\windows\system32\igfxrtha.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    439296    ----a-w-    c:\windows\system32\igfxrrom.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438784    ----a-w-    c:\windows\system32\igfxrptg.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438784    ----a-w-    c:\windows\system32\igfxrplk.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438784    ----a-w-    c:\windows\system32\igfxrnld.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    437760    ----a-w-    c:\windows\system32\igfxrptb.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    437760    ----a-w-    c:\windows\system32\igfxrnor.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    431104    ----a-w-    c:\windows\system32\igfxrkor.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    439808    ----a-w-    c:\windows\system32\igfxrfra.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438784    ----a-w-    c:\windows\system32\igfxrita.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438784    ----a-w-    c:\windows\system32\igfxrhrv.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438272    ----a-w-    c:\windows\system32\igfxrhun.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    435712    ----a-w-    c:\windows\system32\igfxrheb.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    432128    ----a-w-    c:\windows\system32\igfxrjpn.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    440320    ----a-w-    c:\windows\system32\igfxrell.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    439808    ----a-w-    c:\windows\system32\igfxresn.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438784    ----a-w-    c:\windows\system32\igfxrdeu.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438272    ----a-w-    c:\windows\system32\igfxrfin.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    438272    ----a-w-    c:\windows\system32\igfxrcsy.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    437248    ----a-w-    c:\windows\system32\igfxrdan.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    435712    ----a-w-    c:\windows\system32\igfxrara.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    429056    ----a-w-    c:\windows\system32\igfxrcht.lrc
    2012-12-12 21:43 . 2012-12-12 21:43    428544    ----a-w-    c:\windows\system32\igfxrchs.lrc
    2012-12-12 21:42 . 2011-07-02 00:16    384512    ----a-w-    c:\windows\system32\igfxpph.dll
    2012-12-12 21:42 . 2012-12-12 21:42    410112    ----a-w-    c:\windows\system32\igfxTMM.dll
    2012-12-12 21:42 . 2012-12-12 21:42    28672    ----a-w-    c:\windows\system32\igfxexps.dll
    2012-12-12 21:42 . 2012-12-12 21:42    126976    ----a-w-    c:\windows\system32\igfxcpl.cpl
    2012-12-12 21:42 . 2012-12-12 21:42    12615680    ----a-w-    c:\windows\system32\igdumd64.dll
    2012-12-12 21:42 . 2012-12-12 21:42    142336    ----a-w-    c:\windows\system32\igfxdo.dll
    2012-12-12 21:42 . 2012-12-12 21:42    5353888    ----a-w-    c:\windows\system32\drivers\igdkmd64.sys
    2012-12-12 21:42 . 2011-07-02 00:16    64000    ----a-w-    c:\windows\system32\igfxsrvc.dll
    2012-12-12 21:42 . 2012-12-12 21:42    80384    ----a-w-    c:\windows\system32\igdde64.dll
    2012-12-12 21:42 . 2011-07-02 00:15    110592    ----a-w-    c:\windows\system32\hccutils.dll
    2012-12-12 21:41 . 2012-12-12 21:41    9728    ----a-w-    c:\windows\system32\IGFXDEVLib.dll
    2012-12-12 21:41 . 2012-12-12 21:41    175104    ----a-w-    c:\windows\system32\gfxSrvc.dll
    2012-12-12 21:41 . 2012-10-22 22:40    442880    ----a-w-    c:\windows\system32\igfxdev.dll
    2012-12-12 21:41 . 2011-07-02 00:15    11049472    ----a-w-    c:\windows\SysWow64\igdumd32.dll
    2012-12-12 21:41 . 2012-12-12 21:41    286208    ----a-w-    c:\windows\system32\igfxrenu.lrc
    2012-12-12 21:41 . 2012-12-12 21:41    64512    ----a-w-    c:\windows\SysWow64\igdde32.dll
    2012-12-12 21:41 . 2011-07-02 00:16    9007616    ----a-w-    c:\windows\system32\igfxress.dll
    2012-12-12 21:40 . 2012-12-12 21:40    25088    ----a-w-    c:\windows\SysWow64\igfxexps32.dll
    2012-12-12 21:40 . 2012-12-12 21:40    13030400    ----a-w-    c:\windows\system32\ig4icd64.dll
    2012-12-12 21:40 . 2012-12-12 21:40    330752    ----a-w-    c:\windows\SysWow64\igfxdv32.dll
    2012-12-12 21:39 . 2012-12-12 21:39    10812416    ----a-w-    c:\windows\SysWow64\ig4icd32.dll
    2012-12-12 21:38 . 2012-12-12 21:38    640512    ----a-w-    c:\windows\SysWow64\igfxcmrt32.dll
    2012-12-12 21:38 . 2012-12-12 21:38    518656    ----a-w-    c:\windows\system32\igfxcmrt64.dll
    2012-12-12 21:38 . 2012-12-12 21:38    483840    ----a-w-    c:\windows\system32\igfx11cmrt64.dll
    2012-12-12 21:38 . 2012-12-12 21:38    459264    ----a-w-    c:\windows\SysWow64\igfx11cmrt32.dll
    2012-12-12 21:38 . 2012-12-12 21:38    3511296    ----a-w-    c:\windows\system32\igfxcmjit64.dll
    2012-12-12 21:38 . 2012-12-12 21:38    3121152    ----a-w-    c:\windows\SysWow64\igfxcmjit32.dll
    2012-12-07 13:20 . 2013-01-10 02:26    441856    ----a-w-    c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-10 02:26    2746368    ----a-w-    c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-10 02:26    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-10 02:26    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-10 02:26    30720    ----a-w-    c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-10 02:26    43520    ----a-w-    c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-10 02:26    23552    ----a-w-    c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-10 02:26    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-10 02:26    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-10 02:26    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-10 02:26    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-10 02:26    20480    ----a-w-    c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-10 02:26    46592    ----a-w-    c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-10 02:26    40960    ----a-w-    c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-10 02:26    21504    ----a-w-    c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-10 02:26    15360    ----a-w-    c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-10 02:26    55296    ----a-w-    c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-10 02:26    51712    ----a-w-    c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-10 02:26    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-10 02:26    30720    ----a-w-    c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-10 02:26    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-10 02:26    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-10 02:26    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-10 02:26    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "76C34C4F529FAADC3A9D6C7D5C900CABAB119D54._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-12-24 109336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-06-07 5521408]
    "Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
    "Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BTGuard Updates.lnk - c:\btguard\settings.exe [2011-11-15 1254912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-07-18 198144]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-05-21 111104]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-06-09 849408]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-09-29 75928]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
    R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-07-09 60928]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-11-29 35256]
    R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-08-23 272688]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2010-11-30 307304]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-11 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-07-18 659472]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-06-18 1095616]
    S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-06-18 1333184]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-06-18 1124288]
    S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-08-23 135984]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-28 1253376]
    S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
    S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe [2011-06-07 160768]
    S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
    S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-08-23 3342640]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-07-18 198144]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
    S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-11-29 25528]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
    S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys [2012-11-29 47072]
    S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys [2012-10-09 188896]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-31 03:40    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-16 15:46]
    .
    2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 00:09]
    .
    2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 00:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-22 11831400]
    "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-06-01 184112]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-06-18 11586944]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-08 172016]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-08 399856]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-08 441840]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://msi.msn.com
    mStart Page = hxxp://msi.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
    IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-VPNCheck - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-17  19:16:09
    ComboFix-quarantined-files.txt  2013-02-18 00:16
    .
    Pre-Run: 245,413,666,816 bytes free
    Post-Run: 246,411,198,464 bytes free
    .
    - - End Of File - - E1A40B6CE3A1E94A47483C931803EC49
     

    Attached Files



    #6 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:03:53 PM

    Posted 17 February 2013 - 07:32 PM

    Hi,

    How is your system running?

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #7 morganj23

    morganj23
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:53 PM

    Posted 17 February 2013 - 07:59 PM

    Hi Jeff,

     

    My computer is still being bogged down by something. When my computer starts, it's already using 45% of my physical memory. Up until a few months ago, it would never typically get that high, unless I'm using photoshop or something resource intensive. So there's a noticeable slowing down of my system that I can't pinpoint.

     

    Regards,

    Jim

    Attached Files

    • Attached File  2.jpg   55.04KB   8 downloads

    Edited by morganj23, 17 February 2013 - 07:59 PM.


    #8 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:03:53 PM

    Posted 17 February 2013 - 08:14 PM

    Please download TDSSKiller
  • Double click TDSSKiller.exe
  • Press Start Scan
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Do Not Attempt To Fix Anything Now.  We just need to look over the report and be sure we are removing the correct items.  
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

  • WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #9 morganj23

    morganj23
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:53 PM

    Posted 17 February 2013 - 08:21 PM

    Jeff,
     
    No threats were found. Log below. Thank you.
     
    Regards,
    Jim
     
     
    20:19:25.0108 2196  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    20:19:25.0520 2196  ============================================================
    20:19:25.0520 2196  Current date / time: 2013/02/17 20:19:25.0520
    20:19:25.0520 2196  SystemInfo:
    20:19:25.0520 2196  
    20:19:25.0520 2196  OS Version: 6.1.7601 ServicePack: 1.0
    20:19:25.0520 2196  Product type: Workstation
    20:19:25.0521 2196  ComputerName: JIM-MSI
    20:19:25.0521 2196  UserName: Jim
    20:19:25.0521 2196  Windows directory: C:\windows
    20:19:25.0521 2196  System windows directory: C:\windows
    20:19:25.0521 2196  Running under WOW64
    20:19:25.0521 2196  Processor architecture: Intel x64
    20:19:25.0521 2196  Number of processors: 8
    20:19:25.0521 2196  Page size: 0x1000
    20:19:25.0521 2196  Boot type: Normal boot
    20:19:25.0521 2196  ============================================================
    20:19:26.0139 2196  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:19:26.0183 2196  ============================================================
    20:19:26.0183 2196  \Device\Harddisk0\DR0:
    20:19:26.0183 2196  MBR partitions:
    20:19:26.0183 2196  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13EC800, BlocksNum 0x33A69000
    20:19:26.0183 2196  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34E55800, BlocksNum 0x226F0800
    20:19:26.0183 2196  ============================================================
    20:19:26.0207 2196  C: <-> \Device\Harddisk0\DR0\Partition1
    20:19:26.0251 2196  D: <-> \Device\Harddisk0\DR0\Partition2
    20:19:26.0251 2196  ============================================================
    20:19:26.0251 2196  Initialize success
    20:19:26.0251 2196  ============================================================
    20:19:39.0866 6688  ============================================================
    20:19:39.0866 6688  Scan started
    20:19:39.0866 6688  Mode: Manual; 
    20:19:39.0866 6688  ============================================================
    20:19:40.0025 6688  ================ Scan system memory ========================
    20:19:40.0025 6688  System memory - ok
    20:19:40.0026 6688  ================ Scan services =============================
    20:19:40.0135 6688  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
    20:19:40.0139 6688  1394ohci - ok
    20:19:40.0158 6688  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
    20:19:40.0163 6688  ACPI - ok
    20:19:40.0187 6688  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
    20:19:40.0189 6688  AcpiPmi - ok
    20:19:40.0288 6688  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    20:19:40.0291 6688  AdobeARMservice - ok
    20:19:40.0415 6688  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    20:19:40.0421 6688  AdobeFlashPlayerUpdateSvc - ok
    20:19:40.0439 6688  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
    20:19:40.0447 6688  adp94xx - ok
    20:19:40.0456 6688  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
    20:19:40.0462 6688  adpahci - ok
    20:19:40.0480 6688  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
    20:19:40.0483 6688  adpu320 - ok
    20:19:40.0507 6688  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
    20:19:40.0508 6688  AeLookupSvc - ok
    20:19:40.0539 6688  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
    20:19:40.0546 6688  AFD - ok
    20:19:40.0551 6688  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
    20:19:40.0553 6688  agp440 - ok
    20:19:40.0568 6688  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
    20:19:40.0571 6688  ALG - ok
    20:19:40.0583 6688  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
    20:19:40.0584 6688  aliide - ok
    20:19:40.0589 6688  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
    20:19:40.0591 6688  amdide - ok
    20:19:40.0595 6688  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
    20:19:40.0597 6688  AmdK8 - ok
    20:19:40.0602 6688  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
    20:19:40.0604 6688  AmdPPM - ok
    20:19:40.0617 6688  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
    20:19:40.0619 6688  amdsata - ok
    20:19:40.0626 6688  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
    20:19:40.0629 6688  amdsbs - ok
    20:19:40.0655 6688  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
    20:19:40.0656 6688  amdxata - ok
    20:19:40.0682 6688  [ 18A8E8A19CD826D31D2E74E740220001 ] AMPPAL          C:\windows\system32\DRIVERS\AMPPAL.sys
    20:19:40.0686 6688  AMPPAL - ok
    20:19:40.0693 6688  [ 18A8E8A19CD826D31D2E74E740220001 ] AMPPALP         C:\windows\system32\DRIVERS\amppal.sys
    20:19:40.0695 6688  AMPPALP - ok
    20:19:40.0778 6688  [ B4837176B2DBBC8E3D6F31D4853EEAEB ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    20:19:41.0735 6688  AMPPALR3 - ok
    20:19:41.0743 6688  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
    20:19:41.0746 6688  AppID - ok
    20:19:41.0761 6688  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
    20:19:41.0764 6688  AppIDSvc - ok
    20:19:41.0782 6688  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
    20:19:41.0785 6688  Appinfo - ok
    20:19:41.0835 6688  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:19:41.0838 6688  Apple Mobile Device - ok
    20:19:41.0851 6688  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\windows\System32\appmgmts.dll
    20:19:41.0856 6688  AppMgmt - ok
    20:19:41.0865 6688  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
    20:19:41.0868 6688  arc - ok
    20:19:41.0876 6688  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
    20:19:41.0879 6688  arcsas - ok
    20:19:41.0905 6688  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
    20:19:41.0906 6688  AsyncMac - ok
    20:19:41.0921 6688  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
    20:19:41.0922 6688  atapi - ok
    20:19:41.0958 6688  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\windows\system32\DRIVERS\athrx.sys
    20:19:41.0984 6688  athr - ok
    20:19:42.0008 6688  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    20:19:42.0020 6688  AudioEndpointBuilder - ok
    20:19:42.0031 6688  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
    20:19:42.0036 6688  AudioSrv - ok
    20:19:42.0057 6688  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
    20:19:42.0060 6688  AxInstSV - ok
    20:19:42.0078 6688  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
    20:19:42.0084 6688  b06bdrv - ok
    20:19:42.0111 6688  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
    20:19:42.0115 6688  b57nd60a - ok
    20:19:42.0188 6688  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    20:19:42.0193 6688  BBSvc - ok
    20:19:42.0216 6688  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    20:19:42.0221 6688  BBUpdate - ok
    20:19:42.0229 6688  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
    20:19:42.0232 6688  BDESVC - ok
    20:19:42.0245 6688  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
    20:19:42.0247 6688  Beep - ok
    20:19:42.0275 6688  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
    20:19:42.0288 6688  BFE - ok
    20:19:42.0323 6688  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
    20:19:42.0350 6688  BITS - ok
    20:19:42.0366 6688  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
    20:19:42.0368 6688  blbdrive - ok
    20:19:42.0461 6688  [ F9786A8C30798EB9FA64D226B08E6BF4 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    20:19:42.0853 6688  Bluetooth Device Monitor - ok
    20:19:42.0954 6688  [ 05043E2CD76CCEA2F71F56C2A16C4D85 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    20:19:43.0322 6688  Bluetooth Media Service - ok
    20:19:43.0371 6688  [ 120E270AE4C75459051AA1D56ECBDE49 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    20:19:43.0751 6688  Bluetooth OBEX Service - ok
    20:19:43.0836 6688  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:19:43.0846 6688  Bonjour Service - ok
    20:19:43.0871 6688  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
    20:19:43.0874 6688  bowser - ok
    20:19:43.0888 6688  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
    20:19:43.0890 6688  BrFiltLo - ok
    20:19:43.0896 6688  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
    20:19:43.0897 6688  BrFiltUp - ok
    20:19:43.0908 6688  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
    20:19:43.0911 6688  BridgeMP - ok
    20:19:43.0934 6688  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
    20:19:43.0938 6688  Browser - ok
    20:19:43.0947 6688  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
    20:19:43.0952 6688  Brserid - ok
    20:19:43.0957 6688  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
    20:19:43.0959 6688  BrSerWdm - ok
    20:19:43.0964 6688  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
    20:19:43.0965 6688  BrUsbMdm - ok
    20:19:43.0981 6688  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
    20:19:43.0982 6688  BrUsbSer - ok
    20:19:44.0033 6688  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
    20:19:44.0120 6688  BrYNSvc - ok
    20:19:44.0142 6688  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
    20:19:44.0143 6688  BthEnum - ok
    20:19:44.0146 6688  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
    20:19:44.0148 6688  BTHMODEM - ok
    20:19:44.0159 6688  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
    20:19:44.0161 6688  BthPan - ok
    20:19:44.0179 6688  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
    20:19:44.0184 6688  BTHPORT - ok
    20:19:44.0213 6688  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
    20:19:44.0215 6688  bthserv - ok
    20:19:44.0244 6688  [ B9D49E4288F56C053B4C12D2F9042948 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    20:19:44.0277 6688  BTHSSecurityMgr - ok
    20:19:44.0283 6688  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
    20:19:44.0285 6688  BTHUSB - ok
    20:19:44.0309 6688  [ CDDF1038B9046C6162F29C07A2E552FB ] btmaux          C:\windows\system32\DRIVERS\btmaux.sys
    20:19:44.0311 6688  btmaux - ok
    20:19:44.0361 6688  [ 34E3037D0316CEF153968D17D42CE097 ] btmhsf          C:\windows\system32\DRIVERS\btmhsf.sys
    20:19:44.0383 6688  btmhsf - ok
    20:19:44.0423 6688  catchme - ok
    20:19:44.0441 6688  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
    20:19:44.0443 6688  cdfs - ok
    20:19:44.0468 6688  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
    20:19:44.0471 6688  cdrom - ok
    20:19:44.0492 6688  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
    20:19:44.0494 6688  CertPropSvc - ok
    20:19:44.0505 6688  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
    20:19:44.0507 6688  circlass - ok
    20:19:44.0528 6688  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
    20:19:44.0533 6688  CLFS - ok
    20:19:44.0595 6688  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:19:44.0599 6688  clr_optimization_v2.0.50727_32 - ok
    20:19:44.0637 6688  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:19:44.0640 6688  clr_optimization_v2.0.50727_64 - ok
    20:19:44.0672 6688  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:19:44.0675 6688  clr_optimization_v4.0.30319_32 - ok
    20:19:44.0696 6688  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:19:44.0699 6688  clr_optimization_v4.0.30319_64 - ok
    20:19:44.0709 6688  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
    20:19:44.0710 6688  CmBatt - ok
    20:19:44.0715 6688  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
    20:19:44.0717 6688  cmdide - ok
    20:19:44.0761 6688  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
    20:19:44.0768 6688  CNG - ok
    20:19:44.0795 6688  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
    20:19:44.0796 6688  Compbatt - ok
    20:19:44.0817 6688  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
    20:19:44.0819 6688  CompositeBus - ok
    20:19:44.0823 6688  COMSysApp - ok
    20:19:44.0916 6688  [ 4F19119C392210244FC0108E76939DC5 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
    20:19:44.0923 6688  cphs - ok
    20:19:44.0989 6688  [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64        C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
    20:19:44.0991 6688  cpudrv64 - ok
    20:19:45.0007 6688  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
    20:19:45.0009 6688  crcdisk - ok
    20:19:45.0052 6688  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
    20:19:45.0056 6688  CryptSvc - ok
    20:19:45.0078 6688  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\windows\system32\drivers\csc.sys
    20:19:45.0087 6688  CSC - ok
    20:19:45.0139 6688  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\windows\System32\cscsvc.dll
    20:19:45.0154 6688  CscService - ok
    20:19:45.0189 6688  [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d            C:\windows\system32\DRIVERS\dc3d.sys
    20:19:45.0192 6688  dc3d - ok
    20:19:45.0225 6688  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
    20:19:45.0236 6688  DcomLaunch - ok
    20:19:45.0262 6688  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
    20:19:45.0268 6688  defragsvc - ok
    20:19:45.0285 6688  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
    20:19:45.0288 6688  DfsC - ok
    20:19:45.0306 6688  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
    20:19:45.0312 6688  Dhcp - ok
    20:19:45.0327 6688  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
    20:19:45.0329 6688  discache - ok
    20:19:45.0338 6688  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
    20:19:45.0340 6688  Disk - ok
    20:19:45.0353 6688  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\windows\system32\drivers\dmvsc.sys
    20:19:45.0356 6688  dmvsc - ok
    20:19:45.0372 6688  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
    20:19:45.0376 6688  Dnscache - ok
    20:19:45.0392 6688  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
    20:19:45.0398 6688  dot3svc - ok
    20:19:45.0409 6688  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
    20:19:45.0413 6688  DPS - ok
    20:19:45.0424 6688  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
    20:19:45.0425 6688  drmkaud - ok
    20:19:45.0457 6688  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
    20:19:45.0469 6688  DXGKrnl - ok
    20:19:45.0489 6688  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
    20:19:45.0492 6688  EapHost - ok
    20:19:45.0548 6688  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
    20:19:45.0600 6688  ebdrv - ok
    20:19:45.0629 6688  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
    20:19:45.0630 6688  EFS - ok
    20:19:45.0676 6688  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
    20:19:45.0702 6688  ehRecvr - ok
    20:19:45.0715 6688  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
    20:19:45.0719 6688  ehSched - ok
    20:19:45.0757 6688  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
    20:19:45.0765 6688  elxstor - ok
    20:19:45.0769 6688  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
    20:19:45.0770 6688  ErrDev - ok
    20:19:45.0800 6688  [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
    20:19:45.0802 6688  ETD - ok
    20:19:45.0835 6688  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
    20:19:45.0842 6688  EventSystem - ok
    20:19:45.0902 6688  [ 770B15B8261A444B817F296EC27CE71E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    20:19:45.0942 6688  EvtEng - ok
    20:19:45.0960 6688  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
    20:19:45.0964 6688  exfat - ok
    20:19:46.0004 6688  Fabs - ok
    20:19:46.0021 6688  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
    20:19:46.0024 6688  fastfat - ok
    20:19:46.0054 6688  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
    20:19:46.0063 6688  Fax - ok
    20:19:46.0086 6688  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
    20:19:46.0087 6688  fdc - ok
    20:19:46.0102 6688  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
    20:19:46.0103 6688  fdPHost - ok
    20:19:46.0115 6688  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
    20:19:46.0117 6688  FDResPub - ok
    20:19:46.0124 6688  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
    20:19:46.0125 6688  FileInfo - ok
    20:19:46.0134 6688  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
    20:19:46.0136 6688  Filetrace - ok
    20:19:46.0206 6688  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
    20:19:46.0335 6688  FirebirdServerMAGIXInstance - ok
    20:19:46.0340 6688  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
    20:19:46.0341 6688  flpydisk - ok
    20:19:46.0360 6688  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
    20:19:46.0363 6688  FltMgr - ok
    20:19:46.0396 6688  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
    20:19:46.0431 6688  FontCache - ok
    20:19:46.0487 6688  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:19:46.0490 6688  FontCache3.0.0.0 - ok
    20:19:46.0542 6688  [ 81B4A2C6C9BD17FFB6031A0A61C09764 ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    20:19:46.0547 6688  FreeAgentGoNext Service - ok
    20:19:46.0555 6688  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
    20:19:46.0558 6688  FsDepends - ok
    20:19:46.0580 6688  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
    20:19:46.0582 6688  Fs_Rec - ok
    20:19:46.0637 6688  [ 79B4CDE2B69ED8BA4011859780A66A4D ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    20:19:46.0687 6688  Futuremark SystemInfo Service - ok
    20:19:46.0721 6688  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
    20:19:46.0723 6688  fvevol - ok
    20:19:46.0742 6688  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
    20:19:46.0743 6688  gagp30kx - ok
    20:19:46.0762 6688  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    20:19:46.0763 6688  GEARAspiWDM - ok
    20:19:46.0784 6688  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
    20:19:46.0807 6688  gpsvc - ok
    20:19:46.0858 6688  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:19:46.0860 6688  gupdate - ok
    20:19:46.0873 6688  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:19:46.0876 6688  gupdatem - ok
    20:19:46.0896 6688  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
    20:19:46.0898 6688  hcw85cir - ok
    20:19:46.0923 6688  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    20:19:46.0929 6688  HdAudAddService - ok
    20:19:46.0947 6688  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
    20:19:46.0949 6688  HDAudBus - ok
    20:19:46.0953 6688  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
    20:19:46.0955 6688  HidBatt - ok
    20:19:46.0973 6688  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
    20:19:46.0976 6688  HidBth - ok
    20:19:46.0987 6688  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
    20:19:46.0989 6688  HidIr - ok
    20:19:47.0002 6688  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
    20:19:47.0004 6688  hidserv - ok
    20:19:47.0008 6688  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
    20:19:47.0022 6688  HidUsb - ok
    20:19:47.0044 6688  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
    20:19:47.0046 6688  hkmsvc - ok
    20:19:47.0059 6688  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    20:19:47.0064 6688  HomeGroupListener - ok
    20:19:47.0086 6688  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    20:19:47.0091 6688  HomeGroupProvider - ok
    20:19:47.0107 6688  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
    20:19:47.0109 6688  HpSAMD - ok
    20:19:47.0146 6688  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
    20:19:47.0160 6688  HTTP - ok
    20:19:47.0198 6688  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
    20:19:47.0200 6688  hwpolicy - ok
    20:19:47.0216 6688  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
    20:19:47.0220 6688  i8042prt - ok
    20:19:47.0250 6688  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\drivers\iaStor.sys
    20:19:47.0256 6688  iaStor - ok
    20:19:47.0296 6688  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    20:19:47.0297 6688  IAStorDataMgrSvc - ok
    20:19:47.0320 6688  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
    20:19:47.0328 6688  iaStorV - ok
    20:19:47.0354 6688  [ 4DB19292560B697698C50CC1A765E6B1 ] iBtFltCoex      C:\windows\system32\DRIVERS\iBtFltCoex.sys
    20:19:47.0357 6688  iBtFltCoex - ok
    20:19:47.0395 6688  [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
    20:19:47.0399 6688  ICCS - ok
    20:19:47.0461 6688  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:19:47.0487 6688  idsvc - ok
    20:19:47.0617 6688  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
    20:19:47.0753 6688  igfx - ok
    20:19:47.0779 6688  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
    20:19:47.0781 6688  iirsp - ok
    20:19:47.0812 6688  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
    20:19:47.0820 6688  IKEEXT - ok
    20:19:47.0867 6688  [ 314285071F7117263BD246E35C17FD82 ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
    20:19:47.0868 6688  intaud_WaveExtensible - ok
    20:19:47.0957 6688  [ F164A1D46A3848A18A44F8ACB12961BD ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
    20:19:47.0976 6688  IntcAzAudAddService - ok
    20:19:48.0000 6688  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
    20:19:48.0012 6688  IntcDAud - ok
    20:19:48.0026 6688  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
    20:19:48.0027 6688  intelide - ok
    20:19:48.0046 6688  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
    20:19:48.0047 6688  intelppm - ok
    20:19:48.0105 6688  [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    20:19:48.0107 6688  IntuitUpdateServiceV4 - ok
    20:19:48.0133 6688  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
    20:19:48.0136 6688  IPBusEnum - ok
    20:19:48.0140 6688  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
    20:19:48.0141 6688  IpFilterDriver - ok
    20:19:48.0172 6688  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
    20:19:48.0179 6688  iphlpsvc - ok
    20:19:48.0182 6688  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
    20:19:48.0184 6688  IPMIDRV - ok
    20:19:48.0197 6688  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
    20:19:48.0199 6688  IPNAT - ok
    20:19:48.0250 6688  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
    20:19:48.0267 6688  iPod Service - ok
    20:19:48.0289 6688  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
    20:19:48.0290 6688  IRENUM - ok
    20:19:48.0294 6688  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
    20:19:48.0295 6688  isapnp - ok
    20:19:48.0313 6688  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
    20:19:48.0317 6688  iScsiPrt - ok
    20:19:48.0347 6688  [ 4487AD9C070D3973FE28AB4406555FC6 ] iwdbus          C:\windows\system32\DRIVERS\iwdbus.sys
    20:19:48.0348 6688  iwdbus - ok
    20:19:48.0356 6688  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
    20:19:48.0357 6688  kbdclass - ok
    20:19:48.0372 6688  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
    20:19:48.0374 6688  kbdhid - ok
    20:19:48.0395 6688  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
    20:19:48.0396 6688  KeyIso - ok
    20:19:48.0435 6688  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
    20:19:48.0437 6688  KSecDD - ok
    20:19:48.0454 6688  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
    20:19:48.0458 6688  KSecPkg - ok
    20:19:48.0469 6688  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
    20:19:48.0471 6688  ksthunk - ok
    20:19:48.0489 6688  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
    20:19:48.0498 6688  KtmRm - ok
    20:19:48.0538 6688  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
    20:19:48.0545 6688  LanmanServer - ok
    20:19:48.0561 6688  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    20:19:48.0565 6688  LanmanWorkstation - ok
    20:19:48.0591 6688  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
    20:19:48.0593 6688  lltdio - ok
    20:19:48.0616 6688  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
    20:19:48.0622 6688  lltdsvc - ok
    20:19:48.0634 6688  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
    20:19:48.0637 6688  lmhosts - ok
    20:19:48.0687 6688  [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    20:19:48.0694 6688  LMS - ok
    20:19:48.0727 6688  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
    20:19:48.0730 6688  LSI_FC - ok
    20:19:48.0736 6688  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
    20:19:48.0739 6688  LSI_SAS - ok
    20:19:48.0744 6688  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
    20:19:48.0746 6688  LSI_SAS2 - ok
    20:19:48.0752 6688  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
    20:19:48.0754 6688  LSI_SCSI - ok
    20:19:48.0771 6688  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
    20:19:48.0773 6688  luafv - ok
    20:19:48.0788 6688  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\windows\system32\drivers\MBfilt64.sys
    20:19:48.0789 6688  MBfilt - ok
    20:19:48.0816 6688  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
    20:19:48.0821 6688  Mcx2Svc - ok
    20:19:48.0829 6688  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
    20:19:48.0832 6688  megasas - ok
    20:19:48.0854 6688  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
    20:19:48.0862 6688  MegaSR - ok
    20:19:48.0876 6688  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\drivers\HECIx64.sys
    20:19:48.0878 6688  MEIx64 - ok
    20:19:48.0895 6688  MGHwCtrl - ok
    20:19:48.0930 6688  [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM  C:\Program Files (x86)\S-Bar\MSIService.exe
    20:19:49.0009 6688  Micro Star SCM - ok
    20:19:49.0075 6688  Microsoft SharePoint Workspace Audit Service - ok
    20:19:49.0102 6688  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
    20:19:49.0107 6688  MMCSS - ok
    20:19:49.0115 6688  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
    20:19:49.0118 6688  Modem - ok
    20:19:49.0163 6688  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
    20:19:49.0199 6688  monitor - ok
    20:19:49.0240 6688  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
    20:19:49.0241 6688  mouclass - ok
    20:19:49.0258 6688  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
    20:19:49.0260 6688  mouhid - ok
    20:19:49.0273 6688  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
    20:19:49.0275 6688  mountmgr - ok
    20:19:49.0321 6688  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
    20:19:49.0327 6688  MpFilter - ok
    20:19:49.0345 6688  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
    20:19:49.0350 6688  mpio - ok
    20:19:49.0366 6688  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
    20:19:49.0369 6688  mpsdrv - ok
    20:19:49.0401 6688  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
    20:19:49.0427 6688  MpsSvc - ok
    20:19:49.0450 6688  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
    20:19:49.0455 6688  MRxDAV - ok
    20:19:49.0495 6688  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
    20:19:49.0500 6688  mrxsmb - ok
    20:19:49.0524 6688  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
    20:19:49.0531 6688  mrxsmb10 - ok
    20:19:49.0549 6688  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
    20:19:49.0553 6688  mrxsmb20 - ok
    20:19:49.0570 6688  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
    20:19:49.0573 6688  msahci - ok
    20:19:49.0583 6688  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
    20:19:49.0587 6688  msdsm - ok
    20:19:49.0602 6688  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
    20:19:49.0608 6688  MSDTC - ok
    20:19:49.0627 6688  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
    20:19:49.0629 6688  Msfs - ok
    20:19:49.0642 6688  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
    20:19:49.0643 6688  mshidkmdf - ok
    20:19:49.0691 6688  [ 87B9DAF6D123EC06C19B41D5295441AD ] MSI Foundation Service C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
    20:19:49.0714 6688  MSI Foundation Service - ok
    20:19:49.0724 6688  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
    20:19:49.0725 6688  msisadrv - ok
    20:19:49.0736 6688  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
    20:19:49.0740 6688  MSiSCSI - ok
    20:19:49.0743 6688  msiserver - ok
    20:19:49.0764 6688  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
    20:19:49.0766 6688  MSKSSRV - ok
    20:19:49.0792 6688  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
    20:19:49.0793 6688  MsMpSvc - ok
    20:19:49.0797 6688  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
    20:19:49.0798 6688  MSPCLOCK - ok
    20:19:49.0801 6688  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
    20:19:49.0803 6688  MSPQM - ok
    20:19:49.0816 6688  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
    20:19:49.0821 6688  MsRPC - ok
    20:19:49.0834 6688  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
    20:19:49.0835 6688  mssmbios - ok
    20:19:49.0848 6688  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
    20:19:49.0850 6688  MSTEE - ok
    20:19:49.0858 6688  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
    20:19:49.0860 6688  MTConfig - ok
    20:19:49.0876 6688  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
    20:19:49.0877 6688  Mup - ok
    20:19:49.0921 6688  [ 7B5094DF1671E35D2F2EDDBF12D3D77D ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    20:19:49.0975 6688  MyWiFiDHCPDNS - ok
    20:19:49.0995 6688  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
    20:19:50.0000 6688  napagent - ok
    20:19:50.0034 6688  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
    20:19:50.0042 6688  NativeWifiP - ok
    20:19:50.0098 6688  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
    20:19:50.0124 6688  NDIS - ok
    20:19:50.0142 6688  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
    20:19:50.0144 6688  NdisCap - ok
    20:19:50.0160 6688  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
    20:19:50.0162 6688  NdisTapi - ok
    20:19:50.0172 6688  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
    20:19:50.0174 6688  Ndisuio - ok
    20:19:50.0187 6688  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
    20:19:50.0191 6688  NdisWan - ok
    20:19:50.0206 6688  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
    20:19:50.0208 6688  NDProxy - ok
    20:19:50.0218 6688  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
    20:19:50.0220 6688  NetBIOS - ok
    20:19:50.0237 6688  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
    20:19:50.0241 6688  NetBT - ok
    20:19:50.0270 6688  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
    20:19:50.0271 6688  Netlogon - ok
    20:19:50.0298 6688  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
    20:19:50.0304 6688  Netman - ok
    20:19:50.0326 6688  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
    20:19:50.0333 6688  netprofm - ok
    20:19:50.0353 6688  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:19:50.0356 6688  NetTcpPortSharing - ok
    20:19:50.0563 6688  [ 62A8A81674F71B76289E460615A0AC73 ] NETwNs64        C:\windows\system32\DRIVERS\Netwsw00.sys
    20:19:50.0746 6688  NETwNs64 - ok
    20:19:50.0760 6688  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
    20:19:50.0761 6688  nfrd960 - ok
    20:19:50.0778 6688  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
    20:19:50.0779 6688  NisDrv - ok
    20:19:50.0804 6688  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
    20:19:50.0808 6688  NisSrv - ok
    20:19:50.0832 6688  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
    20:19:50.0839 6688  NlaSvc - ok
    20:19:50.0854 6688  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
    20:19:50.0855 6688  Npfs - ok
    20:19:50.0862 6688  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
    20:19:50.0864 6688  nsi - ok
    20:19:50.0872 6688  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
    20:19:50.0873 6688  nsiproxy - ok
    20:19:50.0943 6688  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
    20:19:50.0976 6688  Ntfs - ok
    20:19:51.0021 6688  [ 317020D31F1696334679B9D0416EB62E ] NuidFltr        C:\windows\system32\DRIVERS\NuidFltr.sys
    20:19:51.0023 6688  NuidFltr - ok
    20:19:51.0039 6688  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
    20:19:51.0040 6688  Null - ok
    20:19:51.0059 6688  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\windows\system32\drivers\nusb3hub.sys
    20:19:51.0061 6688  nusb3hub - ok
    20:19:51.0075 6688  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\windows\system32\drivers\nusb3xhc.sys
    20:19:51.0078 6688  nusb3xhc - ok
    20:19:51.0096 6688  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
    20:19:51.0100 6688  nvraid - ok
    20:19:51.0105 6688  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
    20:19:51.0109 6688  nvstor - ok
    20:19:51.0118 6688  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
    20:19:51.0121 6688  nv_agp - ok
    20:19:51.0127 6688  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
    20:19:51.0129 6688  ohci1394 - ok
    20:19:51.0186 6688  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:19:51.0190 6688  ose - ok
    20:19:51.0344 6688  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    20:19:51.0466 6688  osppsvc - ok
    20:19:51.0502 6688  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
    20:19:51.0507 6688  p2pimsvc - ok
    20:19:51.0532 6688  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
    20:19:51.0539 6688  p2psvc - ok
    20:19:51.0543 6688  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
    20:19:51.0545 6688  Parport - ok
    20:19:51.0561 6688  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
    20:19:51.0563 6688  partmgr - ok
    20:19:51.0573 6688  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
    20:19:51.0577 6688  PcaSvc - ok
    20:19:51.0591 6688  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
    20:19:51.0593 6688  pci - ok
    20:19:51.0606 6688  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
    20:19:51.0608 6688  pciide - ok
    20:19:51.0624 6688  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
    20:19:51.0628 6688  pcmcia - ok
    20:19:51.0638 6688  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
    20:19:51.0639 6688  pcw - ok
    20:19:51.0657 6688  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
    20:19:51.0664 6688  PEAUTH - ok
    20:19:51.0691 6688  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
    20:19:51.0716 6688  PeerDistSvc - ok
    20:19:51.0781 6688  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
    20:19:51.0784 6688  PerfHost - ok
    20:19:51.0842 6688  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
    20:19:51.0877 6688  pla - ok
    20:19:51.0910 6688  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
    20:19:51.0920 6688  PlugPlay - ok
    20:19:51.0937 6688  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
    20:19:51.0941 6688  PNRPAutoReg - ok
    20:19:51.0952 6688  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
    20:19:51.0958 6688  PNRPsvc - ok
    20:19:52.0007 6688  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\windows\system32\DRIVERS\point64.sys
    20:19:52.0010 6688  Point64 - ok
    20:19:52.0040 6688  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
    20:19:52.0050 6688  PolicyAgent - ok
    20:19:52.0068 6688  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
    20:19:52.0072 6688  Power - ok
    20:19:52.0086 6688  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
    20:19:52.0088 6688  PptpMiniport - ok
    20:19:52.0101 6688  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
    20:19:52.0102 6688  Processor - ok
    20:19:52.0141 6688  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
    20:19:52.0147 6688  ProfSvc - ok
    20:19:52.0154 6688  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    20:19:52.0158 6688  ProtectedStorage - ok
    20:19:52.0179 6688  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
    20:19:52.0180 6688  Psched - ok
    20:19:52.0231 6688  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
    20:19:52.0265 6688  ql2300 - ok
    20:19:52.0277 6688  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
    20:19:52.0280 6688  ql40xx - ok
    20:19:52.0304 6688  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
    20:19:52.0309 6688  QWAVE - ok
    20:19:52.0317 6688  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
    20:19:52.0319 6688  QWAVEdrv - ok
    20:19:52.0323 6688  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
    20:19:52.0324 6688  RasAcd - ok
    20:19:52.0332 6688  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
    20:19:52.0333 6688  RasAgileVpn - ok
    20:19:52.0346 6688  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
    20:19:52.0349 6688  RasAuto - ok
    20:19:52.0357 6688  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
    20:19:52.0359 6688  Rasl2tp - ok
    20:19:52.0375 6688  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
    20:19:52.0380 6688  RasMan - ok
    20:19:52.0395 6688  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
    20:19:52.0396 6688  RasPppoe - ok
    20:19:52.0400 6688  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
    20:19:52.0402 6688  RasSstp - ok
    20:19:52.0412 6688  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
    20:19:52.0416 6688  rdbss - ok
    20:19:52.0429 6688  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
    20:19:52.0430 6688  rdpbus - ok
    20:19:52.0469 6688  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
    20:19:52.0470 6688  RDPCDD - ok
    20:19:52.0482 6688  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
    20:19:52.0485 6688  RDPDR - ok
    20:19:52.0508 6688  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
    20:19:52.0509 6688  RDPENCDD - ok
    20:19:52.0545 6688  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
    20:19:52.0545 6688  RDPREFMP - ok
    20:19:52.0632 6688  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
    20:19:52.0637 6688  RDPWD - ok
    20:19:52.0653 6688  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
    20:19:52.0655 6688  rdyboost - ok
    20:19:52.0711 6688  [ 992E3160D3AB2D8F083B6808D73A4016 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    20:19:52.0768 6688  RegSrvc - ok
    20:19:52.0782 6688  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
    20:19:52.0785 6688  RemoteAccess - ok
    20:19:52.0798 6688  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
    20:19:52.0802 6688  RemoteRegistry - ok
    20:19:52.0831 6688  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
    20:19:52.0834 6688  RFCOMM - ok
    20:19:52.0846 6688  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
    20:19:52.0849 6688  RpcEptMapper - ok
    20:19:52.0863 6688  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
    20:19:52.0865 6688  RpcLocator - ok
    20:19:52.0882 6688  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
    20:19:52.0887 6688  RpcSs - ok
    20:19:52.0903 6688  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
    20:19:52.0905 6688  rspndr - ok
    20:19:52.0934 6688  [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR      C:\windows\System32\Drivers\RtsUVStor.sys
    20:19:52.0942 6688  RSUSBVSTOR - ok
    20:19:52.0971 6688  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
    20:19:52.0979 6688  RTL8167 - ok
    20:19:52.0995 6688  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
    20:19:52.0997 6688  s3cap - ok
    20:19:53.0012 6688  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
    20:19:53.0015 6688  SamSs - ok
    20:19:53.0030 6688  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
    20:19:53.0034 6688  sbp2port - ok
    20:19:53.0053 6688  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
    20:19:53.0059 6688  SCardSvr - ok
    20:19:53.0074 6688  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
    20:19:53.0076 6688  scfilter - ok
    20:19:53.0109 6688  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
    20:19:53.0144 6688  Schedule - ok
    20:19:53.0192 6688  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
    20:19:53.0195 6688  SCPolicySvc - ok
    20:19:53.0214 6688  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
    20:19:53.0222 6688  SDRSVC - ok
    20:19:53.0238 6688  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
    20:19:53.0240 6688  secdrv - ok
    20:19:53.0254 6688  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
    20:19:53.0257 6688  seclogon - ok
    20:19:53.0266 6688  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
    20:19:53.0270 6688  SENS - ok
    20:19:53.0288 6688  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
    20:19:53.0291 6688  SensrSvc - ok
    20:19:53.0308 6688  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
    20:19:53.0310 6688  Serenum - ok
    20:19:53.0315 6688  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
    20:19:53.0318 6688  Serial - ok
    20:19:53.0323 6688  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
    20:19:53.0325 6688  sermouse - ok
    20:19:53.0338 6688  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
    20:19:53.0342 6688  SessionEnv - ok
    20:19:53.0345 6688  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
    20:19:53.0346 6688  sffdisk - ok
    20:19:53.0349 6688  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
    20:19:53.0350 6688  sffp_mmc - ok
    20:19:53.0353 6688  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
    20:19:53.0354 6688  sffp_sd - ok
    20:19:53.0357 6688  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
    20:19:53.0358 6688  sfloppy - ok
    20:19:53.0381 6688  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
    20:19:53.0386 6688  SharedAccess - ok
    20:19:53.0403 6688  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    20:19:53.0409 6688  ShellHWDetection - ok
    20:19:53.0415 6688  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
    20:19:53.0417 6688  SiSRaid2 - ok
    20:19:53.0420 6688  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
    20:19:53.0422 6688  SiSRaid4 - ok
    20:19:53.0448 6688  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
    20:19:53.0450 6688  Smb - ok
    20:19:53.0464 6688  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
    20:19:53.0466 6688  SNMPTRAP - ok
    20:19:53.0471 6688  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
    20:19:53.0472 6688  spldr - ok
    20:19:53.0502 6688  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
    20:19:53.0509 6688  Spooler - ok
    20:19:53.0563 6688  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
    20:19:53.0623 6688  sppsvc - ok
    20:19:53.0630 6688  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
    20:19:53.0633 6688  sppuinotify - ok
    20:19:53.0657 6688  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
    20:19:53.0662 6688  srv - ok
    20:19:53.0676 6688  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
    20:19:53.0681 6688  srv2 - ok
    20:19:53.0690 6688  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
    20:19:53.0693 6688  srvnet - ok
    20:19:53.0719 6688  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
    20:19:53.0723 6688  SSDPSRV - ok
    20:19:53.0730 6688  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
    20:19:53.0732 6688  SstpSvc - ok
    20:19:53.0747 6688  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
    20:19:53.0748 6688  stexstor - ok
    20:19:53.0776 6688  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
    20:19:53.0783 6688  stisvc - ok
    20:19:53.0796 6688  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
    20:19:53.0797 6688  storflt - ok
    20:19:53.0805 6688  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\windows\system32\storsvc.dll
    20:19:53.0807 6688  StorSvc - ok
    20:19:53.0814 6688  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\windows\system32\drivers\storvsc.sys
    20:19:53.0816 6688  storvsc - ok
    20:19:53.0828 6688  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
    20:19:53.0829 6688  swenum - ok
    20:19:53.0932 6688  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    20:19:53.0944 6688  SwitchBoard - ok
    20:19:53.0962 6688  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
    20:19:53.0971 6688  swprv - ok
    20:19:54.0008 6688  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
    20:19:54.0043 6688  SysMain - ok
    20:19:54.0058 6688  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    20:19:54.0061 6688  TabletInputService - ok
    20:19:54.0075 6688  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
    20:19:54.0081 6688  TapiSrv - ok
    20:19:54.0099 6688  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
    20:19:54.0102 6688  TBS - ok
    20:19:54.0178 6688  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
    20:19:54.0211 6688  Tcpip - ok
    20:19:54.0242 6688  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
    20:19:54.0251 6688  TCPIP6 - ok
    20:19:54.0271 6688  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
    20:19:54.0272 6688  tcpipreg - ok
    20:19:54.0290 6688  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
    20:19:54.0291 6688  TDPIPE - ok
    20:19:54.0329 6688  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
    20:19:54.0330 6688  TDTCP - ok
    20:19:54.0345 6688  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
    20:19:54.0349 6688  tdx - ok
    20:19:54.0366 6688  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
    20:19:54.0368 6688  TermDD - ok
    20:19:54.0400 6688  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
    20:19:54.0425 6688  TermService - ok
    20:19:54.0439 6688  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
    20:19:54.0443 6688  Themes - ok
    20:19:54.0461 6688  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
    20:19:54.0463 6688  THREADORDER - ok
    20:19:54.0477 6688  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
    20:19:54.0482 6688  TrkWks - ok
    20:19:54.0500 6688  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\windows\system32\drivers\truecrypt.sys
    20:19:54.0503 6688  truecrypt - ok
    20:19:54.0544 6688  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    20:19:54.0549 6688  TrustedInstaller - ok
    20:19:54.0568 6688  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
    20:19:54.0571 6688  tssecsrv - ok
    20:19:54.0587 6688  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
    20:19:54.0590 6688  TsUsbFlt - ok
    20:19:54.0597 6688  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
    20:19:54.0599 6688  TsUsbGD - ok
    20:19:54.0618 6688  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
    20:19:54.0620 6688  tunnel - ok
    20:19:54.0645 6688  [ 48743B69EA47C020A792D8649F753F44 ] TurboB          C:\windows\system32\DRIVERS\TurboB.sys
    20:19:54.0655 6688  TurboB - ok
    20:19:54.0686 6688  [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    20:19:54.0735 6688  TurboBoost - ok
    20:19:54.0740 6688  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
    20:19:54.0742 6688  uagp35 - ok
    20:19:54.0749 6688  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
    20:19:54.0754 6688  udfs - ok
    20:19:54.0763 6688  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
    20:19:54.0767 6688  UI0Detect - ok
    20:19:54.0788 6688  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
    20:19:54.0790 6688  uliagpkx - ok
    20:19:54.0808 6688  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
    20:19:54.0809 6688  umbus - ok
    20:19:54.0829 6688  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
    20:19:54.0831 6688  UmPass - ok
    20:19:54.0844 6688  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\windows\System32\umrdp.dll
    20:19:54.0849 6688  UmRdpService - ok
    20:19:54.0937 6688  [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    20:19:54.0995 6688  UNS - ok
    20:19:55.0005 6688  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
    20:19:55.0010 6688  upnphost - ok
    20:19:55.0036 6688  [ 8047D8AFA070A4C3B9FCBDBF77A84C45 ] usb3Hub         C:\windows\system32\DRIVERS\usb3Hub.sys
    20:19:55.0037 6688  usb3Hub - ok
    20:19:55.0068 6688  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
    20:19:55.0078 6688  USBAAPL64 - ok
    20:19:55.0087 6688  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
    20:19:55.0089 6688  usbccgp - ok
    20:19:55.0098 6688  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
    20:19:55.0100 6688  usbcir - ok
    20:19:55.0113 6688  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
    20:19:55.0115 6688  usbehci - ok
    20:19:55.0124 6688  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
    20:19:55.0128 6688  usbhub - ok
    20:19:55.0151 6688  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
    20:19:55.0152 6688  usbohci - ok
    20:19:55.0166 6688  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
    20:19:55.0168 6688  usbprint - ok
    20:19:55.0183 6688  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
    20:19:55.0191 6688  USBSTOR - ok
    20:19:55.0194 6688  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
    20:19:55.0195 6688  usbuhci - ok
    20:19:55.0217 6688  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
    20:19:55.0220 6688  usbvideo - ok
    20:19:55.0228 6688  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
    20:19:55.0231 6688  UxSms - ok
    20:19:55.0237 6688  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
    20:19:55.0238 6688  VaultSvc - ok
    20:19:55.0251 6688  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
    20:19:55.0252 6688  vdrvroot - ok
    20:19:55.0278 6688  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
    20:19:55.0285 6688  vds - ok
    20:19:55.0319 6688  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
    20:19:55.0320 6688  vga - ok
    20:19:55.0337 6688  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
    20:19:55.0339 6688  VgaSave - ok
    20:19:55.0356 6688  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
    20:19:55.0360 6688  vhdmp - ok
    20:19:55.0363 6688  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
    20:19:55.0364 6688  viaide - ok
    20:19:55.0372 6688  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\windows\system32\drivers\vmbus.sys
    20:19:55.0375 6688  vmbus - ok
    20:19:55.0386 6688  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
    20:19:55.0388 6688  VMBusHID - ok
    20:19:55.0401 6688  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
    20:19:55.0403 6688  volmgr - ok
    20:19:55.0417 6688  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
    20:19:55.0422 6688  volmgrx - ok
    20:19:55.0439 6688  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
    20:19:55.0443 6688  volsnap - ok
    20:19:55.0469 6688  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
    20:19:55.0472 6688  vsmraid - ok
    20:19:55.0506 6688  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
    20:19:55.0540 6688  VSS - ok
    20:19:55.0555 6688  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
    20:19:55.0556 6688  vwifibus - ok
    20:19:55.0566 6688  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
    20:19:55.0568 6688  vwififlt - ok
    20:19:55.0593 6688  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
    20:19:55.0595 6688  vwifimp - ok
    20:19:55.0608 6688  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
    20:19:55.0615 6688  W32Time - ok
    20:19:55.0621 6688  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
    20:19:55.0623 6688  WacomPen - ok
    20:19:55.0646 6688  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
    20:19:55.0648 6688  WANARP - ok
    20:19:55.0652 6688  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
    20:19:55.0653 6688  Wanarpv6 - ok
    20:19:55.0699 6688  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
    20:19:55.0726 6688  WatAdminSvc - ok
    20:19:55.0762 6688  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
    20:19:55.0796 6688  wbengine - ok
    20:19:55.0812 6688  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
    20:19:55.0817 6688  WbioSrvc - ok
    20:19:55.0830 6688  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
    20:19:55.0837 6688  wcncsvc - ok
    20:19:55.0847 6688  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    20:19:55.0850 6688  WcsPlugInService - ok
    20:19:55.0854 6688  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
    20:19:55.0856 6688  Wd - ok
    20:19:55.0880 6688  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
    20:19:55.0889 6688  Wdf01000 - ok
    20:19:55.0899 6688  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
    20:19:55.0903 6688  WdiServiceHost - ok
    20:19:55.0906 6688  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
    20:19:55.0909 6688  WdiSystemHost - ok
    20:19:55.0919 6688  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
    20:19:55.0925 6688  WebClient - ok
    20:19:55.0938 6688  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
    20:19:55.0944 6688  Wecsvc - ok
    20:19:55.0954 6688  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
    20:19:55.0957 6688  wercplsupport - ok
    20:19:55.0978 6688  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
    20:19:55.0981 6688  WerSvc - ok
    20:19:55.0991 6688  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
    20:19:55.0992 6688  WfpLwf - ok
    20:19:55.0996 6688  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
    20:19:55.0998 6688  WIMMount - ok
    20:19:56.0017 6688  WinDefend - ok
    20:19:56.0022 6688  WinHttpAutoProxySvc - ok
    20:19:56.0075 6688  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
    20:19:56.0082 6688  Winmgmt - ok
    20:19:56.0140 6688  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
    20:19:56.0187 6688  WinRM - ok
    20:19:56.0217 6688  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
    20:19:56.0218 6688  WinUsb - ok
    20:19:56.0244 6688  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
    20:19:56.0255 6688  Wlansvc - ok
    20:19:56.0286 6688  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    20:19:56.0288 6688  wlcrasvc - ok
    20:19:56.0384 6688  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    20:19:56.0433 6688  wlidsvc - ok
    20:19:56.0464 6688  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
    20:19:56.0465 6688  WmiAcpi - ok
    20:19:56.0476 6688  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
    20:19:56.0479 6688  wmiApSrv - ok
    20:19:56.0503 6688  WMPNetworkSvc - ok
    20:19:56.0511 6688  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
    20:19:56.0514 6688  WPCSvc - ok
    20:19:56.0523 6688  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
    20:19:56.0526 6688  WPDBusEnum - ok
    20:19:56.0535 6688  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
    20:19:56.0537 6688  ws2ifsl - ok
    20:19:56.0554 6688  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
    20:19:56.0557 6688  wscsvc - ok
    20:19:56.0560 6688  WSearch - ok
    20:19:56.0645 6688  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
    20:19:56.0695 6688  wuauserv - ok
    20:19:56.0715 6688  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
    20:19:56.0717 6688  WudfPf - ok
    20:19:56.0729 6688  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
    20:19:56.0732 6688  WUDFRd - ok
    20:19:56.0748 6688  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
    20:19:56.0751 6688  wudfsvc - ok
    20:19:56.0765 6688  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
    20:19:56.0769 6688  WwanSvc - ok
    20:19:56.0822 6688  [ 24E57041608ED6A9D7FDAD0D9EC214E2 ] XHCIPort        C:\windows\system32\DRIVERS\XHCIPort.sys
    20:19:56.0825 6688  XHCIPort - ok
    20:19:56.0936 6688  [ 9FA1347D0E96998C3793F51BB94D7AC3 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    20:19:57.0097 6688  ZeroConfigService - ok
    20:19:57.0134 6688  ================ Scan global ===============================
    20:19:57.0148 6688  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    20:19:57.0188 6688  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
    20:19:57.0271 6688  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
    20:19:57.0303 6688  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    20:19:57.0328 6688  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    20:19:57.0337 6688  [Global] - ok
    20:19:57.0338 6688  ================ Scan MBR ==================================
    20:19:57.0347 6688  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    20:19:57.0571 6688  \Device\Harddisk0\DR0 - ok
    20:19:57.0572 6688  ================ Scan VBR ==================================
    20:19:57.0581 6688  [ BD4FF4A624854156F56FF23F6203810C ] \Device\Harddisk0\DR0\Partition1
    20:19:57.0583 6688  \Device\Harddisk0\DR0\Partition1 - ok
    20:19:57.0607 6688  [ 154E15345AC399972C480EA6993C245A ] \Device\Harddisk0\DR0\Partition2
    20:19:57.0611 6688  \Device\Harddisk0\DR0\Partition2 - ok
    20:19:57.0612 6688  ============================================================
    20:19:57.0612 6688  Scan finished
    20:19:57.0612 6688  ============================================================
    20:19:57.0631 5836  Detected object count: 0
    20:19:57.0631 5836  Actual detected object count: 0


    #10 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:03:53 PM

    Posted 17 February 2013 - 10:29 PM

    Hi,

    Let's take a look with a different tool and see what it shows us.

    OTL.jpgOTL
    • Download OTL to your desktop.
    • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    • ----------

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #11 morganj23

    morganj23
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:53 PM

    Posted 17 February 2013 - 11:01 PM

    OTL.txt

     

     

    OTL logfile created on: 2/17/2013 10:54:50 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jim\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    5.91 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 65.46% Memory free
    11.82 Gb Paging File | 9.80 Gb Available in Paging File | 82.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 413.21 Gb Total Space | 226.51 Gb Free Space | 54.82% Space Free | Partition Type: NTFS
    Drive D: | 275.47 Gb Total Space | 275.37 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
     
    Computer Name: JIM-MSI | User Name: Jim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Users\Jim\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Motorola Solutions, Inc.)
    PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
    PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\S-Bar\MSIService.exe (Micro-Star International Co., Ltd.)
    PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe (Micro-Star Int'l Co., Ltd.)
    PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    PRC - C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe (msi)
    PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    PRC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
    PRC - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
    PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
    MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
    MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
    SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
    SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
    SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
    SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
    SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.)
    SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
    SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
    SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
    SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
    SRV - (Micro Star SCM) -- C:\Program Files (x86)\S-Bar\MSIService.exe (Micro-Star International Co., Ltd.)
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (MSI Foundation Service) -- C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe (MSI)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    SRV - (FreeAgentGoNext Service) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
    SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - (MGHwCtrl) -- C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys File not found
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\drivers\usb3Hub.sys (Windows ® Win 7 DDK provider)
    DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
    DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
    DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
    DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
    DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\drivers\xHCIPort.sys (Windows ® Win 7 DDK provider)
    DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
    DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
    DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
    DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
    DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Motorola Solutions, Inc.)
    DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Motorola Solutions, Inc.)
    DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)
    DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
    IE:64bit: - HKLM\..\SearchScopes\{066F17B3-8A44-4BD4-AC9A-1C87991040DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = 
    IE - HKLM\..\SearchScopes\{066F17B3-8A44-4BD4-AC9A-1C87991040DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
     
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
     
    IE - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
    IE - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000\..\SearchScopes,DefaultScope = 
    IE - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
     
    ========== FireFox ==========
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
     
    [2013/01/19 15:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
     
    ========== Chrome  ==========
     
    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - Extension: Craigslist Notification = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aenadocogjnkbmchfnkpipdinoleakbj\1.1.0.52_0\
    CHR - Extension: Xmarks Bookmark Sync = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\
    CHR - Extension: Xmarks Bookmark Sync = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\.bak
    CHR - Extension: Google Drive = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube Options for Google Chrome™ = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.108_0\
    CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Minimalist for Everything = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek\0.6.7_0\
    CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmelius - Ad Blocker and Better UI for Gmail™ = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl\5.7.2_0\
    CHR - Extension: Pixlr-o-matic = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\
    CHR - Extension: Google Calendar = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
    CHR - Extension: Cloud Reader = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
    CHR - Extension: The Weather Channel for Chrome = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
    CHR - Extension: Google Voice (by Google) = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
    CHR - Extension: StayFocusd = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.3.10_0\
    CHR - Extension: Facebook Notifications = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
    CHR - Extension: The Tracktor  - Amazon Price Tracker = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\onajjgekdldckfgodnmoallcmdmfcfom\3.1.2_0\
    CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: uTorrent tiny client = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pngankkfedcppncefcddoiofipanflib\0.3_0\
     
    O1 HOSTS File: ([2013/02/17 19:14:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe (Micro-Star Int'l Co., Ltd.)
    O4 - HKLM..\Run: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe (msi)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe (MSI)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000..\Run: [76C34C4F529FAADC3A9D6C7D5C900CABAB119D54._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BTGuard Updates.lnk = C:\BTGUARD\settings.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1148763194-3819809681-2558889641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
    O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
    O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17A8F0A9-2F0C-4065-865B-24D48D7C91EC}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEFD81B6-89B2-49FB-BA4F-02C9F76CAD3A}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/02/17 22:42:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
    [2013/02/17 20:18:27 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jim\Desktop\tdsskiller.exe
    [2013/02/17 19:46:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/02/17 19:08:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2013/02/17 19:08:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2013/02/17 19:08:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2013/02/16 20:43:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/16 20:43:19 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2013/02/16 20:43:03 | 005,033,715 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
    [2013/02/16 16:51:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\next post
    [2013/02/16 16:49:05 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jim\Desktop\aswMBR.exe
    [2013/02/16 16:45:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\dds.com
    [2013/02/16 00:52:43 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
    [2013/02/16 00:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/02/16 00:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/02/16 00:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/02/16 00:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/02/16 00:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/02/16 00:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2013/02/09 01:31:24 | 000,000,000 | --SD | C] -- C:\windows\SysWow64\Microsoft
    [2013/02/09 01:30:08 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\doubleTwist Corporation
    [2013/02/09 01:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
    [2013/02/08 18:57:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\Skyfall.2012.720p.BluRay.x264-DAA [PublicHD]
    [2013/01/20 15:46:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\TurboTax
    [2013/01/20 15:44:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\IsolatedStorage
    [2013/01/20 15:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Intuit
    [2013/01/20 15:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
    [2013/01/20 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
    [2013/01/20 15:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
    [2013/01/20 15:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
    [2013/01/19 21:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
    [2013/01/19 21:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
    [2013/01/19 21:41:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\dvdcss
    [2013/01/19 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Postbox
    [2013/01/19 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Postbox
    [2013/01/19 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Mozilla
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/02/17 22:42:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
    [2013/02/17 22:20:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/02/17 22:14:00 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/17 20:18:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jim\Desktop\tdsskiller.exe
    [2013/02/17 19:54:16 | 000,024,672 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/17 19:54:16 | 000,024,672 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/17 19:47:11 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/17 19:46:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/02/17 19:46:04 | 464,023,551 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/17 19:14:41 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2013/02/16 20:43:09 | 005,033,715 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
    [2013/02/16 20:00:21 | 000,587,671 | ---- | M] () -- C:\Users\Jim\Desktop\AdwCleaner.exe
    [2013/02/16 16:50:18 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jim\Desktop\aswMBR.exe
    [2013/02/16 16:45:37 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\dds.com
    [2013/02/16 00:51:50 | 000,018,404 | ---- | M] () -- C:\windows\SysNative\results.xml
    [2013/02/16 00:32:46 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/02/16 00:17:38 | 005,060,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/02/15 21:44:35 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/02/15 21:44:35 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/02/15 21:44:35 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/02/09 18:31:07 | 000,094,876 | ---- | M] () -- C:\Users\Jim\Desktop\https___www.giltcity 2.pdf
    [2013/02/09 18:30:51 | 000,094,841 | ---- | M] () -- C:\Users\Jim\Desktop\https___www.giltcity 1.pdf
    [2013/01/20 15:44:09 | 000,000,614 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2013/01/20 15:40:22 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
    [2013/01/19 21:57:25 | 000,002,269 | ---- | M] () -- C:\Users\Jim\Desktop\Google Chrome.lnk
    [2013/01/19 21:55:01 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Intel® WiDi.lnk
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/02/17 19:08:39 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2013/02/17 19:08:39 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2013/02/17 19:08:39 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2013/02/17 19:08:39 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2013/02/17 19:08:39 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2013/02/16 20:00:16 | 000,587,671 | ---- | C] () -- C:\Users\Jim\Desktop\AdwCleaner.exe
    [2013/02/16 00:52:54 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/02/16 00:32:46 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/02/09 18:31:07 | 000,094,876 | ---- | C] () -- C:\Users\Jim\Desktop\https___www.giltcity 2.pdf
    [2013/02/09 18:30:50 | 000,094,841 | ---- | C] () -- C:\Users\Jim\Desktop\https___www.giltcity 1.pdf
    [2013/01/20 15:40:28 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2013/01/20 15:40:22 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
    [2013/01/19 21:55:01 | 000,002,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® WiDi.lnk
    [2013/01/19 21:55:01 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Intel® WiDi.lnk
    [2012/12/12 16:41:24 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2012/11/27 21:56:38 | 000,001,456 | ---- | C] () -- C:\Users\Jim\AppData\Local\Adobe Save for Web 13.0 Prefs
    [2012/11/22 17:49:16 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
    [2012/11/22 17:49:14 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
    [2012/11/13 20:44:15 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/11/11 22:01:54 | 000,000,218 | ---- | C] () -- C:\Users\Jim\AppData\Local\recently-used.xbel
    [2012/11/11 21:13:47 | 000,000,060 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\programs.vc
    [2012/10/31 17:32:25 | 000,120,200 | ---- | C] () -- C:\windows\SysWow64\DLLDEV32i.dll
    [2012/10/22 17:40:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
    [2012/10/22 17:40:00 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
    [2011/07/01 20:05:45 | 000,001,313 | ---- | C] () -- C:\windows\THXCfg_SP_APOIM.ini
    [2011/07/01 20:05:45 | 000,001,212 | ---- | C] () -- C:\windows\THXCfg_HP_APOIM.ini
    [2011/07/01 20:05:45 | 000,001,212 | ---- | C] () -- C:\windows\THXCfg_APOIM.ini
    [2011/07/01 20:05:44 | 000,182,272 | ---- | C] () -- C:\windows\SysWow64\APOMngr.DLL
    [2011/07/01 20:05:44 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\CmdRtr.DLL
    [2011/07/01 19:16:04 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2011/07/01 19:15:59 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2011/07/01 19:15:57 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2012/11/11 22:01:30 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\deluge
    [2012/11/21 19:51:48 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Leadertech
    [2012/11/23 12:57:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MAGIX
    [2012/11/13 20:41:30 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Nuance
    [2013/01/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Postbox
    [2012/11/21 22:22:45 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\redsn0w
    [2012/11/22 18:48:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\RoboForm
    [2012/11/22 23:50:45 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SoftGrid Client
    [2012/11/07 21:35:28 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SystemRequirementsLab
    [2012/11/13 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TP
    [2012/11/23 12:39:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TrueCrypt
    [2012/11/13 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Zeon
     
    ========== Purity Check ==========
     
     
     
    < End of report >


    #12 morganj23

    morganj23
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:53 PM

    Posted 17 February 2013 - 11:03 PM

    Extras.txt:
     
    OTL Extras logfile created on: 2/17/2013 10:54:50 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jim\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    5.91 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 65.46% Memory free
    11.82 Gb Paging File | 9.80 Gb Available in Paging File | 82.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 413.21 Gb Total Space | 226.51 Gb Free Space | 54.82% Space Free | Partition Type: NTFS
    Drive D: | 275.47 Gb Total Space | 275.37 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
     
    Computer Name: JIM-MSI | User Name: Jim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
     
    [HKEY_USERS\S-1-5-21-1148763194-3819809681-2558889641-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    ========== Firewall Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01BD1410-DF19-49F5-9C42-028C262D4D4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{0714DFDA-373B-4565-8CD8-59E8FA7176B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{11C3E2CB-FB76-4780-9E48-24344A1EF57B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{422A5D04-B60C-47D1-B36F-50B1EF2CCF8A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{42567634-0E41-4143-A22A-61EC30EE74F0}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{47917EA5-ACC2-42F7-B701-3A5163C6520B}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{4AEEC470-851C-4C2E-807B-F9F0660978C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{516AC922-A69B-4FBD-B06F-550A81BB39E3}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{56BE299D-8821-458A-8C75-67E77D61A9A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{5C5D1B1C-74CC-47F4-8D42-6AEC613A92C2}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{5D274378-668A-40E9-84EC-C2E7DF33F21F}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{622342C4-5BF9-4988-80C5-F1DF625D4470}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{7E5E8988-93C7-427C-9B3A-EFB56669C091}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 
    "{98C28CBF-91B2-4631-9668-B3B6B9C01386}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{A3069E0F-F141-4BF7-B100-0A3837BCA90D}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{AA20A5A2-8278-4A5E-9018-059B75FD63E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{B06C7445-EA6E-42E7-8E76-AB580AD03703}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{B6462655-9324-4E4F-A3AC-FD8B53577119}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{D9782163-D9E8-4A27-931E-AF9987405904}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{DAF85960-D82A-4919-A02E-2A1A1F32FADC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{DBEA97F6-9A0E-45AB-B795-8B7955432E49}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 
    "{DD77DA49-1FC7-47A5-9E6C-1CC34E4A011E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{DDEFCE53-964D-4857-B015-8DEBF44FC97E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{EE05B94E-8E38-4E63-BDB6-10D7B7F71AB6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{F9C641E2-4729-49A6-93E4-1366348547F1}" = rport=138 | protocol=17 | dir=out | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{08B5BFBA-42D9-483D-8F6C-4DAE3BCC1526}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{0ED670FB-3478-41E9-B27F-A6AA62CF0E7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{15FBDAAC-01FF-444B-9D22-DB667362BB4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{16831233-5351-4EF2-A6B3-A1B1C1BFE763}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{324CA53E-BBFA-4F85-B931-0103956723B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{3A83A590-324F-41D7-AB6C-F0EBF891FA42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{4B5A7CFC-6EFA-44AE-8DA1-7C1211A9B33C}" = protocol=17 | dir=in | app=c:\btguard\utorrent.exe | 
    "{60C82CDB-DEAD-4579-93BD-664D3F03C1B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{62D90AF8-9C00-4C9E-8D2A-94CE628541E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{63417A8D-49DC-4067-8083-3FAD2C6D828B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{64480368-68F1-4D10-A710-274891F6FE45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{669133E5-38ED-4EF0-956C-7546CF202792}" = protocol=6 | dir=out | app=system | 
    "{6B406104-6694-48F6-8243-28C2D9E021AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{71019234-567B-47B5-8496-4713ABA1530B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
    "{71BC2EA8-7213-456F-97CC-642CB5562134}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{8130B0AD-7E66-4C3D-B176-33616DC0AF18}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{85E53D85-2DB6-48EE-9D0D-75163D26EC73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{86DA4CFB-55B8-4819-87A7-0F0F787E3BFA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
    "{8E913BBA-AF00-4568-A451-076C9C26531A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{A08DAB12-E10B-472D-BD0A-9D4F2DCBE2F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{AC09C28B-2C2B-4D68-8513-C803072A1ED5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{BD967C65-ECC0-4398-ABE0-CE59D7D13BBC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{BE90672B-9244-4478-8481-6C422A5F20E0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{C17A9E03-E23D-4554-BDE1-A8734FCF0482}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{C853DB05-0427-467D-8726-3FC58DC61993}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{C8EA37DB-5905-4863-A5DE-782E3D848DBC}" = protocol=6 | dir=in | app=c:\btguard\utorrent.exe | 
    "{D1F79FA5-936F-4282-9012-E976AF65CC9D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{D428FD3C-7834-41EC-B335-602E81436D63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{EB722BAC-3F7A-4498-A813-138441EECF32}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
    "{F04893DE-AB48-492A-8EDF-94A222C16AD2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
    "{F57DC840-96C2-49FE-89D8-38A8629D6737}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
    "{F73149EC-4D59-4FD7-BCCD-915BF46232B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{FC3E796A-B074-4E0E-9172-ECD5195B7AF2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{FEA53084-CA9A-46C3-9DD4-B67C889F567F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
    "TCP Query User{4D747FAB-7928-49C4-B28B-CDD14E99A941}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
    "TCP Query User{7249B9AD-C04A-445F-87D1-F46B6ABD2A11}C:\program files (x86)\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge.exe | 
    "TCP Query User{AA19E747-9860-4522-8A39-CFC6D2FE967F}C:\program files (x86)\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge.exe | 
    "UDP Query User{11FCF372-76DB-40ED-B13E-BA32B23B3E37}C:\program files (x86)\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge.exe | 
    "UDP Query User{6090D239-4E0E-410F-AA0B-26F180273E2A}C:\program files (x86)\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge.exe | 
    "UDP Query User{77C51794-9B81-4B1F-9B8D-37F7AC1166D5}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    "{23D486D4-FBE0-40F3-A245-E4D56D094764}" = Intel® WiDi
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90F00673-A276-4A58-B675-B426D39D1E09}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A10B1524-63B5-40F2-B272-D841CF671C16}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi Software
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "Microsoft Security Client" = Microsoft Security Essentials
    "ProInst" = Intel PROSet Wireless
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FC46D21-F4A4-42DF-B9A4-27F8A702EBC5}_is1" = Stone Giant 1.0
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
    "{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}" = MSI Software Install
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
    "{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
    "{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = Battery Calibration
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CFA1D01-AECD-4913-9FB8-1E8A82F47824}_is1" = DNS Leak Fix for OpenVPN version 1.2
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{94DE7548-E449-4F7D-804F-0C5CDC3A1E6A}" = EasyFace2
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A6D659BE-795D-4726-AEE8-91EB25CF26F7}" = TurboTax 2012 wnjiper
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C13926BE-159B-4494-BEEC-AB6E207F70AD}" = Cinema ProII Setup
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CD1067C8-1AA1-4503-BCAD-EA1EE5427DC7}" = MAGIX Video easy SE
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D508AF9C-BE68-4A0D-92F2-A9D99F72D062}" = S-Bar
    "{DA5597C9-9216-44FF-9670-D1E48817B998}" = MSI HOUSE
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
    "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F73C47CA-879E-4906-9298-D93D6FCEC4D0}" = TurboTax 2012 wnyiper
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AI RoboForm" = RoboForm 7-8-5-7 (All Users)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "Google Chrome" = Google Chrome
    "i-Charger_is1" = i-Charger
    "InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
    "MAGIX Music Maker 16 Download Version UK" = MAGIX Music Maker 16 Download Version
    "MAGIX Photo Manager 9 UK" = MAGIX Photo Manager 9
    "MAGIX Screenshare UK" = MAGIX Screenshare
    "MAGIX Speed burnR UK" = MAGIX Speed burnR
    "MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "TrueCrypt" = TrueCrypt
    "TurboTax 2012" = TurboTax 2012
    "VLC media player" = VLC media player 2.0.4
    "VPNCheck_is1" = VPNCheck 1.5
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
     
    ========== HKEY_USERS Uninstall List ==========
     
    [HKEY_USERS\S-1-5-21-1148763194-3819809681-2558889641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BTGuard 2.5" = BTGuard 2.5
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 1/28/2013 12:34:12 AM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 1/28/2013 12:34:12 AM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 12012
     
    Error - 1/28/2013 12:34:12 AM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 12012
     
    Error - 1/28/2013 9:39:07 PM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 1/28/2013 9:39:07 PM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 75906873
     
    Error - 1/28/2013 9:39:07 PM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 75906873
     
    Error - 1/29/2013 1:44:12 AM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 1/29/2013 1:44:12 AM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 982
     
    Error - 1/29/2013 1:44:12 AM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 982
     
    Error - 1/29/2013 1:44:13 AM | Computer Name = Jim-MSI | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    [ System Events ]
    Error - 12/16/2012 10:58:35 PM | Computer Name = Jim-MSI | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 7:47:45 PM on ?12/?16/?2012 was unexpected.
     
    Error - 12/22/2012 10:43:36 PM | Computer Name = Jim-MSI | Source = Service Control Manager | ID = 7034
    Description = The Intel® PROSet/Wireless Zero Configuration Service service terminated
     unexpectedly.  It has done this 1 time(s).
     
    Error - 12/23/2012 11:42:09 PM | Computer Name = Jim-MSI | Source = Service Control Manager | ID = 7034
    Description = The Intel® PROSet/Wireless Zero Configuration Service service terminated
     unexpectedly.  It has done this 1 time(s).
     
    Error - 12/24/2012 6:56:10 PM | Computer Name = Jim-MSI | Source = Service Control Manager | ID = 7034
    Description = The Intel® PROSet/Wireless Zero Configuration Service service terminated
     unexpectedly.  It has done this 2 time(s).
     
    Error - 12/27/2012 7:24:09 PM | Computer Name = Jim-MSI | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:26:51 PM on ?12/?26/?2012 was unexpected.
     
    Error - 12/27/2012 9:14:06 PM | Computer Name = Jim-MSI | Source = bowser | ID = 8003
    Description = 
     
    Error - 12/31/2012 5:56:07 PM | Computer Name = Jim-MSI | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:54:19 PM on ?12/?31/?2012 was unexpected.
     
    Error - 1/6/2013 6:51:02 PM | Computer Name = Jim-MSI | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:20:23 PM on ?1/?5/?2013 was unexpected.
     
    Error - 1/8/2013 10:51:08 PM | Computer Name = Jim-MSI | Source = Service Control Manager | ID = 7034
    Description = The Intel® PROSet/Wireless Zero Configuration Service service terminated
     unexpectedly.  It has done this 1 time(s).
     
    Error - 1/12/2013 6:13:21 PM | Computer Name = Jim-MSI | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:06:39 PM on ?1/?12/?2013 was unexpected.
     
     
    < End of report >


    #13 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:03:53 PM

    Posted 18 February 2013 - 07:50 AM

    Hi,

    ListParts

    For x64 bit systems please download Listparts64
    Run the tool, click Scan and post the log (Result.txt) it makes.
    ------------

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #14 morganj23

    morganj23
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:53 PM

    Posted 18 February 2013 - 12:36 PM

    ListParts by Farbar Version: 16-01-2013
    Ran by Jim (administrator) on 18-02-2013 at 12:35:16
    Windows 7 (X64)
    Running From: C:\Users\Jim\Desktop
    Language: 0409
    ************************************************************
     
    ========================= Memory info ====================== 
     
    Percentage of memory in use: 70%
    Total physical RAM: 6051.37 MB
    Available physical RAM: 1795.46 MB
    Total Pagefile: 12100.93 MB
    Available Pagefile: 7425.83 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB
     
    ======================= Partitions =========================
     
    1 Drive c: (OS_Install) (Fixed) (Total:413.21 GB) (Free:226.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Data) (Fixed) (Total:275.47 GB) (Free:275.37 GB) NTFS
     
      Disk ###  Status         Size     Free     Dyn  Gpt
      --------  -------------  -------  -------  ---  ---
      Disk 0    Online          698 GB      0 B         
     
    Partitions of Disk 0:
    ===============
     
    Disk ID: DBD9CD0E
     
      Partition ###  Type              Size     Offset
      -------------  ----------------  -------  -------
      Partition 1    Recovery             9 GB  1024 KB
      Partition 2    Recovery           100 MB     9 GB
      Partition 3    Primary            413 GB     9 GB
      Partition 4    Primary            275 GB   423 GB
     
    ======================================================================================================
     
    Disk: 0
    Partition 1
    Type  : 27
    Hidden: Yes
    Active: No
     
      Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
      ----------  ---  -----------  -----  ----------  -------  ---------  --------
    * Volume 3         BIOS_RVY     NTFS   Partition      9 GB  Healthy    Hidden  
     
    ======================================================================================================
     
    Disk: 0
    Partition 2
    Type  : 27
    Hidden: Yes
    Active: Yes
     
      Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
      ----------  ---  -----------  -----  ----------  -------  ---------  --------
    * Volume 4         System       NTFS   Partition    100 MB  Healthy    Hidden  
     
    ======================================================================================================
     
    Disk: 0
    Partition 3
    Type  : 07
    Hidden: No
    Active: No
     
      Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
      ----------  ---  -----------  -----  ----------  -------  ---------  --------
    * Volume 1     C   OS_Install   NTFS   Partition    413 GB  Healthy    Boot    
     
    ======================================================================================================
     
    Disk: 0
    Partition 4
    Type  : 07
    Hidden: No
    Active: No
     
      Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
      ----------  ---  -----------  -----  ----------  -------  ---------  --------
    * Volume 2     D   Data         NTFS   Partition    275 GB  Healthy            
     
    ======================================================================================================
     
    ****** End Of Log ****** 


    #15 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:03:53 PM

    Posted 18 February 2013 - 01:10 PM

    Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
  • ----------

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users