Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

4 Trojans detected Please Help [Solved]


  • This topic is locked This topic is locked

#1
PjMac

PjMac

    Member

  • Member
  • PipPip
  • 16 posts
I installed Kaspersky 2 days ago and ran a scan. It detected 4 Trojan viruses which were immediately quarantined. Afterwards I downloaded OTL and ran a scan and clean. Now I am having popup adds (two at a time usually saying missing plug-in) every few minutes. In an attempt to close the ad, I accidentally downloaded the program and a Trojan was detected. Also, when I'm watching videos, a commercial will play in the background even after closing YouTube. I currently use Windows 8. This laptop (Acer) was purchased new the first week of December. Any help is greatly appreciated. Below is the current OTL log i just ran:
OTL logfile created on: 2/18/2013 5:14:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pam\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 4.67 Gb Available Physical Memory | 59.85% Memory free
15.80 Gb Paging File | 12.28 Gb Available in Paging File | 77.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.15 Gb Total Space | 610.75 Gb Free Space | 89.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: PJ | User Name: Pam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 17:13:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pam\Downloads\OTL.exe
PRC - [2013/02/14 08:11:32 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/02/14 08:11:30 | 018,814,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/02/11 05:47:42 | 000,673,192 | ---- | M] (Lavasoft.) -- C:\ProgramData\Search Protection\SearchProtection.exe
PRC - [2013/01/31 10:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2012/08/23 23:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
PRC - [2012/08/23 01:24:38 | 000,259,136 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/08/23 01:24:10 | 000,533,568 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2012/08/22 17:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012/08/22 17:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012/08/21 21:36:54 | 000,473,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/08/21 21:36:52 | 001,176,176 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/08/21 21:36:52 | 000,348,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/08/15 14:50:54 | 006,054,824 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe
PRC - [2012/07/25 22:21:03 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/04 12:57:44 | 000,990,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/03/25 07:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/16 12:55:24 | 000,648,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\53a9f9c216117a20745275946c6169cb\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2013/02/16 12:55:22 | 010,291,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\a90a3198c1cdc300344a8f4d8a17547a\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2013/02/16 12:55:17 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4e0b80cd44dbb1d3b283aea5496da8e9\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/16 12:55:15 | 001,085,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\e32e041a6ea10e8a4983dc6173c76f2b\Microsoft.Iris.ImportExport.ni.dll
MOD - [2013/02/16 12:55:06 | 000,551,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\4b219466ab2dcd38f14043c04863ec30\Iris.Mapi.MessageStore.ni.dll
MOD - [2013/02/16 12:55:06 | 000,522,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\3699bf79927ea44ef5c1975f3b7b3422\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2013/02/16 12:55:04 | 006,183,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\f245ba9287dbea43dd3ab5602105d7a9\BusinessLayer.ni.dll
MOD - [2013/02/16 12:54:57 | 000,891,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WinFormsRegions\0d9f9d379d35298285c5f3cac6e4a3c1\WinFormsRegions.ni.dll
MOD - [2013/02/16 12:54:56 | 001,130,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\4011f408d69039b4a1b6bcfbe678fc51\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2013/02/16 12:54:55 | 003,104,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\b2bbef4ac9ccddd67a92946836e16952\BCMRes.ni.dll
MOD - [2013/02/16 12:54:53 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d9b1eab5c18e51eaf4acc4894df0f223\System.ServiceProcess.ni.dll
MOD - [2013/02/15 15:25:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll
MOD - [2013/02/13 08:09:46 | 012,638,576 | ---- | M] () -- C:\Users\Pam\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/01/25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/15 22:06:45 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll
MOD - [2013/01/15 22:01:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\7513a19f53d5b7fcadfd35b5b10c0038\Extensibility.ni.dll
MOD - [2013/01/15 22:01:40 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WinFormsHostLib\f8bde1011b72e79989abf59f9ae15c30\WinFormsHostLib.ni.dll
MOD - [2013/01/15 22:01:36 | 000,199,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\86254eb7d740c9513d4058194b8ace36\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2013/01/15 22:01:35 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\61fafc70c956a31e2c6a8a84fbf4e59d\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2013/01/15 22:01:23 | 000,414,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\15a9e7d07ed9147948fa7ffe02e7930c\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2013/01/15 22:01:22 | 002,381,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\df328985097620bc53c99036ae8fb62f\Microsoft.Interop.eCRM.Outlook.ni.dll
MOD - [2013/01/15 22:01:22 | 001,016,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.eCRM.Offi#\da58bdca374c46b427d2cb1372941cce\Microsoft.eCRM.Office.ni.dll
MOD - [2013/01/15 22:01:22 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\04b78d73703b2818d2a11e56b9a70f56\stdole.ni.dll
MOD - [2013/01/15 22:00:51 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cb521f56a980b6e8570537bdee805605\System.DirectoryServices.ni.dll
MOD - [2013/01/15 22:00:49 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fe30f9017b763714b1372d77204cd3d0\System.Transactions.ni.dll
MOD - [2013/01/15 22:00:48 | 000,782,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\5efb2eceb62c5cb3f43cdea7a8342a1a\BCMCommon.ni.dll
MOD - [2013/01/15 22:00:37 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll
MOD - [2013/01/14 19:35:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll
MOD - [2013/01/14 19:35:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll
MOD - [2013/01/14 19:34:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll
MOD - [2013/01/14 19:34:55 | 006,656,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\644cb8dc7b37a1eec15f542da9846d0c\System.Data.ni.dll
MOD - [2013/01/14 19:34:24 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll
MOD - [2013/01/14 19:34:16 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012/12/09 10:57:54 | 000,459,176 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\4.0.0.0__31bf3856ad364e35\BCMCommon.dll
MOD - [2012/12/09 09:50:05 | 000,605,096 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\4.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
MOD - [2012/12/09 09:19:44 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2012/08/30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012/08/30 22:22:44 | 000,094,648 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avpapplication.dll
MOD - [2012/08/23 01:26:10 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2012/08/22 17:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012/08/22 17:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
MOD - [2012/07/26 04:23:08 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/07/26 04:23:08 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/07/26 04:23:08 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2011/05/08 22:08:16 | 001,439,656 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/03/25 07:45:10 | 000,011,176 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\Microsoft.Interop.Mapi.Interfaces.resources.dll
MOD - [2010/03/25 07:44:44 | 000,083,880 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BusinessLayer.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/08/22 23:36:28 | 000,468,624 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService)
SRV:64bit: - [2012/08/22 22:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/07/25 23:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/13 11:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2013/02/14 08:11:32 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/01/07 18:28:05 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/09/25 18:59:17 | 000,093,296 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/09/10 22:50:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (avp)
SRV - [2012/08/23 23:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2012/08/23 01:24:38 | 000,259,136 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2012/08/21 21:36:52 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/08/10 20:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/11 22:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/25 07:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/01/09 20:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/01/07 18:28:04 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/15 01:14:30 | 003,701,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/25 19:24:36 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/09/25 19:24:36 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/09/25 19:24:36 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/09/25 18:59:17 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/08/20 12:32:46 | 000,316,816 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/08/10 20:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/10 20:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 20:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 20:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 20:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 20:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 20:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 20:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 00:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/09 15:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/14 18:33:26 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/06/13 21:23:58 | 000,294,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/06/13 00:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 09:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX)
DRV:64bit: - [2012/06/02 09:31:32 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/07/09 14:51:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/20 13:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/12/14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2008/05/06 19:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8285749D-2AB6-43D2-90FF-C463C2B6AA11}
IE:64bit: - HKLM\..\SearchScopes\{8285749D-2AB6-43D2-90FF-C463C2B6AA11}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {8285749D-2AB6-43D2-90FF-C463C2B6AA11}
IE - HKLM\..\SearchScopes\{8285749D-2AB6-43D2-90FF-C463C2B6AA11}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....8E76B51228534E8
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@kaspersky.com/Password Manager: C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\MODULE~1\npkpmAutofill.dll (Kaspersky Lab)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2013/02/15 16:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2013/02/15 16:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2013/02/15 16:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: InstaPinterest = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahlheacbbhkkdbefgcincdepfngkjokh\1.1_0\
CHR - Extension: AccuWeather Forecast = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaabbcbolfcclofcpdipmefibpgacgc\1.3_0\
CHR - Extension: Google Drive = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: eBay Web App = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
CHR - Extension: Facebook = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google Search = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Password Manager plugin = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\6.0.1.54\
CHR - Extension: Google+ = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\
CHR - Extension: Google Calendar = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Pinterest button = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl\6.4_0\
CHR - Extension: Cloud Reader = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Virtual Keyboard = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Google Tasks Offline (Unofficial) = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh\2.1_0\
CHR - Extension: Google +1 Button = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\
CHR - Extension: Autodesk Homestyler = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
CHR - Extension: SecureSearch = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0\
CHR - Extension: Numerics Calculator & Converter = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe\4.3.4_0\
CHR - Extension: Google Mail Checker = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Insta Craigslist = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjekhndfldbgjcdcldikibfpfabmojb\1_0\
CHR - Extension: Top App Finder = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbcdleejgmedckepdmjghelffpojipp\0.0.1.5_0\
CHR - Extension: Accuweather For Google Chrome = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nggdfhmoncbddllphjadgnklmghkiblm\1.0_0\
CHR - Extension: Amazon Windowshop = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nielaigelomefgdoljcpfgbdbfefhdjc\1.1.0.0_0\
CHR - Extension: My Chrome Theme = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Winter Night in Moonlight = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\offcedjaceddaegkpebcocccakpdjkin\1_0\
CHR - Extension: Christian Quotes = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkoheflogmnooofabbnbdkgidjoaack\1.0_0\
CHR - Extension: Facebook Themes (Facebook Theme Gallery) = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\phejagnmddcjhjblnacgmejghffmhjfp\2.0.12_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.7_0\
CHR - Extension: Gmail = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [bdinstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] File not found
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat ()
O4 - HKCU..\Run: [SkyDrive] C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Kaspersky PURE - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\spIEBho.dll (Kaspersky Lab)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Kaspersky PURE - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\spIEBho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 165.166.142.42 165.166.8.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149B3963-DE4C-493C-B0F2-F3051ADD3DBC}: DhcpNameServer = 192.168.1.1 165.166.142.42 165.166.8.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4697643-A9CF-493C-8E98-6E1E7FDCCC9F}: DhcpNameServer = 192.12.128.24
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{fafc3051-408c-11e2-be7a-206a8adb2330}\Shell - "" = AutoRun
O33 - MountPoints2\{fafc3051-408c-11e2-be7a-206a8adb2330}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 16:53:17 | 000,038,096 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys
[2013/02/18 14:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/02/18 14:50:59 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\LavasoftStatistics
[2013/02/18 14:49:58 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\adawarebp
[2013/02/18 14:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/02/18 14:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/02/18 14:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013/02/18 14:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/02/18 14:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/02/18 14:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013/02/18 14:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/02/18 14:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/02/18 14:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/02/18 14:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/02/18 14:45:15 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/02/18 14:45:12 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Ad-Aware Antivirus
[2013/02/18 13:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/02/18 01:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2013/02/17 10:40:21 | 000,000,000 | --SD | C] -- C:\Users\Pam\Documents\Passwords Database
[2013/02/16 17:00:45 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/02/16 17:00:44 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/02/16 17:00:30 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/02/16 17:00:30 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/02/16 17:00:30 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/02/16 17:00:28 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/02/16 17:00:28 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/02/16 17:00:28 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/02/16 17:00:25 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/02/16 17:00:25 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/02/16 17:00:23 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/02/16 17:00:19 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/02/16 17:00:19 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/02/16 17:00:19 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/02/16 17:00:19 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/02/16 17:00:19 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/02/16 17:00:19 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/02/16 17:00:19 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/02/16 17:00:19 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/02/16 17:00:19 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/02/16 17:00:18 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/02/16 17:00:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/02/16 17:00:18 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013/02/16 17:00:18 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/02/16 17:00:18 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/02/16 17:00:18 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/02/16 17:00:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/02/16 17:00:18 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/02/16 17:00:18 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/02/16 17:00:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/02/16 17:00:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/02/15 17:58:15 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/02/15 16:04:44 | 000,000,000 | R--D | C] -- C:\Backup
[2013/02/15 16:02:58 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2013/02/15 16:02:58 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2013/02/15 16:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/02/15 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2013/02/15 16:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/02/15 16:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/02/14 12:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/02/13 08:07:34 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 08:07:32 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/13 08:07:19 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/13 08:07:17 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/02/13 08:07:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/13 08:07:16 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/13 08:07:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/13 08:07:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/13 08:07:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/13 08:07:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/13 08:07:16 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/02/13 08:07:16 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/02/13 08:07:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/02/13 08:07:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/02 00:19:58 | 000,000,000 | R--D | C] -- C:\Users\Pam\SkyDrive
[2013/02/02 00:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/02/02 00:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/01/26 14:11:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/23 18:46:25 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\MusicPlayer
[2013/01/22 11:48:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[1 C:\Users\Pam\Documents\*.tmp files -> C:\Users\Pam\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/18 17:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/18 15:33:28 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/02/18 14:57:17 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/18 14:53:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/18 14:52:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/18 14:51:40 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/02/18 14:51:39 | 2405,511,167 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/18 14:51:36 | 000,053,284 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe
[2013/02/18 13:07:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/17 17:24:25 | 000,001,369 | ---- | M] () -- C:\Users\Pam\Desktop\IntegrativeNutrition2ndEdUpdate_PDF.pdf - Shortcut.lnk
[2013/02/16 16:45:30 | 000,001,300 | ---- | M] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/02/15 21:32:20 | 000,000,162 | ---- | M] () -- C:\Windows\reimage.ini
[2013/02/15 16:04:46 | 000,017,408 | ---- | M] () -- C:\Users\Pam\AppData\Local\WebpageIcons.db
[2013/02/15 16:03:24 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2013/02/15 16:03:24 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2013/02/14 22:56:22 | 000,422,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 11:53:06 | 000,005,726 | ---- | M] () -- C:\Users\Pam\Documents\cc_20130212_115300.reg
[2013/02/06 18:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/06 18:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/02 23:01:21 | 000,939,898 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/02 23:01:21 | 000,784,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/02 23:01:21 | 000,156,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/02 22:44:57 | 001,374,873 | ---- | M] () -- C:\Users\Pam\Documents\double rainbow.jpg
[2013/02/02 22:16:28 | 000,560,269 | ---- | M] () -- C:\Users\Pam\Documents\OMPReport (1).pdf
[2013/02/02 22:15:43 | 000,560,269 | ---- | M] () -- C:\Users\Pam\Documents\OMPReport.pdf
[2013/01/31 23:33:34 | 000,050,390 | ---- | M] () -- C:\Users\Pam\Documents\2012fitr.pdf
[2013/01/31 14:59:01 | 001,869,704 | ---- | M] () -- C:\Users\Pam\Documents\acid-alkaline-food-chart-1.3.pdf
[2013/01/30 23:40:04 | 000,680,854 | ---- | M] () -- C:\Users\Pam\Documents\alkaline-water-guide-2.0.pdf
[2013/01/29 00:37:53 | 000,000,624 | ---- | M] () -- C:\Users\Pam\Documents\color note bills drs appt
[2013/01/28 22:19:39 | 000,073,987 | ---- | M] () -- C:\Users\Pam\Documents\Carb-Cycling-for-Fat-Loss.pdf
[2013/01/27 22:21:47 | 001,523,635 | ---- | M] () -- C:\Users\Pam\Documents\Crochet_Hat_and_Crochet_Cloche.pdf
[2013/01/22 13:12:26 | 000,016,282 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/01/20 01:38:24 | 000,055,689 | ---- | M] () -- C:\Users\Pam\Documents\Daniel Fast Guidelines Brochure.pdf
[2013/01/20 01:12:54 | 000,617,476 | ---- | M] () -- C:\Users\Pam\Documents\Shopping-List-Healing-Foods.pdf
[1 C:\Users\Pam\Documents\*.tmp files -> C:\Users\Pam\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/18 14:46:55 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/17 17:24:25 | 000,001,369 | ---- | C] () -- C:\Users\Pam\Desktop\IntegrativeNutrition2ndEdUpdate_PDF.pdf - Shortcut.lnk
[2013/02/16 17:00:18 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/02/15 21:30:40 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2013/02/15 16:04:45 | 000,017,408 | ---- | C] () -- C:\Users\Pam\AppData\Local\WebpageIcons.db
[2013/02/15 16:04:43 | 000,001,263 | ---- | C] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0 .lnk
[2013/02/15 16:03:24 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2013/02/15 16:03:24 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2013/02/14 22:56:10 | 000,422,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 11:53:04 | 000,005,726 | ---- | C] () -- C:\Users\Pam\Documents\cc_20130212_115300.reg
[2013/02/02 22:44:39 | 001,374,873 | ---- | C] () -- C:\Users\Pam\Documents\double rainbow.jpg
[2013/02/02 22:16:19 | 000,560,269 | ---- | C] () -- C:\Users\Pam\Documents\OMPReport (1).pdf
[2013/02/02 22:15:29 | 000,560,269 | ---- | C] () -- C:\Users\Pam\Documents\OMPReport.pdf
[2013/02/02 00:19:57 | 000,002,253 | ---- | C] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013/01/31 23:33:13 | 000,050,390 | ---- | C] () -- C:\Users\Pam\Documents\2012fitr.pdf
[2013/01/31 14:58:53 | 001,869,704 | ---- | C] () -- C:\Users\Pam\Documents\acid-alkaline-food-chart-1.3.pdf
[2013/01/30 23:39:55 | 000,680,854 | ---- | C] () -- C:\Users\Pam\Documents\alkaline-water-guide-2.0.pdf
[2013/01/29 00:37:52 | 000,000,624 | ---- | C] () -- C:\Users\Pam\Documents\color note bills drs appt
[2013/01/28 22:19:39 | 000,073,987 | ---- | C] () -- C:\Users\Pam\Documents\Carb-Cycling-for-Fat-Loss.pdf
[2013/01/27 22:21:34 | 001,523,635 | ---- | C] () -- C:\Users\Pam\Documents\Crochet_Hat_and_Crochet_Cloche.pdf
[2013/01/20 01:38:24 | 000,055,689 | ---- | C] () -- C:\Users\Pam\Documents\Daniel Fast Guidelines Brochure.pdf
[2013/01/20 01:13:03 | 000,617,476 | ---- | C] () -- C:\Users\Pam\Documents\Shopping-List-Healing-Foods.pdf
[2013/01/07 18:28:05 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/01/07 18:28:03 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013/01/07 18:28:03 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/09 09:47:45 | 000,955,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/08 22:04:18 | 000,006,656 | ---- | C] () -- C:\Users\Pam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/25 19:38:58 | 000,000,280 | ---- | C] () -- C:\Windows\LaunApp.ini
[2012/09/25 19:33:02 | 000,001,450 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012/09/25 19:33:02 | 000,000,224 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2012/09/25 18:53:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/09/10 23:17:15 | 000,000,460 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2012/09/10 23:17:15 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 19:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 15:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 15:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/12/08 21:13:45 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/01/09 18:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 18:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Edited by PjMac, 18 February 2013 - 04:27 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need a look at a new OTL log

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Done ty
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmmm not a great deal showing there, does this happen in all browsers or just one ?

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#5
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
17:53:58.0115 6024 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:53:58.0115 6024 UEFI system
17:53:58.0576 6024 ============================================================
17:53:58.0576 6024 Current date / time: 2013/02/18 17:53:58.0576
17:53:58.0576 6024 SystemInfo:
17:53:58.0576 6024
17:53:58.0576 6024 OS Version: 6.2.9200 ServicePack: 0.0
17:53:58.0576 6024 Product type: Workstation
17:53:58.0576 6024 ComputerName: PJ
17:53:58.0577 6024 UserName: Pam
17:53:58.0577 6024 Windows directory: C:\Windows
17:53:58.0577 6024 System windows directory: C:\Windows
17:53:58.0577 6024 Running under WOW64
17:53:58.0577 6024 Processor architecture: Intel x64
17:53:58.0577 6024 Number of processors: 4
17:53:58.0577 6024 Page size: 0x1000
17:53:58.0577 6024 Boot type: Normal boot
17:53:58.0577 6024 ============================================================
17:54:00.0380 6024 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:54:00.0418 6024 ============================================================
17:54:00.0419 6024 \Device\Harddisk0\DR0:
17:54:00.0435 6024 GPT partitions:
17:54:00.0491 6024 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BBFB6196-6EEF-4955-890A-7F98D5B24B38}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
17:54:00.0491 6024 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {ECC3228D-2D72-4309-8FC9-60752B2015C2}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
17:54:00.0491 6024 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F5160D8D-8894-4FE5-A6EA-A7916004142A}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
17:54:00.0491 6024 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {ECA8709B-3AD7-499A-B747-2EB4524C3FE4}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x5584F000
17:54:00.0491 6024 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E51EEAFA-4DEE-42A2-944B-94106201C77A}, Name: Basic data partition, StartLBA 0x559ED800, BlocksNum 0x1B58800
17:54:00.0491 6024 MBR partitions:
17:54:00.0492 6024 ============================================================
17:54:00.0696 6024 C: <-> \Device\Harddisk0\DR0\Partition4
17:54:00.0696 6024 ============================================================
17:54:00.0696 6024 Initialize success
17:54:00.0696 6024 ============================================================
17:54:02.0565 4348 ============================================================
17:54:02.0565 4348 Scan started
17:54:02.0565 4348 Mode: Manual;
17:54:02.0565 4348 ============================================================
17:54:28.0899 4348 ================ Scan system memory ========================
17:54:28.0899 4348 System memory - ok
17:54:28.0899 4348 ================ Scan services =============================
17:54:35.0688 4348 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
17:54:35.0737 4348 1394ohci - ok
17:54:35.0777 4348 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
17:54:35.0812 4348 3ware - ok
17:54:35.0963 4348 [ A3BDA4D1186C8F47FA1BC8E91F197537 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:54:35.0987 4348 ACPI - ok
17:54:36.0064 4348 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
17:54:36.0072 4348 acpiex - ok
17:54:36.0095 4348 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
17:54:36.0102 4348 acpipagr - ok
17:54:36.0177 4348 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
17:54:36.0267 4348 AcpiPmi - ok
17:54:36.0312 4348 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
17:54:36.0334 4348 acpitime - ok
17:54:37.0046 4348 [ 3F59267F038747E89BA97CD11388748D ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
17:54:37.0122 4348 Ad-Aware Service - ok
17:54:37.0295 4348 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:54:37.0386 4348 adp94xx - ok
17:54:37.0488 4348 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:54:37.0537 4348 adpahci - ok
17:54:37.0640 4348 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:54:37.0707 4348 adpu320 - ok
17:54:37.0784 4348 [ AB34A3211A1D2AB977DE00CD7BC5A464 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:54:37.0811 4348 AeLookupSvc - ok
17:54:38.0036 4348 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
17:54:38.0104 4348 AFD - ok
17:54:38.0140 4348 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:54:38.0172 4348 agp440 - ok
17:54:38.0225 4348 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
17:54:38.0241 4348 ALG - ok
17:54:38.0329 4348 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
17:54:38.0342 4348 AllUserInstallAgent - ok
17:54:38.0378 4348 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
17:54:38.0407 4348 AmdK8 - ok
17:54:38.0467 4348 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
17:54:38.0497 4348 AmdPPM - ok
17:54:38.0540 4348 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:54:38.0621 4348 amdsata - ok
17:54:38.0765 4348 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:54:38.0896 4348 amdsbs - ok
17:54:38.0934 4348 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:54:38.0951 4348 amdxata - ok
17:54:39.0007 4348 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
17:54:39.0041 4348 AppID - ok
17:54:39.0095 4348 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:54:39.0106 4348 AppIDSvc - ok
17:54:39.0167 4348 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
17:54:39.0179 4348 Appinfo - ok
17:54:39.0197 4348 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
17:54:39.0256 4348 arc - ok
17:54:39.0305 4348 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:54:39.0329 4348 arcsas - ok
17:54:39.0355 4348 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:54:39.0363 4348 AsyncMac - ok
17:54:39.0404 4348 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
17:54:39.0434 4348 atapi - ok
17:54:39.0481 4348 [ 4885C14A6AB6969B5773A42DA0BA3DA4 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
17:54:39.0534 4348 AthBTPort - ok
17:54:39.0873 4348 [ 7CA5397A47843B0BD36898F32F2D403B ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
17:54:40.0266 4348 AtherosSvc - ok
17:54:41.0209 4348 [ 1DA32C4ED8D3928B0DAC570557B8A09B ] athr C:\Windows\system32\DRIVERS\athw8x.sys
17:54:41.0575 4348 athr - ok
17:54:41.0652 4348 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
17:54:41.0662 4348 AudioEndpointBuilder - ok
17:54:41.0880 4348 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:54:41.0940 4348 Audiosrv - ok
17:54:42.0703 4348 [ AEFC1353D0FB4E92A23CFB7E3372356D ] avp C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
17:54:42.0705 4348 avp - ok
17:54:42.0767 4348 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:54:42.0781 4348 AxInstSV - ok
17:54:42.0935 4348 [ 45C6EC94DE3D466B4B452EA0E3870321 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:54:42.0998 4348 b06bdrv - ok
17:54:43.0199 4348 [ 1D55E5313E44FB7968AB2D8758E74D68 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:54:43.0287 4348 b57nd60a - ok
17:54:43.0348 4348 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
17:54:43.0372 4348 BasicDisplay - ok
17:54:43.0409 4348 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
17:54:43.0432 4348 BasicRender - ok
17:54:45.0016 4348 [ 2FE2E0EBCDF1EF22A34B44CED1E59893 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl63a.sys
17:54:45.0298 4348 BCM43XX - ok
17:54:45.0630 4348 [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:54:45.0757 4348 BcmSqlStartupSvc - ok
17:54:45.0821 4348 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
17:54:45.0826 4348 BDESVC - ok
17:54:45.0845 4348 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
17:54:45.0858 4348 Beep - ok
17:54:46.0053 4348 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
17:54:46.0079 4348 BFE - ok
17:54:46.0305 4348 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
17:54:56.0368 5760 ============================================================
17:54:56.0368 5760 Scan started
17:54:56.0368 5760 Mode: Manual; SigCheck; TDLFS;
17:54:56.0368 5760 ============================================================
17:55:04.0233 5760 ================ Scan system memory ========================
17:55:04.0233 5760 System memory - ok
17:55:04.0234 5760 ================ Scan services =============================
17:55:04.0996 5760 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
17:55:05.0427 5760 1394ohci - ok
17:55:14.0323 5760 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
17:55:14.0336 5760 3ware - ok
17:55:14.0468 5760 [ A3BDA4D1186C8F47FA1BC8E91F197537 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:55:14.0484 5760 ACPI - ok
17:55:14.0543 5760 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
17:55:14.0556 5760 acpiex - ok
17:55:14.0574 5760 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
17:55:14.0698 5760 acpipagr - ok
17:55:14.0779 5760 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
17:55:15.0167 5760 AcpiPmi - ok
17:55:15.0180 5760 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
17:55:15.0283 5760 acpitime - ok
17:55:15.0970 5760 [ 3F59267F038747E89BA97CD11388748D ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
17:55:15.0993 5760 Ad-Aware Service - ok
17:55:16.0196 5760 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:55:16.0214 5760 adp94xx - ok
17:55:16.0311 5760 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:55:16.0328 5760 adpahci - ok
17:55:16.0426 5760 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:55:16.0441 5760 adpu320 - ok
17:55:16.0498 5760 [ AB34A3211A1D2AB977DE00CD7BC5A464 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:55:16.0837 5760 AeLookupSvc - ok
17:55:17.0073 5760 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
17:55:17.0598 5760 AFD - ok
17:55:17.0652 5760 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:55:17.0663 5760 agp440 - ok
17:55:17.0705 5760 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
17:55:18.0023 5760 ALG - ok
17:55:18.0075 5760 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
17:55:18.0279 5760 AllUserInstallAgent - ok
17:55:18.0346 5760 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
17:55:18.0603 5760 AmdK8 - ok
17:55:18.0735 5760 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
17:55:18.0947 5760 AmdPPM - ok
17:55:19.0019 5760 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:55:19.0030 5760 amdsata - ok
17:55:19.0147 5760 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:55:19.0161 5760 amdsbs - ok
17:55:19.0202 5760 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:55:19.0212 5760 amdxata - ok
17:55:19.0241 5760 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
17:55:19.0561 5760 AppID - ok
17:55:19.0619 5760 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:55:19.0717 5760 AppIDSvc - ok
17:55:19.0736 5760 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
17:55:19.0880 5760 Appinfo - ok
17:55:19.0932 5760 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
17:55:19.0943 5760 arc - ok
17:55:19.0996 5760 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:55:20.0008 5760 arcsas - ok
17:55:20.0046 5760 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:55:20.0129 5760 AsyncMac - ok
17:55:20.0173 5760 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
17:55:20.0182 5760 atapi - ok
17:55:20.0249 5760 [ 4885C14A6AB6969B5773A42DA0BA3DA4 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
17:55:20.0274 5760 AthBTPort - ok
17:55:20.0506 5760 [ 7CA5397A47843B0BD36898F32F2D403B ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
17:55:20.0516 5760 AtherosSvc - ok
17:55:21.0680 5760 [ 1DA32C4ED8D3928B0DAC570557B8A09B ] athr C:\Windows\system32\DRIVERS\athw8x.sys
17:55:21.0950 5760 athr - ok
17:55:22.0033 5760 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
17:55:22.0387 5760 AudioEndpointBuilder - ok
17:55:22.0608 5760 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:55:22.0707 5760 Audiosrv - ok
17:55:23.0454 5760 [ AEFC1353D0FB4E92A23CFB7E3372356D ] avp C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
17:55:23.0463 5760 avp - ok
17:55:23.0569 5760 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:55:23.0689 5760 AxInstSV - ok
17:55:23.0915 5760 [ 45C6EC94DE3D466B4B452EA0E3870321 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:55:23.0937 5760 b06bdrv - ok
17:55:24.0106 5760 [ 1D55E5313E44FB7968AB2D8758E74D68 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:55:24.0195 5760 b57nd60a - ok
17:55:24.0283 5760 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
17:55:24.0422 5760 BasicDisplay - ok
17:55:24.0477 5760 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
17:55:24.0588 5760 BasicRender - ok
17:55:26.0432 5760 [ 2FE2E0EBCDF1EF22A34B44CED1E59893 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl63a.sys
17:55:28.0684 5760 BCM43XX - ok
17:55:29.0198 5760 [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:55:29.0219 5760 BcmSqlStartupSvc - ok
17:55:29.0303 5760 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
17:55:29.0546 5760 BDESVC - ok
17:55:29.0569 5760 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
17:55:29.0712 5760 Beep - ok
17:55:30.0046 5760 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
17:55:30.0378 5760 BFE - ok
17:55:30.0699 5760 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
17:55:36.0023 5760 BITS - ok
17:55:36.0106 5760 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:55:36.0384 5760 bowser - ok
17:55:36.0519 5760 [ 88F6F0E54F37F99FE7D5513B7623E444 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
17:55:36.0693 5760 BrokerInfrastructure - ok
17:55:36.0831 5760 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
17:55:37.0213 5760 Browser - ok
17:55:37.0317 5760 [ 942F3F6286056D6BBB5B02ED2B7088BD ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
17:55:37.0420 5760 BTATH_A2DP - ok
17:55:37.0450 5760 [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
17:55:37.0537 5760 btath_avdt - ok
17:55:37.0571 5760 [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS C:\Windows\System32\drivers\btath_bus.sys
17:55:37.0578 5760 BTATH_BUS - ok
17:55:37.0684 5760 [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP C:\Windows\System32\drivers\btath_hcrp.sys
17:55:37.0756 5760 BTATH_HCRP - ok
17:55:37.0856 5760 [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:55:37.0891 5760 BTATH_LWFLT - ok
17:55:37.0997 5760 [ EC7BB341229E9E6B04349580F55218B2 ] BTATH_RCP C:\Windows\System32\drivers\btath_rcp.sys
17:55:38.0048 5760 BTATH_RCP - ok
17:55:38.0311 5760 [ CBF4EF7E9FE86CE0CAB0A6472DE34A1C ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
17:55:38.0522 5760 BtFilter - ok
17:55:38.0582 5760 [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
17:55:38.0836 5760 BthAvrcpTg - ok
17:55:38.0960 5760 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
17:55:39.0146 5760 BthEnum - ok
17:55:39.0204 5760 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
17:55:39.0330 5760 BthHFEnum - ok
17:55:39.0403 5760 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
17:55:39.0504 5760 bthhfhid - ok
17:55:39.0591 5760 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
17:55:39.0780 5760 BthLEEnum - ok
17:55:39.0859 5760 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
17:55:40.0069 5760 BTHMODEM - ok
17:55:40.0087 5760 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:55:40.0176 5760 BthPan - ok
17:55:40.0740 5760 [ B2FD839F9AF51B8580C02B89AC6C6C89 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:55:40.0913 5760 BTHPORT - ok
17:55:40.0987 5760 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
17:55:41.0094 5760 bthserv - ok
17:55:41.0139 5760 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:55:41.0268 5760 BTHUSB - ok
17:55:42.0066 5760 [ CFA963D67CF8791B2145ED9E2B89ED95 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
17:55:42.0221 5760 CCDMonitorService - ok
17:55:42.0243 5760 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:55:42.0468 5760 cdfs - ok
17:55:42.0500 5760 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
17:55:42.0692 5760 cdrom - ok
17:55:42.0770 5760 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
17:55:42.0916 5760 CertPropSvc - ok
17:55:42.0965 5760 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
17:55:43.0143 5760 circlass - ok
17:55:43.0260 5760 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
17:55:43.0333 5760 CLFS - ok
17:55:43.0360 5760 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
17:55:43.0547 5760 CmBatt - ok
17:55:43.0729 5760 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
17:55:43.0792 5760 CNG - ok
17:55:43.0849 5760 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
17:55:43.0970 5760 CompositeBus - ok
17:55:43.0975 5760 COMSysApp - ok
17:55:43.0996 5760 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
17:55:44.0371 5760 condrv - ok
17:55:48.0287 5760 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
17:55:48.0425 5760 cphs - ok
17:55:48.0535 5760 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:55:48.0620 5760 CryptSvc - ok
17:55:48.0662 5760 [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
17:55:48.0719 5760 CSCrySec - ok
17:55:49.0124 5760 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
17:55:49.0181 5760 CSObjectsSrv - ok
17:55:49.0315 5760 [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
17:55:49.0369 5760 CSVirtualDiskDrv - ok
17:55:49.0414 5760 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
17:55:49.0439 5760 dam - ok
17:55:49.0687 5760 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
17:55:49.0898 5760 DcomLaunch - ok
17:55:50.0067 5760 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:55:50.0233 5760 defragsvc - ok
17:55:50.0354 5760 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
17:55:50.0484 5760 DeviceAssociationService - ok
17:55:50.0898 5760 [ 91E80E3783883DA59A065E16AC031C3B ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
17:55:51.0024 5760 DeviceFastLaneService - ok
17:55:51.0101 5760 [ D7A3877D9E126E21925DA873677C1D65 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
17:55:51.0269 5760 DeviceInstall - ok
17:55:51.0331 5760 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
17:55:51.0396 5760 Dfsc - ok
17:55:51.0505 5760 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:55:51.0761 5760 Dhcp - ok
17:55:51.0810 5760 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
17:55:51.0865 5760 discache - ok
17:55:51.0933 5760 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
17:55:51.0946 5760 disk - ok
17:55:52.0006 5760 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
17:55:52.0191 5760 dmvsc - ok
17:55:52.0260 5760 [ 9ACE7E657107EB51E5E89FD883F2FD2D ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:55:52.0489 5760 Dnscache - ok
17:55:52.0618 5760 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
17:55:52.0817 5760 dot3svc - ok
17:55:52.0933 5760 [ 27069CFFF29B7F04F4B1BB10154BE52B ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:55:53.0049 5760 dot4 - ok
17:55:53.0114 5760 [ 0BD906A79F9CE3013F7D9D0AC45F9F9D ] Dot4Print C:\Windows\System32\drivers\Dot4Prt.sys
17:55:53.0197 5760 Dot4Print - ok
17:55:53.0257 5760 [ B7D595F2F464F7B628AD53F06547792C ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:55:53.0341 5760 dot4usb - ok
17:55:53.0419 5760 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
17:55:53.0598 5760 DPS - ok
17:55:53.0656 5760 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:55:53.0841 5760 drmkaud - ok
17:55:54.0097 5760 [ 4E2C9C48316B2156B45B58687C7435AC ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:55:54.0183 5760 DsiWMIService - ok
17:55:54.0291 5760 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
17:55:54.0394 5760 DsmSvc - ok
17:55:54.0776 5760 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:55:54.0880 5760 DXGKrnl - ok
17:55:55.0078 5760 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
17:55:55.0299 5760 Eaphost - ok
17:55:56.0281 5760 [ C815C4FAE6A816DFB58975F3D0396692 ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:55:56.0467 5760 ebdrv - ok
17:55:56.0533 5760 [ 6E0E63801FBEF27995107B8269BCFAAD ] EFS C:\Windows\System32\lsass.exe
17:55:56.0695 5760 EFS - ok
17:55:56.0839 5760 [ AD23FC5DB336CA89A6FC2DA1F70E421C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
17:55:56.0987 5760 EgisTec Ticket Service - ok
17:55:57.0037 5760 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
17:55:57.0070 5760 EhStorClass - ok
17:55:57.0145 5760 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
17:55:57.0261 5760 EhStorTcgDrv - ok
17:55:57.0511 5760 [ 3D897AAAAC4BC8D6F069DA3BB65D136D ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
17:55:57.0527 5760 ePowerSvc - ok
17:55:57.0563 5760 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
17:55:57.0818 5760 ErrDev - ok
17:55:57.0975 5760 [ 73B4D8B68529F40EBA98B88E1DA6E031 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
17:55:58.0042 5760 ETD - ok
17:55:58.0232 5760 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
17:55:58.0429 5760 EventSystem - ok
17:55:58.0670 5760 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
17:55:58.0965 5760 exfat - ok
17:55:59.0056 5760 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:55:59.0123 5760 fastfat - ok
17:55:59.0362 5760 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
17:55:59.0640 5760 Fax - ok
17:55:59.0685 5760 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
17:55:59.0775 5760 fdc - ok
17:55:59.0808 5760 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
17:55:59.0946 5760 fdPHost - ok
17:56:00.0043 5760 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
17:56:00.0212 5760 FDResPub - ok
17:56:00.0268 5760 [ DFC2156EEC9E0CBC4F8311983567E3AA ] fhsvc C:\Windows\system32\fhsvc.dll
17:56:00.0402 5760 fhsvc - ok
17:56:00.0423 5760 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:56:00.0458 5760 FileInfo - ok
17:56:00.0489 5760 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:56:00.0644 5760 Filetrace - ok
17:56:00.0804 5760 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:56:00.0871 5760 FLEXnet Licensing Service - ok
17:56:00.0969 5760 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
17:56:01.0082 5760 flpydisk - ok
17:56:01.0205 5760 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:56:01.0225 5760 FltMgr - ok
17:56:01.0284 5760 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
17:56:01.0395 5760 FontCache - ok
17:56:01.0503 5760 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:56:01.0591 5760 FontCache3.0.0.0 - ok
17:56:01.0734 5760 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:56:01.0770 5760 FsDepends - ok
17:56:01.0793 5760 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:56:01.0804 5760 Fs_Rec - ok
17:56:01.0987 5760 [ 79E687A2829B9EBDF488F78260651094 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:56:02.0046 5760 fvevol - ok
17:56:02.0108 5760 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
17:56:02.0220 5760 FxPPM - ok
17:56:02.0267 5760 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:56:02.0303 5760 gagp30kx - ok
17:56:02.0462 5760 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:56:02.0504 5760 GamesAppService - ok
17:56:02.0553 5760 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
17:56:02.0641 5760 gencounter - ok
17:56:02.0713 5760 [ E80C14B9C6E5B57BB7710B356857A964 ] gfiark C:\Windows\system32\drivers\gfiark.sys
17:56:02.0771 5760 gfiark - ok
17:56:02.0853 5760 [ A1F17108F3ED752D2614D767792327C5 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
17:56:02.0890 5760 GPIOClx0101 - ok
17:56:03.0023 5760 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
17:56:03.0217 5760 gpsvc - ok
17:56:03.0343 5760 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:56:03.0354 5760 gupdate - ok
17:56:03.0366 5760 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:56:03.0376 5760 gupdatem - ok
17:56:03.0508 5760 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:56:03.0624 5760 HdAudAddService - ok
17:56:03.0680 5760 [ 8D6810577E9C4F56DCB8E9BACAC7287B ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
17:56:03.0790 5760 HDAudBus - ok
17:56:03.0819 5760 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
17:56:03.0857 5760 HidBatt - ok
17:56:03.0875 5760 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
17:56:03.0995 5760 HidBth - ok
17:56:04.0075 5760 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
17:56:04.0208 5760 hidi2c - ok
17:56:04.0235 5760 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
17:56:04.0291 5760 HidIr - ok
17:56:04.0337 5760 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
17:56:04.0426 5760 hidserv - ok
17:56:04.0459 5760 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
17:56:04.0663 5760 HidUsb - ok
17:56:04.0692 5760 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:56:04.0735 5760 hkmsvc - ok
17:56:04.0914 5760 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:56:05.0080 5760 HomeGroupListener - ok
17:56:05.0177 5760 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:56:05.0294 5760 HomeGroupProvider - ok
17:56:05.0339 5760 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:56:05.0388 5760 HpSAMD - ok
17:56:05.0499 5760 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:56:05.0781 5760 HTTP - ok
17:56:05.0825 5760 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:56:05.0845 5760 hwpolicy - ok
17:56:05.0880 5760 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
17:56:05.0991 5760 hyperkbd - ok
17:56:06.0013 5760 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
17:56:06.0095 5760 HyperVideo - ok
17:56:06.0138 5760 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
17:56:06.0216 5760 i8042prt - ok
17:56:06.0473 5760 [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
17:56:06.0493 5760 iaStorA - ok
17:56:06.0555 5760 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:56:06.0737 5760 iaStorV - ok
17:56:07.0148 5760 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:56:07.0817 5760 igfx - ok
17:56:07.0869 5760 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:56:07.0934 5760 iirsp - ok
17:56:08.0213 5760 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
17:56:08.0404 5760 IKEEXT - ok
17:56:08.0580 5760 [ 6BDCC85422817FA53CD705ADE312CE6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:56:08.0939 5760 IntcAzAudAddService - ok
17:56:08.0992 5760 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:56:09.0131 5760 IntcDAud - ok
17:56:09.0304 5760 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:56:10.0098 5760 Intel® Capability Licensing Service Interface - ok
17:56:10.0171 5760 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
17:56:10.0224 5760 intelide - ok
17:56:10.0258 5760 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
17:56:10.0315 5760 intelppm - ok
17:56:10.0368 5760 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:56:10.0452 5760 IpFilterDriver - ok
17:56:10.0699 5760 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:56:10.0825 5760 iphlpsvc - ok
17:56:10.0916 5760 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
17:56:11.0079 5760 IPMIDRV - ok
17:56:11.0129 5760 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:56:11.0193 5760 IPNAT - ok
17:56:11.0248 5760 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:56:11.0399 5760 IRENUM - ok
17:56:11.0431 5760 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:56:11.0470 5760 isapnp - ok
17:56:11.0566 5760 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
17:56:11.0619 5760 iScsiPrt - ok
17:56:11.0778 5760 [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
17:56:11.0854 5760 jhi_service - ok
17:56:11.0938 5760 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
17:56:11.0985 5760 kbdclass - ok
17:56:11.0992 5760 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
17:56:12.0126 5760 kbdhid - ok
17:56:12.0151 5760 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
17:56:12.0200 5760 kdnic - ok
17:56:12.0222 5760 [ 6E0E63801FBEF27995107B8269BCFAAD ] KeyIso C:\Windows\system32\lsass.exe
17:56:12.0246 5760 KeyIso - ok
17:56:12.0402 5760 [ 73BF91EFBE1F788D0615A396A9211A4B ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
17:56:12.0463 5760 KL1 - ok
17:56:12.0490 5760 [ DC3CF56209C6A19124FEDEF1CBFAF55B ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
17:56:12.0526 5760 kl2 - ok
17:56:12.0568 5760 [ 43D02C0E6BDCD216A01ECAE213A64F67 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
17:56:12.0614 5760 KLIF - ok
17:56:12.0634 5760 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
17:56:12.0645 5760 KLIM6 - ok
17:56:12.0682 5760 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
17:56:12.0707 5760 klmouflt - ok
17:56:12.0734 5760 [ A4751040DB14E30E61A4E47481C77274 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:56:12.0747 5760 KSecDD - ok
17:56:12.0765 5760 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:56:12.0780 5760 KSecPkg - ok
17:56:12.0795 5760 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:56:12.0848 5760 ksthunk - ok
17:56:12.0907 5760 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:56:13.0003 5760 KtmRm - ok
17:56:13.0022 5760 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
17:56:13.0082 5760 LanmanServer - ok
17:56:13.0108 5760 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:56:13.0172 5760 LanmanWorkstation - ok
17:56:13.0190 5760 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:56:13.0240 5760 lltdio - ok
17:56:13.0263 5760 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:56:13.0326 5760 lltdsvc - ok
17:56:13.0344 5760 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:56:13.0415 5760 lmhosts - ok
17:56:13.0479 5760 [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:56:13.0492 5760 LMS - ok
17:56:13.0524 5760 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:56:13.0564 5760 LSI_SAS - ok
17:56:13.0596 5760 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:56:13.0628 5760 LSI_SAS2 - ok
17:56:13.0649 5760 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:56:13.0676 5760 LSI_SCSI - ok
17:56:13.0706 5760 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
17:56:13.0733 5760 LSI_SSS - ok
17:56:13.0771 5760 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
17:56:13.0853 5760 LSM - ok
17:56:13.0871 5760 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
17:56:13.0933 5760 luafv - ok
17:56:13.0957 5760 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:56:14.0257 5760 MBAMProtector - ok
17:56:14.0348 5760 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:56:14.0379 5760 MBAMScheduler - ok
17:56:14.0402 5760 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:56:14.0450 5760 MBAMService - ok
17:56:14.0526 5760 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
17:56:14.0564 5760 megasas - ok
17:56:14.0625 5760 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:56:14.0689 5760 MegaSR - ok
17:56:14.0716 5760 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
17:56:14.0739 5760 MEIx64 - ok
17:56:14.0840 5760 Microsoft SharePoint Workspace Audit Service - ok
17:56:14.0866 5760 [ DBD28A7997CF7303E610989C565C9B29 ] MMCSS C:\Windows\system32\mmcss.dll
17:56:14.0904 5760 MMCSS - ok
17:56:14.0918 5760 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
17:56:14.0972 5760 Modem - ok
17:56:14.0984 5760 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:56:15.0058 5760 monitor - ok
17:56:15.0082 5760 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
17:56:15.0094 5760 mouclass - ok
17:56:15.0103 5760 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys
17:56:15.0127 5760 mouhid - ok
17:56:15.0146 5760 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:56:15.0159 5760 mountmgr - ok
17:56:15.0173 5760 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:56:15.0242 5760 mpsdrv - ok
17:56:15.0270 5760 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:56:15.0326 5760 MpsSvc - ok
17:56:15.0360 5760 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:56:15.0407 5760 MRxDAV - ok
17:56:15.0430 5760 [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:56:15.0499 5760 mrxsmb - ok
17:56:15.0516 5760 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:56:15.0581 5760 mrxsmb10 - ok
17:56:15.0613 5760 [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:56:15.0636 5760 mrxsmb20 - ok
17:56:15.0657 5760 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
17:56:15.0717 5760 MsBridge - ok
17:56:15.0747 5760 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
17:56:15.0780 5760 MSDTC - ok
17:56:15.0804 5760 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:56:15.0840 5760 Msfs - ok
17:56:15.0893 5760 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
17:56:15.0915 5760 msgpiowin32 - ok
17:56:15.0931 5760 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:56:15.0970 5760 mshidkmdf - ok
17:56:15.0978 5760 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
17:56:15.0994 5760 mshidumdf - ok
17:56:16.0004 5760 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:56:16.0015 5760 msisadrv - ok
17:56:16.0051 5760 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:56:16.0104 5760 MSiSCSI - ok
17:56:16.0108 5760 msiserver - ok
17:56:16.0130 5760 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:56:16.0148 5760 MSKSSRV - ok
17:56:16.0164 5760 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
17:56:16.0205 5760 MsLldp - ok
17:56:16.0224 5760 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:56:16.0271 5760 MSPCLOCK - ok
17:56:16.0274 5760 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:56:16.0291 5760 MSPQM - ok
17:56:16.0311 5760 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:56:16.0330 5760 MsRPC - ok
17:56:16.0340 5760 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
17:56:16.0351 5760 mssmbios - ok
17:56:16.0464 5760 MSSQL$MSSMLBIZ - ok
17:56:16.0534 5760 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:56:16.0571 5760 MSSQLServerADHelper100 - ok
17:56:16.0591 5760 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:56:16.0652 5760 MSTEE - ok
17:56:16.0665 5760 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
17:56:16.0709 5760 MTConfig - ok
17:56:16.0721 5760 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
17:56:16.0734 5760 Mup - ok
17:56:16.0744 5760 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
17:56:16.0774 5760 mvumis - ok
17:56:16.0797 5760 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
17:56:16.0820 5760 mwlPSDFilter - ok
17:56:16.0824 5760 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
17:56:16.0841 5760 mwlPSDNServ - ok
17:56:16.0855 5760 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
17:56:16.0880 5760 mwlPSDVDisk - ok
17:56:16.0912 5760 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
17:56:16.0964 5760 napagent - ok
17:56:16.0989 5760 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:56:17.0038 5760 NativeWifiP - ok
17:56:17.0060 5760 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
17:56:17.0081 5760 NcaSvc - ok
17:56:17.0093 5760 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
17:56:17.0135 5760 NcdAutoSetup - ok
17:56:17.0175 5760 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:56:17.0207 5760 NDIS - ok
17:56:17.0225 5760 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:56:17.0264 5760 NdisCap - ok
17:56:17.0288 5760 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
17:56:17.0322 5760 NdisImPlatform - ok
17:56:17.0338 5760 [ 8757D4A9701F9F4B59978839F46C32A7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:56:17.0386 5760 NdisTapi - ok
17:56:17.0399 5760 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:56:17.0450 5760 Ndisuio - ok
17:56:17.0469 5760 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:56:17.0521 5760 NdisWan - ok
17:56:17.0536 5760 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
17:56:17.0554 5760 NDISWANLEGACY - ok
17:56:17.0559 5760 [ FC891984160AAD8D3F047888C6BF1467 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:56:17.0635 5760 NDProxy - ok
17:56:17.0671 5760 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
17:56:17.0742 5760 Ndu - ok
17:56:17.0746 5760 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:56:17.0778 5760 NetBIOS - ok
17:56:17.0809 5760 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:56:17.0883 5760 NetBT - ok
17:56:17.0890 5760 [ 6E0E63801FBEF27995107B8269BCFAAD ] Netlogon C:\Windows\system32\lsass.exe
17:56:17.0920 5760 Netlogon - ok
17:56:17.0947 5760 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
17:56:17.0980 5760 Netman - ok
17:56:18.0011 5760 [ C166E3CD90AB0781ECDF10EC765B083A ] netprofm C:\Windows\System32\netprofmsvc.dll
17:56:18.0064 5760 netprofm - ok
17:56:18.0121 5760 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:56:18.0186 5760 NetTcpPortSharing - ok
17:56:18.0209 5760 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:56:18.0233 5760 nfrd960 - ok
17:56:18.0261 5760 [ 05B42A91867DA3FF71C59747DC785996 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:56:18.0300 5760 NlaSvc - ok
17:56:18.0317 5760 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:56:18.0376 5760 Npfs - ok
17:56:18.0380 5760 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
17:56:18.0411 5760 npsvctrig - ok
17:56:18.0435 5760 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
17:56:18.0524 5760 nsi - ok
17:56:18.0618 5760 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:56:18.0735 5760 nsiproxy - ok
17:56:19.0034 5760 [ 11D7A4A4A1DA60F394F53B413DCDF0DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:56:19.0131 5760 Ntfs - ok
17:56:19.0214 5760 [ 24802A206925A340DBA52ABF83C21315 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
17:56:19.0231 5760 NTI IScheduleSvc - ok
17:56:19.0326 5760 [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr C:\windows\system32\drivers\NTIDrvr.sys
17:56:19.0386 5760 NTIDrvr - ok
17:56:19.0451 5760 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
17:56:19.0531 5760 Null - ok
17:56:19.0561 5760 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:56:19.0628 5760 nvraid - ok
17:56:19.0717 5760 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:56:19.0842 5760 nvstor - ok
17:56:19.0860 5760 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:56:19.0883 5760 nv_agp - ok
17:56:20.0028 5760 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:56:20.0081 5760 ose - ok
17:56:21.0283 5760 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:56:21.0676 5760 osppsvc - ok
17:56:21.0772 5760 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:56:21.0907 5760 p2pimsvc - ok
17:56:22.0022 5760 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
17:56:22.0070 5760 p2psvc - ok
17:56:22.0138 5760 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
17:56:22.0239 5760 Parport - ok
17:56:22.0321 5760 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:56:22.0351 5760 partmgr - ok
17:56:22.0378 5760 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:56:22.0521 5760 PcaSvc - ok
17:56:22.0624 5760 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
17:56:22.0650 5760 pci - ok
17:56:22.0688 5760 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
17:56:22.0717 5760 pciide - ok
17:56:22.0762 5760 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:56:22.0830 5760 pcmcia - ok
17:56:22.0873 5760 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
17:56:22.0894 5760 pcw - ok
17:56:22.0921 5760 [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc C:\Windows\system32\drivers\pdc.sys
17:56:22.0964 5760 pdc - ok
17:56:23.0055 5760 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:56:23.0172 5760 PEAUTH - ok
17:56:23.0313 5760 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:56:23.0367 5760 PerfHost - ok
17:56:23.0583 5760 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
17:56:23.0947 5760 pla - ok
17:56:23.0968 5760 [ D7A3877D9E126E21925DA873677C1D65 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:56:24.0011 5760 PlugPlay - ok
17:56:24.0065 5760 [ 403F8D707515A6AAE46CCC5DBFE8408C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:56:24.0238 5760 Pml Driver HPZ12 - ok
17:56:24.0286 5760 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:56:24.0322 5760 PNRPAutoReg - ok
17:56:24.0339 5760 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:56:24.0390 5760 PNRPsvc - ok
17:56:24.0417 5760 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:56:24.0548 5760 PolicyAgent - ok
17:56:24.0581 5760 [ AAD0C7235F804728373026EEFFDBCA6C ] Power C:\Windows\system32\umpo.dll
17:56:24.0697 5760 Power - ok
17:56:24.0776 5760 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:56:24.0831 5760 PptpMiniport - ok
17:56:24.0985 5760 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
17:56:25.0456 5760 PrintNotify - ok
17:56:25.0485 5760 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
17:56:25.0534 5760 Processor - ok
17:56:25.0679 5760 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
17:56:25.0733 5760 ProfSvc - ok
17:56:25.0748 5760 [ AF038FA3D3748B7595FE7096AD803696 ] Ps2Kb2Hid C:\Windows\System32\drivers\aPs2Kb2Hid.sys
17:56:25.0794 5760 Ps2Kb2Hid - ok
17:56:25.0816 5760 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:56:25.0964 5760 Psched - ok
17:56:26.0003 5760 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
17:56:26.0105 5760 QWAVE - ok
17:56:26.0132 5760 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:56:26.0234 5760 QWAVEdrv - ok
17:56:26.0248 5760 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:56:26.0399 5760 RasAcd - ok
17:56:26.0435 5760 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:56:26.0560 5760 RasAgileVpn - ok
17:56:26.0621 5760 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
17:56:26.0688 5760 RasAuto - ok
17:56:26.0731 5760 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:56:26.0821 5760 Rasl2tp - ok
17:56:26.0866 5760 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
17:56:27.0017 5760 RasMan - ok
17:56:27.0048 5760 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:56:27.0091 5760 RasPppoe - ok
17:56:27.0177 5760 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:56:27.0219 5760 RasSstp - ok
17:56:27.0273 5760 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:56:27.0427 5760 rdbss - ok
17:56:27.0483 5760 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
17:56:27.0710 5760 rdpbus - ok
17:56:27.0725 5760 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:56:27.0879 5760 RDPDR - ok
17:56:27.0925 5760 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:56:27.0944 5760 RdpVideoMiniport - ok
17:56:28.0023 5760 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:56:28.0141 5760 RDPWD - ok
17:56:28.0208 5760 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:56:28.0237 5760 rdyboost - ok
17:56:28.0381 5760 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:56:28.0492 5760 RemoteAccess - ok
17:56:28.0541 5760 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:56:28.0609 5760 RemoteRegistry - ok
17:56:28.0642 5760 [ CF59781FCB68F859EB6C835ED285211D ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
17:56:28.0713 5760 RfButtonDriverService - ok
17:56:28.0731 5760 [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:56:28.0830 5760 RFCOMM - ok
17:56:28.0894 5760 [ 381E606B90F32E501D1E2C852D211AB9 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:56:28.0929 5760 RpcEptMapper - ok
17:56:28.0942 5760 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
17:56:29.0011 5760 RpcLocator - ok
17:56:29.0033 5760 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
17:56:29.0074 5760 RpcSs - ok
17:56:29.0107 5760 [ 7B386B880EDAD12C5102B448E2A3127C ] RSBASTOR C:\Windows\system32\DRIVERS\RtsBaStor.sys
17:56:29.0177 5760 RSBASTOR - ok
17:56:29.0254 5760 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:56:29.0371 5760 rspndr - ok
17:56:29.0457 5760 [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
17:56:29.0514 5760 RTL8168 - ok
17:56:29.0590 5760 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
17:56:29.0816 5760 s3cap - ok
17:56:29.0856 5760 [ 6E0E63801FBEF27995107B8269BCFAAD ] SamSs C:\Windows\system32\lsass.exe
17:56:29.0879 5760 SamSs - ok
17:56:30.0580 5760 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
17:56:30.0655 5760 SBAMSvc - ok
17:56:30.0758 5760 [ 8F19D62B04081C0BFF1E8D6F26220A28 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
17:56:30.0817 5760 sbapifs - ok
17:56:30.0852 5760 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:56:30.0894 5760 sbp2port - ok
17:56:30.0943 5760 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:56:31.0054 5760 SCardSvr - ok
17:56:31.0067 5760 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:56:31.0112 5760 scfilter - ok
17:56:31.0199 5760 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
17:56:31.0292 5760 Schedule - ok
17:56:31.0356 5760 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:56:31.0418 5760 SCPolicySvc - ok
17:56:31.0531 5760 [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus C:\Windows\System32\drivers\sdbus.sys
17:56:31.0554 5760 sdbus - ok
17:56:31.0646 5760 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:56:31.0779 5760 SDRSVC - ok
17:56:31.0803 5760 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
17:56:31.0831 5760 sdstor - ok
17:56:31.0849 5760 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:56:31.0941 5760 secdrv - ok
17:56:32.0033 5760 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
17:56:32.0130 5760 seclogon - ok
17:56:32.0148 5760 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
17:56:32.0248 5760 SENS - ok
17:56:32.0294 5760 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:56:32.0412 5760 SensrSvc - ok
17:56:32.0489 5760 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
17:56:32.0557 5760 SerCx - ok
17:56:32.0604 5760 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
17:56:32.0656 5760 Serenum - ok
17:56:32.0670 5760 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
17:56:32.0773 5760 Serial - ok
17:56:32.0778 5760 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
17:56:32.0802 5760 sermouse - ok
17:56:32.0861 5760 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
17:56:32.0962 5760 SessionEnv - ok
17:56:33.0041 5760 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
17:56:33.0107 5760 sfloppy - ok
17:56:33.0161 5760 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:56:33.0284 5760 SharedAccess - ok
17:56:33.0343 5760 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:56:33.0487 5760 ShellHWDetection - ok
17:56:33.0525 5760 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:56:33.0572 5760 SiSRaid2 - ok
17:56:33.0601 5760 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:56:33.0641 5760 SiSRaid4 - ok
17:56:33.0724 5760 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:56:33.0888 5760 SNMPTRAP - ok
17:56:33.0913 5760 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys
17:56:33.0944 5760 spaceport - ok
17:56:34.0007 5760 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
17:56:34.0090 5760 SpbCx - ok
17:56:34.0295 5760 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
17:56:34.0388 5760 Spooler - ok
17:56:34.0943 5760 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
17:56:35.0418 5760 sppsvc - ok
17:56:35.0638 5760 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
17:56:35.0673 5760 SQLAgent$MSSMLBIZ - ok
17:56:35.0896 5760 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:56:36.0036 5760 SQLBrowser - ok
17:56:36.0230 5760 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:56:36.0310 5760 SQLWriter - ok
17:56:36.0420 5760 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:56:36.0492 5760 srv - ok
17:56:36.0602 5760 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:56:36.0706 5760 srv2 - ok
17:56:36.0777 5760 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:56:36.0832 5760 srvnet - ok
17:56:37.0012 5760 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:56:37.0148 5760 SSDPSRV - ok
17:56:37.0168 5760 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:56:37.0210 5760 SstpSvc - ok
17:56:37.0304 5760 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:56:37.0347 5760 stexstor - ok
17:56:37.0387 5760 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
17:56:37.0518 5760 stisvc - ok
17:56:37.0534 5760 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys
17:56:37.0578 5760 storahci - ok
17:56:37.0674 5760 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
17:56:37.0716 5760 storflt - ok
17:56:37.0801 5760 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
17:56:37.0991 5760 StorSvc - ok
17:56:38.0057 5760 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:56:38.0086 5760 storvsc - ok
17:56:38.0106 5760 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
17:56:38.0242 5760 svsvc - ok
17:56:38.0283 5760 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
17:56:38.0322 5760 swenum - ok
17:56:38.0367 5760 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
17:56:38.0421 5760 swprv - ok
17:56:38.0539 5760 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
17:56:38.0603 5760 SysMain - ok
17:56:38.0776 5760 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
17:56:38.0877 5760 SystemEventsBroker - ok
17:56:38.0978 5760 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
17:56:39.0153 5760 TabletInputService - ok
17:56:39.0167 5760 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
17:56:39.0316 5760 TapiSrv - ok
17:56:39.0369 5760 [ D192288CE5FB395F0BBAFDD1A8B5285D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:56:39.0523 5760 Tcpip - ok
17:56:39.0869 5760 [ D192288CE5FB395F0BBAFDD1A8B5285D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:56:39.0935 5760 TCPIP6 - ok
17:56:40.0021 5760 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:56:40.0116 5760 tcpipreg - ok
17:56:40.0156 5760 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:56:40.0247 5760 tdx - ok
17:56:40.0351 5760 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
17:56:40.0384 5760 terminpt - ok
17:56:40.0449 5760 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
17:56:40.0523 5760 TermService - ok
17:56:40.0550 5760 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
17:56:40.0672 5760 Themes - ok
17:56:40.0690 5760 [ DBD28A7997CF7303E610989C565C9B29 ] THREADORDER C:\Windows\system32\mmcss.dll
17:56:40.0724 5760 THREADORDER - ok
17:56:40.0789 5760 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
17:56:40.0825 5760 TimeBroker - ok
17:56:40.0953 5760 [ 151BD0387B1B320CC9AACE6DB071803B ] TPM C:\Windows\system32\drivers\tpm.sys
17:56:41.0028 5760 TPM - ok
17:56:41.0082 5760 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
17:56:41.0147 5760 TrkWks - ok
17:56:41.0285 5760 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:56:41.0409 5760 TrustedInstaller - ok
17:56:41.0453 5760 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:56:41.0562 5760 TsUsbFlt - ok
17:56:41.0620 5760 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
17:56:41.0763 5760 TsUsbGD - ok
17:56:41.0819 5760 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:56:41.0866 5760 tunnel - ok
17:56:41.0885 5760 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:56:41.0925 5760 uagp35 - ok
17:56:41.0959 5760 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
17:56:42.0001 5760 UASPStor - ok
17:56:42.0083 5760 [ 69CC6087483FCE6AEBF1DF5AE791044F ] UBHelper C:\windows\system32\drivers\UBHelper.sys
17:56:42.0129 5760 UBHelper - ok
17:56:42.0153 5760 [ AA48AEC5CEB2AA8ED1B1A5758B017F72 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
17:56:42.0182 5760 UCX01000 - ok
17:56:42.0199 5760 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:56:42.0245 5760 udfs - ok
17:56:42.0265 5760 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:56:42.0427 5760 UI0Detect - ok
17:56:42.0471 5760 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:56:42.0536 5760 uliagpkx - ok
17:56:42.0586 5760 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
17:56:42.0714 5760 umbus - ok
17:56:42.0732 5760 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
17:56:42.0770 5760 UmPass - ok
17:56:42.0840 5760 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
17:56:42.0985 5760 UmRdpService - ok
17:56:43.0228 5760 [ E1A119AD21F5AFE22EB516C549306D3D ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:56:43.0262 5760 UNS - ok
17:56:43.0433 5760 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
17:56:43.0554 5760 upnphost - ok
17:56:43.0643 5760 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
17:56:43.0849 5760 usbccgp - ok
17:56:43.0892 5760 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
17:56:44.0044 5760 usbcir - ok
17:56:44.0097 5760 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
17:56:44.0139 5760 usbehci - ok
17:56:44.0161 5760 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\Windows\System32\drivers\usbhub.sys
17:56:44.0188 5760 usbhub - ok
17:56:44.0259 5760 [ B7A948501424805571BF562BB0BFE31D ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
17:56:44.0362 5760 USBHUB3 - ok
17:56:44.0408 5760 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
17:56:44.0561 5760 usbohci - ok
17:56:44.0622 5760 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
17:56:44.0744 5760 usbprint - ok
17:56:44.0788 5760 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
17:56:44.0833 5760 USBSTOR - ok
17:56:44.0912 5760 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
17:56:44.0980 5760 usbuhci - ok
17:56:45.0145 5760 [ 75357960FD491E12416342CA12975FDA ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:56:45.0229 5760 usbvideo - ok
17:56:45.0272 5760 [ 8ABF3C3ED6BF5ED15DC947795FF6ACAC ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
17:56:45.0367 5760 USBXHCI - ok
17:56:45.0435 5760 [ 6E0E63801FBEF27995107B8269BCFAAD ] VaultSvc C:\Windows\system32\lsass.exe
17:56:45.0474 5760 VaultSvc - ok
17:56:45.0479 5760 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:56:45.0519 5760 vdrvroot - ok
17:56:45.0557 5760 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
17:56:45.0763 5760 vds - ok
17:56:45.0811 5760 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
17:56:45.0848 5760 VerifierExt - ok
17:56:45.0943 5760 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
17:56:46.0015 5760 vhdmp - ok
17:56:46.0065 5760 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
17:56:46.0130 5760 viaide - ok
17:56:46.0197 5760 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:56:46.0243 5760 vmbus - ok
17:56:46.0255 5760 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
17:56:46.0362 5760 VMBusHID - ok
17:56:46.0447 5760 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
17:56:46.0631 5760 vmicheartbeat - ok
17:56:46.0638 5760 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
17:56:46.0659 5760 vmickvpexchange - ok
17:56:46.0667 5760 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
17:56:46.0688 5760 vmicrdv - ok
17:56:46.0695 5760 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
17:56:46.0716 5760 vmicshutdown - ok
17:56:46.0814 5760 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
17:56:46.0888 5760 vmictimesync - ok
17:56:47.0025 5760 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
17:56:47.0096 5760 vmicvss - ok
17:56:47.0146 5760 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:56:47.0188 5760 volmgr - ok
17:56:47.0240 5760 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:56:47.0282 5760 volmgrx - ok
17:56:47.0406 5760 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:56:47.0541 5760 volsnap - ok
17:56:47.0630 5760 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
17:56:47.0667 5760 vpci - ok
17:56:47.0731 5760 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:56:47.0899 5760 vsmraid - ok
17:56:48.0083 5760 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
17:56:48.0216 5760 VSS - ok
17:56:48.0312 5760 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
17:56:48.0398 5760 VSTXRAID - ok
17:56:48.0437 5760 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:56:48.0573 5760 vwifibus - ok
17:56:48.0628 5760 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:56:48.0661 5760 vwififlt - ok
17:56:48.0672 5760 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:56:48.0829 5760 vwifimp - ok
17:56:48.0884 5760 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
17:56:48.0929 5760 W32Time - ok
17:56:48.0960 5760 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
17:56:48.0994 5760 WacomPen - ok
17:56:49.0006 5760 [ B69492CBD928534160594A7B33602575 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:56:49.0094 5760 Wanarp - ok
17:56:49.0130 5760 [ B69492CBD928534160594A7B33602575 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:56:49.0169 5760 Wanarpv6 - ok
17:56:49.0834 5760 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
17:56:50.0032 5760 wbengine - ok
17:56:50.0151 5760 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:56:50.0234 5760 WbioSrvc - ok
17:56:50.0263 5760 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
17:56:50.0397 5760 Wcmsvc - ok
17:56:50.0538 5760 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:56:50.0613 5760 wcncsvc - ok
17:56:50.0695 5760 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:56:50.0798 5760 WcsPlugInService - ok
17:56:50.0862 5760 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
17:56:50.0889 5760 Wd - ok
17:56:50.0930 5760 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
17:56:50.0965 5760 WdBoot - ok
17:56:51.0019 5760 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\System32\drivers\wdcsam64.sys
17:56:51.0575 5760 WDC_SAM - ok
17:56:51.0623 5760 [ 334E5ED94D3FAFF3C44F4D36B1FE1C90 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
17:56:51.0732 5760 WDDMService ( UnsignedFile.Multi.Generic ) - warning
17:56:51.0732 5760 WDDMService - detected UnsignedFile.Multi.Generic (1)
17:56:52.0124 5760 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:56:52.0181 5760 Wdf01000 - ok
17:56:52.0291 5760 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
17:56:52.0315 5760 WdFilter - ok
17:56:52.0352 5760 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:56:52.0473 5760 WdiServiceHost - ok
17:56:52.0515 5760 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:56:52.0568 5760 WdiSystemHost - ok
17:56:52.0648 5760 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
17:56:52.0895 5760 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
17:56:52.0895 5760 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
17:56:52.0937 5760 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
17:56:53.0064 5760 WebClient - ok
17:56:53.0178 5760 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:56:53.0350 5760 Wecsvc - ok
17:56:53.0445 5760 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:56:53.0867 5760 wercplsupport - ok
17:56:53.0885 5760 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\Windows\System32\WerSvc.dll
17:56:54.0037 5760 WerSvc - ok
17:56:54.0051 5760 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
17:56:54.0069 5760 WFPLWFS - ok
17:56:54.0142 5760 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
17:56:54.0311 5760 WiaRpc - ok
17:56:54.0401 5760 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:56:54.0414 5760 WIMMount - ok
17:56:54.0463 5760 WinDefend - ok
17:56:54.0520 5760 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
17:56:54.0708 5760 WinHttpAutoProxySvc - ok
17:56:54.0930 5760 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:56:54.0980 5760 Winmgmt - ok
17:56:55.0216 5760 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
17:56:55.0373 5760 WinRM - ok
17:56:55.0480 5760 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
17:56:55.0591 5760 WlanSvc - ok
17:56:55.0815 5760 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
17:56:56.0078 5760 wlidsvc - ok
17:56:56.0111 5760 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
17:56:56.0145 5760 WmiAcpi - ok
17:56:56.0278 5760 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:56:56.0390 5760 wmiApSrv - ok
17:56:56.0460 5760 WMPNetworkSvc - ok
17:56:56.0479 5760 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
17:56:56.0743 5760 wpcfltr - ok
17:56:56.0821 5760 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:56:56.0893 5760 WPCSvc - ok
17:56:56.0950 5760 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:56:57.0133 5760 WPDBusEnum - ok
17:56:57.0156 5760 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
17:56:57.0329 5760 WpdUpFltr - ok
17:56:57.0368 5760 [ 58D492F986EC519ECDD54D93618758F8 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:56:57.0488 5760 ws2ifsl - ok
17:56:57.0563 5760 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
17:56:57.0682 5760 wscsvc - ok
17:56:57.0686 5760 WSearch - ok
17:56:57.0980 5760 [ FEC16FE5EAC2D8CD4628B69667B90DE6 ] WSService C:\Windows\System32\WSService.dll
17:56:58.0115 5760 WSService - ok
17:56:58.0306 5760 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\Windows\system32\wuaueng.dll
17:56:58.0525 5760 wuauserv - ok
17:56:58.0550 5760 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:56:58.0679 5760 WudfPf - ok
17:56:58.0716 5760 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
17:56:58.0901 5760 WUDFRd - ok
17:56:58.0949 5760 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
17:56:59.0027 5760 WUDFSensorLP - ok
17:56:59.0053 5760 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:56:59.0097 5760 wudfsvc - ok
17:56:59.0138 5760 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
17:56:59.0170 5760 WUDFWpdFs - ok
17:56:59.0309 5760 [ 9FE55B90B1778C4FE351ECD1AEFD8AAF ] WwanSvc C:\Windows\System32\wwansvc.dll
17:56:59.0405 5760 WwanSvc - ok
17:56:59.0422 5760 ================ Scan global ===============================
17:56:59.0480 5760 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
17:56:59.0664 5760 [ B36597EF454D4FEA2F11429A9A1424BD ] C:\Windows\system32\winsrv.dll
17:56:59.0754 5760 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
17:56:59.0894 5760 [ 754A2CC1F32107EA87CBD305ABE3E618 ] C:\Windows\system32\services.exe
17:56:59.0900 5760 [Global] - ok
17:56:59.0902 5760 ================ Scan MBR ==================================
17:56:59.0909 5760 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:57:00.0320 5760 \Device\Harddisk0\DR0 - ok
17:57:00.0321 5760 ================ Scan VBR ==================================
17:57:00.0340 5760 [ 983E14A3C8823BAEFF60621053C60F9A ] \Device\Harddisk0\DR0\Partition1
17:57:00.0343 5760 \Device\Harddisk0\DR0\Partition1 - ok
17:57:00.0373 5760 [ 474482525403A34E8438A7A3143315EE ] \Device\Harddisk0\DR0\Partition2
17:57:00.0374 5760 \Device\Harddisk0\DR0\Partition2 - ok
17:57:00.0382 5760 [ 1DEC8F6338BF63839C2FEF02B9AD644E ] \Device\Harddisk0\DR0\Partition3
17:57:00.0413 5760 \Device\Harddisk0\DR0\Partition3 - ok
17:57:00.0438 5760 [ EBBAF7BFD432763DC3958016C7D481BB ] \Device\Harddisk0\DR0\Partition4
17:57:00.0461 5760 \Device\Harddisk0\DR0\Partition4 - ok
17:57:00.0476 5760 [ 628E18C0BD89806F35D0EB19B5FE11E5 ] \Device\Harddisk0\DR0\Partition5
17:57:00.0478 5760 \Device\Harddisk0\DR0\Partition5 - ok
17:57:00.0479 5760 ============================================================
17:57:00.0479 5760 Scan finished
17:57:00.0479 5760 ============================================================
17:57:00.0490 3508 Detected object count: 2
17:57:00.0490 3508 Actual detected object count: 2
17:57:54.0991 3508 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:54.0991 3508 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:54.0991 3508 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:54.0991 3508 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does this happen in all browsers ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have not seen this problem in IE although I rarely use it. Also I downloaded Combo Fix to desktop and it says it does not support my system (windows 8)Prior to download I disabled my antivirus/spyware
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK change of tack I didn't realise Combofix was not yet ready for 8

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#9
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
RogueKiller V8.5.1 [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Pam [Admin rights]
Mode : Scan -- Date : 02/19/2013 17:59:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]
[RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] b19a0f94c1e357fff6a5a7cc92a35ca6
[BSP] 9e2d02ba0d029f34c2a4672aa7735268 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02192013_02d1759.txt >>
RKreport[1]_S_02192013_02d1759.txt


RogueKiller V8.5.1 [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Pam [Admin rights]
Mode : Remove -- Date : 02/19/2013 18:02:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]
[RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]
[RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] b19a0f94c1e357fff6a5a7cc92a35ca6
[BSP] 9e2d02ba0d029f34c2a4672aa7735268 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02192013_02d1802.txt >>
RKreport[1]_S_02192013_02d1759.txt ; RKreport[2]_D_02192013_02d1802.txt

RogueKiller V8.5.1 [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Pam [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/19/2013 18:04:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]
[RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]
[RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 550 / Fail 0
My documents: Success 3 / Fail 3
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 335 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_02192013_02d1804.txt >>
RKreport[1]_S_02192013_02d1759.txt ; RKreport[2]_D_02192013_02d1802.txt ; RKreport[3]_SC_02192013_02d1804.txt
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you now run a fresh OTL scan please, also check to see whether IE is behaving or not

Then

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

Advertisements


#11
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I worked in IE last night and no problems until I went to google. Also used IE today and no problems
Fresh OTL scan


OTL logfile created on: 2/20/2013 12:06:03 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pam\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 4.98 Gb Available Physical Memory | 63.82% Memory free
15.80 Gb Paging File | 12.67 Gb Available in Paging File | 80.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.15 Gb Total Space | 610.20 Gb Free Space | 89.19% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: PJ | User Name: Pam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/19 17:55:44 | 000,798,208 | ---- | M] () -- C:\Users\Pam\Downloads\RogueKiller.exe
PRC - [2013/02/18 17:13:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pam\Downloads\OTL.exe
PRC - [2013/01/31 10:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2012/08/23 23:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
PRC - [2012/08/23 01:24:38 | 000,259,136 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/08/23 01:24:10 | 000,533,568 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2012/08/22 17:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012/08/22 17:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012/08/21 21:36:54 | 000,473,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/08/21 21:36:52 | 001,176,176 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/08/21 21:36:52 | 000,348,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/08/15 14:50:54 | 006,054,824 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe
PRC - [2012/07/25 22:21:03 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/04 12:57:44 | 000,990,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/03/25 07:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Pam\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/16 12:55:24 | 000,648,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\53a9f9c216117a20745275946c6169cb\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2013/02/16 12:55:22 | 010,291,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\a90a3198c1cdc300344a8f4d8a17547a\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2013/02/16 12:55:17 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4e0b80cd44dbb1d3b283aea5496da8e9\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/16 12:55:15 | 001,085,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\e32e041a6ea10e8a4983dc6173c76f2b\Microsoft.Iris.ImportExport.ni.dll
MOD - [2013/02/16 12:55:06 | 000,551,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\4b219466ab2dcd38f14043c04863ec30\Iris.Mapi.MessageStore.ni.dll
MOD - [2013/02/16 12:55:06 | 000,522,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\3699bf79927ea44ef5c1975f3b7b3422\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2013/02/16 12:55:04 | 006,183,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\f245ba9287dbea43dd3ab5602105d7a9\BusinessLayer.ni.dll
MOD - [2013/02/16 12:54:57 | 000,891,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WinFormsRegions\0d9f9d379d35298285c5f3cac6e4a3c1\WinFormsRegions.ni.dll
MOD - [2013/02/16 12:54:56 | 001,130,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\4011f408d69039b4a1b6bcfbe678fc51\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2013/02/16 12:54:55 | 003,104,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\b2bbef4ac9ccddd67a92946836e16952\BCMRes.ni.dll
MOD - [2013/02/16 12:54:53 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d9b1eab5c18e51eaf4acc4894df0f223\System.ServiceProcess.ni.dll
MOD - [2013/02/15 15:25:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll
MOD - [2013/01/15 22:06:45 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll
MOD - [2013/01/15 22:01:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\7513a19f53d5b7fcadfd35b5b10c0038\Extensibility.ni.dll
MOD - [2013/01/15 22:01:40 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WinFormsHostLib\f8bde1011b72e79989abf59f9ae15c30\WinFormsHostLib.ni.dll
MOD - [2013/01/15 22:01:36 | 000,199,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\86254eb7d740c9513d4058194b8ace36\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2013/01/15 22:01:35 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\61fafc70c956a31e2c6a8a84fbf4e59d\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2013/01/15 22:01:23 | 000,414,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\15a9e7d07ed9147948fa7ffe02e7930c\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2013/01/15 22:01:22 | 002,381,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\df328985097620bc53c99036ae8fb62f\Microsoft.Interop.eCRM.Outlook.ni.dll
MOD - [2013/01/15 22:01:22 | 001,016,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.eCRM.Offi#\da58bdca374c46b427d2cb1372941cce\Microsoft.eCRM.Office.ni.dll
MOD - [2013/01/15 22:01:22 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\04b78d73703b2818d2a11e56b9a70f56\stdole.ni.dll
MOD - [2013/01/15 22:00:51 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cb521f56a980b6e8570537bdee805605\System.DirectoryServices.ni.dll
MOD - [2013/01/15 22:00:49 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fe30f9017b763714b1372d77204cd3d0\System.Transactions.ni.dll
MOD - [2013/01/15 22:00:48 | 000,782,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\5efb2eceb62c5cb3f43cdea7a8342a1a\BCMCommon.ni.dll
MOD - [2013/01/15 22:00:37 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll
MOD - [2013/01/14 19:35:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll
MOD - [2013/01/14 19:35:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll
MOD - [2013/01/14 19:34:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll
MOD - [2013/01/14 19:34:55 | 006,656,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\644cb8dc7b37a1eec15f542da9846d0c\System.Data.ni.dll
MOD - [2013/01/14 19:34:24 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll
MOD - [2013/01/14 19:34:16 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012/12/09 10:57:54 | 000,459,176 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\4.0.0.0__31bf3856ad364e35\BCMCommon.dll
MOD - [2012/12/09 09:50:05 | 000,605,096 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\4.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
MOD - [2012/12/09 09:19:44 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2012/08/30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012/08/30 22:22:44 | 000,094,648 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avpapplication.dll
MOD - [2012/08/23 01:26:10 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2012/08/22 17:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012/08/22 17:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
MOD - [2012/07/26 04:23:08 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/07/26 04:23:08 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/07/26 04:23:08 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2011/05/08 22:08:16 | 001,439,656 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/03/25 07:45:10 | 000,011,176 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\Microsoft.Interop.Mapi.Interfaces.resources.dll
MOD - [2010/03/25 07:44:44 | 000,083,880 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BusinessLayer.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/08/22 23:36:28 | 000,468,624 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService)
SRV:64bit: - [2012/08/22 22:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/07/25 23:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/13 11:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2013/01/07 18:28:05 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/09/25 18:59:17 | 000,093,296 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService)
SRV - [2012/09/10 22:50:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (avp)
SRV - [2012/08/23 23:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2012/08/23 01:24:38 | 000,259,136 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2012/08/21 21:36:52 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/08/10 20:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/11 22:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/25 07:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/01/09 20:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/01/07 18:28:04 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/15 01:14:30 | 003,701,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/25 19:24:36 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/09/25 19:24:36 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/09/25 19:24:36 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/09/25 18:59:17 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid)
DRV:64bit: - [2012/08/20 12:32:46 | 000,316,816 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/08/10 20:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/10 20:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 20:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 20:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 20:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 20:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 20:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 20:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 00:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/09 15:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/14 18:33:26 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/06/13 21:23:58 | 000,294,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/06/13 00:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 09:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX)
DRV:64bit: - [2012/06/02 09:31:32 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/07/09 14:51:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/20 13:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/12/14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2008/05/06 19:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8285749D-2AB6-43D2-90FF-C463C2B6AA11}
IE:64bit: - HKLM\..\SearchScopes\{8285749D-2AB6-43D2-90FF-C463C2B6AA11}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {8285749D-2AB6-43D2-90FF-C463C2B6AA11}
IE - HKLM\..\SearchScopes\{8285749D-2AB6-43D2-90FF-C463C2B6AA11}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2787539444-2474176699-1682119474-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKU\S-1-5-21-2787539444-2474176699-1682119474-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....8E76B51228534E8
IE - HKU\S-1-5-21-2787539444-2474176699-1682119474-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-2787539444-2474176699-1682119474-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}
IE - HKU\S-1-5-21-2787539444-2474176699-1682119474-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@kaspersky.com/Password Manager: C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\MODULE~1\npkpmAutofill.dll (Kaspersky Lab)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2013/02/15 16:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2013/02/15 16:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2013/02/15 16:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: InstaPinterest = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahlheacbbhkkdbefgcincdepfngkjokh\1.1_0\
CHR - Extension: AccuWeather Forecast = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaabbcbolfcclofcpdipmefibpgacgc\1.3_0\
CHR - Extension: Google Drive = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: eBay Web App = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
CHR - Extension: Facebook = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google Search = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Password Manager plugin = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\6.0.1.54\
CHR - Extension: Google+ = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\
CHR - Extension: Google Calendar = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Pinterest button = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl\6.4_0\
CHR - Extension: Cloud Reader = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Virtual Keyboard = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Google Tasks Offline (Unofficial) = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh\2.1_0\
CHR - Extension: Google +1 Button = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\
CHR - Extension: Autodesk Homestyler = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
CHR - Extension: Google Mail Checker = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Insta Craigslist = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjekhndfldbgjcdcldikibfpfabmojb\1_0\
CHR - Extension: Top App Finder = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbcdleejgmedckepdmjghelffpojipp\0.0.1.5_0\
CHR - Extension: Accuweather For Google Chrome = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nggdfhmoncbddllphjadgnklmghkiblm\1.0_0\
CHR - Extension: Amazon Windowshop = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nielaigelomefgdoljcpfgbdbfefhdjc\1.1.0.0_0\
CHR - Extension: My Chrome Theme = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Winter Night in Moonlight = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\offcedjaceddaegkpebcocccakpdjkin\1_0\
CHR - Extension: Christian Quotes = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkoheflogmnooofabbnbdkgidjoaack\1.0_0\
CHR - Extension: Facebook Themes (Facebook Theme Gallery) = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\phejagnmddcjhjblnacgmejghffmhjfp\2.0.12_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.7_0\
CHR - Extension: Gmail = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [bdinstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] File not found
O4 - HKU\S-1-5-21-2787539444-2474176699-1682119474-1001..\Run: [googletalk] C:\Users\Pam\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-2787539444-2474176699-1682119474-1001..\Run: [SkyDrive] C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Kaspersky PURE - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\spIEBho.dll (Kaspersky Lab)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Kaspersky PURE - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\spIEBho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 165.166.142.42 165.166.8.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149B3963-DE4C-493C-B0F2-F3051ADD3DBC}: DhcpNameServer = 192.168.1.1 165.166.142.42 165.166.8.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4697643-A9CF-493C-8E98-6E1E7FDCCC9F}: DhcpNameServer = 192.12.128.24
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{fafc3051-408c-11e2-be7a-206a8adb2330}\Shell - "" = AutoRun
O33 - MountPoints2\{fafc3051-408c-11e2-be7a-206a8adb2330}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/19 19:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013/02/19 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Mozilla
[2013/02/19 19:21:25 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2013/02/19 19:21:22 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Google
[2013/02/19 17:57:53 | 000,000,000 | ---D | C] -- C:\Users\Pam\Desktop\RK_Quarantine
[2013/02/18 16:53:17 | 000,038,096 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys
[2013/02/18 14:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/02/18 14:50:59 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\LavasoftStatistics
[2013/02/18 14:49:58 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\adawarebp
[2013/02/18 14:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/02/18 14:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/02/18 14:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/02/18 14:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/02/18 14:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/02/18 14:45:12 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Ad-Aware Antivirus
[2013/02/18 13:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/02/18 01:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2013/02/17 10:40:21 | 000,000,000 | --SD | C] -- C:\Users\Pam\Documents\Passwords Database
[2013/02/16 17:00:45 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/02/16 17:00:44 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/02/16 17:00:30 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/02/16 17:00:30 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/02/16 17:00:30 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/02/16 17:00:28 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/02/16 17:00:28 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/02/16 17:00:28 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/02/16 17:00:25 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/02/16 17:00:25 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/02/16 17:00:23 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/02/16 17:00:19 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/02/16 17:00:19 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/02/16 17:00:19 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/02/16 17:00:19 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/02/16 17:00:19 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/02/16 17:00:19 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/02/16 17:00:19 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/02/16 17:00:19 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/02/16 17:00:19 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/02/16 17:00:18 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/02/16 17:00:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/02/16 17:00:18 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013/02/16 17:00:18 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/02/16 17:00:18 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/02/16 17:00:18 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/02/16 17:00:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/02/16 17:00:18 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/02/16 17:00:18 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/02/16 17:00:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/02/16 17:00:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/02/15 17:58:15 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/02/15 16:04:44 | 000,000,000 | R--D | C] -- C:\Backup
[2013/02/15 16:02:58 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2013/02/15 16:02:58 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2013/02/15 16:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/02/15 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2013/02/15 16:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/02/15 16:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/02/14 12:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/02/13 08:07:34 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 08:07:32 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/13 08:07:19 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/13 08:07:17 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/02/13 08:07:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/13 08:07:16 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/13 08:07:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/13 08:07:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/13 08:07:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/13 08:07:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/13 08:07:16 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/02/13 08:07:16 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/02/13 08:07:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/02/13 08:07:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/02 00:19:58 | 000,000,000 | R--D | C] -- C:\Users\Pam\SkyDrive
[2013/02/02 00:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/02/02 00:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/01/26 14:11:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/23 18:46:25 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\MusicPlayer
[2013/01/22 11:48:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[1 C:\Users\Pam\Documents\*.tmp files -> C:\Users\Pam\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/20 12:02:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/19 20:29:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2787539444-2474176699-1682119474-1001UA.job
[2013/02/19 20:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/19 20:04:49 | 000,001,300 | ---- | M] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/02/19 19:51:23 | 000,001,477 | ---- | M] () -- C:\Users\Pam\Desktop\g2m_download - Shortcut.lnk
[2013/02/19 19:29:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2787539444-2474176699-1682119474-1001Core.job
[2013/02/19 19:20:51 | 000,001,090 | ---- | M] () -- C:\Users\Pam\Desktop\googletalk-setup - Shortcut.lnk
[2013/02/19 17:56:02 | 000,001,468 | ---- | M] () -- C:\Users\Pam\Desktop\RogueKiller - Shortcut.lnk
[2013/02/19 17:21:22 | 000,001,134 | ---- | M] () -- C:\Users\Pam\Desktop\ComboFix - Shortcut.lnk
[2013/02/19 17:13:13 | 000,939,898 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/19 17:13:13 | 000,784,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/19 17:13:13 | 000,156,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/19 17:08:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/19 17:07:27 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/02/19 17:07:26 | 2405,511,167 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/19 17:07:22 | 000,053,284 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe
[2013/02/19 17:05:09 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2013/02/18 13:07:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/17 17:24:25 | 000,001,369 | ---- | M] () -- C:\Users\Pam\Desktop\IntegrativeNutrition2ndEdUpdate_PDF.pdf - Shortcut.lnk
[2013/02/15 21:32:20 | 000,000,162 | ---- | M] () -- C:\Windows\reimage.ini
[2013/02/15 16:04:46 | 000,017,408 | ---- | M] () -- C:\Users\Pam\AppData\Local\WebpageIcons.db
[2013/02/15 16:03:24 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2013/02/15 16:03:24 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2013/02/14 22:56:22 | 000,422,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 11:53:06 | 000,005,726 | ---- | M] () -- C:\Users\Pam\Documents\cc_20130212_115300.reg
[2013/02/06 18:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/06 18:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/02 22:44:57 | 001,374,873 | ---- | M] () -- C:\Users\Pam\Documents\double rainbow.jpg
[2013/02/02 22:16:28 | 000,560,269 | ---- | M] () -- C:\Users\Pam\Documents\OMPReport (1).pdf
[2013/02/02 22:15:43 | 000,560,269 | ---- | M] () -- C:\Users\Pam\Documents\OMPReport.pdf
[2013/01/31 23:33:34 | 000,050,390 | ---- | M] () -- C:\Users\Pam\Documents\2012fitr.pdf
[2013/01/31 14:59:01 | 001,869,704 | ---- | M] () -- C:\Users\Pam\Documents\acid-alkaline-food-chart-1.3.pdf
[2013/01/30 23:40:04 | 000,680,854 | ---- | M] () -- C:\Users\Pam\Documents\alkaline-water-guide-2.0.pdf
[2013/01/29 00:37:53 | 000,000,624 | ---- | M] () -- C:\Users\Pam\Documents\color note bills drs appt
[2013/01/28 22:19:39 | 000,073,987 | ---- | M] () -- C:\Users\Pam\Documents\Carb-Cycling-for-Fat-Loss.pdf
[2013/01/27 22:21:47 | 001,523,635 | ---- | M] () -- C:\Users\Pam\Documents\Crochet_Hat_and_Crochet_Cloche.pdf
[2013/01/22 13:12:26 | 000,016,282 | ---- | M] () -- C:\Windows\SysNative\results.xml
[1 C:\Users\Pam\Documents\*.tmp files -> C:\Users\Pam\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/19 19:51:23 | 000,001,477 | ---- | C] () -- C:\Users\Pam\Desktop\g2m_download - Shortcut.lnk
[2013/02/19 19:24:23 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2787539444-2474176699-1682119474-1001UA.job
[2013/02/19 19:24:22 | 000,000,854 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2787539444-2474176699-1682119474-1001Core.job
[2013/02/19 19:20:51 | 000,001,090 | ---- | C] () -- C:\Users\Pam\Desktop\googletalk-setup - Shortcut.lnk
[2013/02/19 17:56:02 | 000,001,468 | ---- | C] () -- C:\Users\Pam\Desktop\RogueKiller - Shortcut.lnk
[2013/02/19 17:21:22 | 000,001,134 | ---- | C] () -- C:\Users\Pam\Desktop\ComboFix - Shortcut.lnk
[2013/02/19 17:05:09 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2013/02/19 16:51:35 | 000,002,088 | ---- | C] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus.lnk
[2013/02/17 17:24:25 | 000,001,369 | ---- | C] () -- C:\Users\Pam\Desktop\IntegrativeNutrition2ndEdUpdate_PDF.pdf - Shortcut.lnk
[2013/02/16 17:00:18 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/02/15 21:30:40 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2013/02/15 16:04:45 | 000,017,408 | ---- | C] () -- C:\Users\Pam\AppData\Local\WebpageIcons.db
[2013/02/15 16:04:43 | 000,001,263 | ---- | C] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0 .lnk
[2013/02/15 16:03:24 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2013/02/15 16:03:24 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2013/02/14 22:56:10 | 000,422,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 11:53:04 | 000,005,726 | ---- | C] () -- C:\Users\Pam\Documents\cc_20130212_115300.reg
[2013/02/02 22:44:39 | 001,374,873 | ---- | C] () -- C:\Users\Pam\Documents\double rainbow.jpg
[2013/02/02 22:16:19 | 000,560,269 | ---- | C] () -- C:\Users\Pam\Documents\OMPReport (1).pdf
[2013/02/02 22:15:29 | 000,560,269 | ---- | C] () -- C:\Users\Pam\Documents\OMPReport.pdf
[2013/02/02 00:19:57 | 000,002,253 | ---- | C] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013/01/31 23:33:13 | 000,050,390 | ---- | C] () -- C:\Users\Pam\Documents\2012fitr.pdf
[2013/01/31 14:58:53 | 001,869,704 | ---- | C] () -- C:\Users\Pam\Documents\acid-alkaline-food-chart-1.3.pdf
[2013/01/30 23:39:55 | 000,680,854 | ---- | C] () -- C:\Users\Pam\Documents\alkaline-water-guide-2.0.pdf
[2013/01/29 00:37:52 | 000,000,624 | ---- | C] () -- C:\Users\Pam\Documents\color note bills drs appt
[2013/01/28 22:19:39 | 000,073,987 | ---- | C] () -- C:\Users\Pam\Documents\Carb-Cycling-for-Fat-Loss.pdf
[2013/01/27 22:21:34 | 001,523,635 | ---- | C] () -- C:\Users\Pam\Documents\Crochet_Hat_and_Crochet_Cloche.pdf
[2013/01/07 18:28:05 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/01/07 18:28:03 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013/01/07 18:28:03 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/09 09:47:45 | 000,955,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/08 22:04:18 | 000,006,656 | ---- | C] () -- C:\Users\Pam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/25 19:38:58 | 000,000,280 | ---- | C] () -- C:\Windows\LaunApp.ini
[2012/09/25 19:33:02 | 000,001,450 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012/09/25 19:33:02 | 000,000,224 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2012/09/25 18:53:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/09/10 23:17:15 | 000,000,460 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2012/09/10 23:17:15 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 19:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 15:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 15:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/12/08 21:13:45 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/01/09 18:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 18:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


# AdwCleaner v2.112 - Logfile created 02/20/2013 at 12:21:49
# Updated 10/02/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Pam - PJ
# Boot Mode : Normal
# Running from : C:\Users\Pam\Downloads\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\search protection

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Marty_2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1116 octets] - [20/02/2013 12:21:49]

########## EOF - C:\AdwCleaner[S1].txt - [1176 octets] ##########
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still having problems with Chrome ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {8285749D-2AB6-43D2-90FF-C463C2B6AA11}
IE - HKLM\..\SearchScopes\{8285749D-2AB6-43D2-90FF-C463C2B6AA11}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
IE - HKU\S-1-5-21-2787539444-2474176699-1682119474-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-2787539444-2474176699-1682119474-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#13
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I havent had the popups in a few hours but decided to run fix and quick scan to insure all problems are corrected.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8285749D-2AB6-43D2-90FF-C463C2B6AA11}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8285749D-2AB6-43D2-90FF-C463C2B6AA11}\ not found.
HKEY_USERS\S-1-5-21-2787539444-2474176699-1682119474-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2787539444-2474176699-1682119474-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marty

User: Marty_2
->Temp folder emptied: 307593 bytes
->Temporary Internet Files folder emptied: 2342701 bytes
->Google Chrome cache emptied: 338713417 bytes

User: Pam
->Temp folder emptied: 105490923 bytes
->Temporary Internet Files folder emptied: 71969971 bytes
->Google Chrome cache emptied: 318636986 bytes
->Flash cache emptied: 1188 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 129025 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 799.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02202013_174147

Files\Folders moved on Reboot...
File\Folder C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WZZO9UJH\like[1].htm not found!
File\Folder C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WZZO9UJH\like[2].htm not found!
File\Folder C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WZZO9UJH\pinterest_com[1].htm not found!
C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WZZO9UJH\tweet_button.1360972506[1].htm moved successfully.
C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WZZO9UJH\xd_arbiter[1].htm moved successfully.
File\Folder C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RQ3058TU\like[2].htm not found!
File\Folder C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PH2UAHG6\like[1].htm not found!
C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0QK5Z6H2\37-virus-spyware-malware-removal[1].htm moved successfully.
C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0ECBB1B2-DB8B-4164-B47B-3A175846A6BD}.tmp moved successfully.
C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9CCAB1A7-3BFC-49C4-99C9-633AEBC24B8E}.tmp moved successfully.
C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\lm\Pam\aipflib.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\Pam\LMutilps32.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


After running i installed the MalwareBytes and scanned (1 malicious item detected) below is the log.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.20.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
Pam :: PJ [administrator]

2/20/2013 6:17:51 PM
mbam-log-2013-02-20 (18-17-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240811
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Pam\Downloads\mplayer_Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.

(end)


After reboot I scanned once more and found no malicious items detected

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.20.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
Pam :: PJ [administrator]

2/20/2013 6:26:22 PM
mbam-log-2013-02-20 (18-26-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240251
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

so far no problems found
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#15
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Wow you are amazing! I cant thank you enough for all your help!! I did try to download Trusteer Rapport but it did not have my bank name in the drop down box so I'm not sure how to download it. I would love to be able to use this. Thank you again for all your time, expertise and training. I'll be sure to use the paypal.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP