Remove Delta Serch - stuck on Malwarebytes scan

[smilinthyme]

I have added the OTL Logs and the aswMBR log below. Also added a screenshot for the Malwarebytes freeze. As I am in a different timezone I wont be able to answer any questions for at least 10 hours. I hope someone can help. Thank you.




aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-07 00:17:07
-----------------------------
00:17:07.205 OS Version: Windows x64 6.1.7601 Service Pack 1
00:17:07.205 Number of processors: 4 586 0x3A09
00:17:07.220 ComputerName: MARVINIII UserName:
00:17:12.109 Initialize success
00:17:33.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:17:33.538 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
00:17:33.554 Disk 0 MBR read successfully
00:17:33.554 Disk 0 MBR scan
00:17:33.554 Disk 0 Windows 7 default MBR code
00:17:33.554 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:17:33.569 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 689697 MB offset 409600
00:17:33.647 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 25404 MB offset 1412909056
00:17:33.663 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
00:17:33.710 Disk 0 scanning C:\Windows\system32\drivers
00:17:46.736 Service scanning
00:18:06.875 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
00:18:07.000 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
00:18:07.328 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
00:18:07.921 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
00:18:31.898 Modules scanning
00:18:31.898 Disk 0 trace - called modules:
00:18:31.913 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
00:18:31.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800957d790]
00:18:31.929 3 CLASSPNP.SYS[fffff88001dcf43f] -> nt!IofCallDriver -> [0xfffffa8008273960]
00:18:31.929 5 hpdskflt.sys[fffff88001e88189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8009581050]
00:18:31.929 Scan finished successfully
00:18:53.707 Disk 0 MBR has been saved successfully to "C:\Users\Marvin III\Desktop\MBR.dat"
00:18:53.707 The log file has been saved successfully to "C:\Users\Marvin III\Desktop\aswMBR.txt"




OTL logfile created on: 2013-03-07 00:03:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marvin III\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

7,90 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 74,64% Memory free
15,81 Gb Paging File | 13,69 Gb Available in Paging File | 86,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 673,53 Gb Total Space | 624,30 Gb Free Space | 92,69% Space Free | Partition Type: NTFS
Drive D: | 24,81 Gb Total Space | 2,58 Gb Free Space | 10,41% Space Free | Partition Type: NTFS

Computer Name: MARVINIII | User Name: Marvin III | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marvin III\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Marvin III\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/11
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{5ED31B73-0CDA-4CE7-AE57-8419F02A83B4}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/11
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{5ED31B73-0CDA-4CE7-AE57-8419F02A83B4}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\..\SearchScopes,DefaultScope = {BB05B595-7F93-4B37-A39A-8D67D39BD32E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=930
IE - HKCU\..\SearchScopes\{5ED31B73-0CDA-4CE7-AE57-8419F02A83B4}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{BB05B595-7F93-4B37-A39A-8D67D39BD32E}: "URL" = http://www.google.com/search?hl=sv&q={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marvin III\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marvin III\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-11-15 00:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-11-15 00:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-11-15 00:07:32 | 000,000,000 | ---D | M]

[2013-03-02 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin III\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2013-03-02 15:52:30 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Marvin III\AppData\Roaming\mozilla\firefox\profiles\0\extensions\freehdsport@freehdsport.tv.xpi
[2013-03-02 15:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Marvin III\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Ski&cka till OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Ski&cka till OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6E1068C-273F-402F-9B96-B0AF3193FB19}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F808C700-648D-4CB6-8CCE-C8517812DD8E}: DhcpNameServer = 40.20.1.201 40.20.1.202
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-03-06 22:19:07 | 000,000,000 | ---D | C] -- C:\Users\Marvin III\AppData\Roaming\Malwarebytes
[2013-03-06 22:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-03-06 22:17:44 | 000,000,000 | ---D | C] -- C:\Users\Marvin III\AppData\Local\Programs
[2013-03-05 22:21:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-03-03 21:54:22 | 000,000,000 | ---D | C] -- C:\Users\Marvin III\AppData\Roaming\WildTangent
[2013-03-02 15:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
[2013-03-02 15:53:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013-03-02 15:53:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013-03-02 15:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-03-02 15:52:30 | 000,000,000 | ---D | C] -- C:\Users\Marvin III\AppData\Roaming\Mozilla
[2013-03-02 15:52:09 | 000,000,000 | ---D | C] -- C:\Users\Marvin III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VipBoxSportsApp.com
[2013-03-02 15:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VipBoxSportsApp.com
[2013-02-27 22:55:40 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013-02-27 22:55:40 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013-02-27 22:55:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013-02-27 22:55:39 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013-02-27 22:55:32 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013-02-27 22:55:32 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013-02-27 22:55:30 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013-02-27 22:55:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-02-27 22:55:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-02-27 22:55:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-02-27 22:55:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-02-27 22:55:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-02-27 22:55:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-02-27 22:55:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-02-27 22:55:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-02-27 22:55:29 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013-02-27 22:55:29 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013-02-27 22:55:29 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013-02-27 22:55:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013-02-27 22:55:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013-02-27 22:55:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-02-27 22:55:28 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013-02-27 22:55:28 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013-02-27 22:55:28 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013-02-27 22:55:28 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013-02-27 22:55:28 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013-02-27 22:55:28 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013-02-27 22:55:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013-02-27 22:55:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-02-27 22:55:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-02-27 22:55:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-02-27 22:55:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-02-27 22:55:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-02-27 22:55:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-02-27 22:55:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-02-27 22:55:27 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013-02-27 22:55:27 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013-02-27 22:55:27 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013-02-27 22:55:27 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013-02-27 22:55:27 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013-02-27 22:55:27 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013-02-27 22:54:44 | 015,846,768 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013-02-18 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\Marvin III\AppData\Local\ElevatedDiagnostics
[2013-02-16 14:53:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-02-16 14:53:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-02-16 14:53:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-02-16 14:53:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-02-16 14:53:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-02-16 14:53:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-02-16 14:53:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-02-16 14:53:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-02-16 14:53:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-02-16 14:53:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-02-16 14:53:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-02-16 14:53:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-02-16 14:53:26 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-02-16 14:53:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-02-16 14:53:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-02-13 20:45:18 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-02-13 20:45:16 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-02-13 20:45:16 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-02-13 20:45:09 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-02-13 20:45:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-02-13 20:45:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-02-13 20:45:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-02-13 20:45:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-02-13 20:45:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-02-13 20:45:05 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

========== Files - Modified Within 30 Days ==========

[2013-03-06 23:33:22 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-06 23:33:22 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-06 23:32:00 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-486875228-3771430239-1943154165-1000UA.job
[2013-03-06 23:31:18 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-06 23:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-06 23:25:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-06 23:25:51 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-06 23:21:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-06 22:59:47 | 000,279,524 | ---- | M] () -- C:\Users\Marvin III\Desktop\malwarebytes freeze.png
[2013-03-06 21:33:17 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013-03-03 21:54:00 | 000,002,590 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2013-03-03 01:32:01 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-486875228-3771430239-1943154165-1000Core.job
[2013-03-02 15:52:09 | 000,000,900 | ---- | M] () -- C:\Users\Marvin III\Desktop\VipBoxSportsApp.lnk
[2013-03-02 13:50:03 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarvin III.job
[2013-02-27 22:54:50 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-02-27 22:54:50 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-02-27 22:54:44 | 015,846,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013-02-21 15:30:14 | 001,466,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-02-21 15:30:14 | 000,625,772 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013-02-21 15:30:14 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-02-21 15:30:14 | 000,123,894 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013-02-21 15:30:14 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-02-17 23:41:37 | 000,342,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-02-05 20:18:17 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMARVINIII$.job

========== Files Created - No Company Name ==========

[2013-03-06 22:59:47 | 000,279,524 | ---- | C] () -- C:\Users\Marvin III\Desktop\malwarebytes freeze.png
[2013-03-06 21:33:13 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013-03-02 15:52:09 | 000,000,900 | ---- | C] () -- C:\Users\Marvin III\Desktop\VipBoxSportsApp.lnk
[2013-02-16 15:02:31 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMarvin III.job
[2012-12-12 08:32:53 | 000,000,431 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012-12-12 08:32:53 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012-11-14 23:40:46 | 000,017,408 | ---- | C] () -- C:\Users\Marvin III\AppData\Local\WebpageIcons.db
[2012-11-14 02:39:36 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012-05-03 10:53:46 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2012-05-03 10:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-05-03 10:50:24 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012-05-03 10:45:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012-01-18 06:44:08 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-01-18 06:44:08 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-01-18 06:25:10 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012-01-18 06:24:58 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012-01-06 04:45:56 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012-01-06 04:45:56 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012-01-06 04:29:06 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-01-06 02:36:46 | 012,978,688 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2011-12-09 00:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011-09-13 03:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-09-06 20:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-01-22 22:34:53 | 000,000,000 | ---D | M] -- C:\Users\Marvin III\AppData\Roaming\IDM
[2013-02-21 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Marvin III\AppData\Roaming\Spotify
[2012-11-13 19:55:00 | 000,000,000 | ---D | M] -- C:\Users\Marvin III\AppData\Roaming\Synaptics
[2013-03-03 21:54:24 | 000,000,000 | ---D | M] -- C:\Users\Marvin III\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 2013-03-07 00:03:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marvin III\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

7,90 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 74,64% Memory free
15,81 Gb Paging File | 13,69 Gb Available in Paging File | 86,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 673,53 Gb Total Space | 624,30 Gb Free Space | 92,69% Space Free | Partition Type: NTFS
Drive D: | 24,81 Gb Total Space | 2,58 Gb Free Space | 10,41% Space Free | Partition Type: NTFS

Computer Name: MARVINIII | User Name: Marvin III | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0495D0C3-4DB8-4935-80C3-B8CEAFD59B92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15EE12CB-D32D-42B2-A64E-5BD897E1FCD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B9370B5-096C-4AF5-8599-529C20084669}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D0D7638-E7AC-4706-BFC3-B5B4295DB3F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{362FEEF1-ECB6-4510-A8C3-064B6A564837}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{369F38F4-9E2C-4248-BE00-595F1691765E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{449D9878-9871-41C9-B5A7-DA7BD8E26D79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A28BF95-0E15-4DAB-973D-F1D4EFCBFC38}" = rport=10243 | protocol=6 | dir=out | app=system |
"{547614AA-36B9-4E5C-ABEC-38FE44AC9E0D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57C8B42A-9B78-44CA-89B4-2A7F9F2089B0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{589EEF24-459B-4D0A-B1FD-CCC901949D1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5C5CCF1E-485B-49BF-964D-497CC77AE5FB}" = lport=137 | protocol=17 | dir=in | app=system |
"{63C3D52A-AD93-4157-8F3F-705DF6B3C225}" = lport=2869 | protocol=6 | dir=in | app=system |
"{759B3CD9-1972-484D-8A56-44DBA8AD3879}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7AC94875-031E-4920-8BB9-5B113084D54A}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D457909-07A0-4B13-B088-F9D24CE7E731}" = rport=139 | protocol=6 | dir=out | app=system |
"{A1CEE120-C7F1-47F6-B856-08F923E984D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{AA011031-8E4C-4C54-BA97-2FBD4E58862B}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE92DB89-05D1-4C60-BE6A-6F9C0ECEC6DA}" = lport=445 | protocol=6 | dir=in | app=system |
"{BBB11C7F-AF4F-4567-8F99-72044D8DDAF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD89C3EA-2110-4F07-A1EC-2848727A94A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{E228A79F-77D4-4F6B-85BF-08603041E60B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E671D30A-2700-4A84-82FC-B6C793ED72FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6B33B71-6D82-4B0F-AF6E-43055F9B7730}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4A3B5C8-BBEB-4949-ABCD-8C9030900EEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081F2E7F-4457-4256-AEE0-B7E07EA29DD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A0145F5-B4F0-4609-BC97-693FD88918DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0B394026-7EA8-4C2B-BAA3-2D8C4FB1FECF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0F9BF684-EB7D-4B1E-96E1-0EA40A5BC84A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{17F33E8C-2BEC-4E0A-9CCF-7A8A7C4A0ECD}" = protocol=6 | dir=out | app=system |
"{24103152-AFF9-4CA1-B12E-4BAA72F5902F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29E0833D-F474-4EB8-BD59-81C46F62F10F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A9AF9DF-1BC4-462E-8364-BE1790973732}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F572C81-9F27-426D-B7E7-2B3FE33BDC7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4097FD0D-7CA4-451D-B0A0-6C018C1CBA80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4421A5C8-56ED-4BD1-9635-95315F01A204}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{5188406F-8BC6-4257-A6FC-F3067428D770}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5707DBC2-283B-4077-93A8-A8A4D43CF6E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78735E54-8766-4705-A586-22FBAC209CED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{81F3108B-3F3A-48B8-A25D-6A90ED092448}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90427D91-4359-47CD-8A6A-A6F39D37337A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A64A4FFA-FF7E-462A-93B2-96EC9E09D5C4}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{A8FEADE3-27D6-4EC0-A4F9-CA0D822A8BE8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A9781DEF-A74A-4562-BD38-91AF5D9A4B94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AABC0F07-748A-4780-B4CE-075C864859A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B9C72172-F69A-4F90-9EC8-E24806D0605E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C77CC4F8-3484-4542-A74B-D4E4BCBCE5FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8F72E3F-B726-4F6F-909A-E7366255FBB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1D67A70-055C-4786-8AC3-B1E74F4AE7F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DCCD22E0-D8B8-4AE0-867B-407E028179D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA2B62FB-887A-4294-8930-15E124AC85D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC382CBB-5CE8-4F31-8A2C-514B749EE724}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51F9B09B-2FE4-8B3A-628A-0C0654E253AF}" = AMD Catalyst Install Manager
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{B1A6285F-C31A-4482-8EA0-9445E4C1DCEA}" = HP 3D DriveGuard
"{C1636CC2-9CDE-BD26-AB7E-04EEC0586ACF}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}" = HP Security Assistant
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04739CDC-C74E-5F8E-4193-07998397FDC7}" = CCC Help Thai
"{052A6070-7503-EA5A-9003-F89ACE36C5C9}" = Catalyst Control Center InstallProxy
"{06B35857-386E-E360-3E16-9ADDC424B912}" = CCC Help Czech
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C93288C-31CC-A9B3-8741-CE0E4DEA87D5}" = CCC Help Portuguese
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{15FB0187-64B5-C394-BE5C-F8BCC94F8844}" = CCC Help German
"{16652164-D80F-4EE6-90C6-2E8D5D06092A}" = HP Documentation
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C87FC3A-D943-7B80-9AF7-E97BA76383E9}" = Catalyst Control Center Localization All
"{1DB45541-4D10-5969-76DA-1C1C050D3543}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D0C76D-61ED-E33E-D13E-107EB89B2C41}" = CCC Help Korean
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46DFC994-41C8-4441-5C9B-ED785F1B9B3A}" = CCC Help Norwegian
"{487C8590-8C6A-83C9-3E93-94F82435F111}" = CCC Help Italian
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4E358233-4432-79FE-FFD1-D6A13ED27C1B}" = CCC Help Turkish
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AAB423D-ED89-33D7-F261-CF8BBD05AB58}" = CCC Help English
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windo

 

[Fiery]

RE:

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A notepad document should open automatically called checkup.txt.
• Please post the contents of that document in your next reply. Please do not attach it!

<hr>

Open OTL. Under custom scan/fixes, copy and paste the following:

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

<hr>

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

 

[smilinthyme]

RE:

Here are those three logs. Should I delete the two registry entries RougeKiller found?

Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 10.1.0 Adobe Reader out of Date!
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7 Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marvin III
->Temp folder emptied: 46643837 bytes
->Temporary Internet Files folder emptied: 489906607 bytes
->Flash cache emptied: 22861 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 182934816 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50416 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 686,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03072013_131915

Files\Folders moved on Reboot...
C:\Users\Marvin III\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Marvin III\AppData\Local\Temp\~DF23D88946CA606AC1.TMP not found!
File\Folder C:\Users\Marvin III\AppData\Local\Temp\~DF30EEDDDC8CDCD30D.TMP not found!
File\Folder C:\Users\Marvin III\AppData\Local\Temp\~DF424F1E734FD99DDF.TMP not found!
File\Folder C:\Users\Marvin III\AppData\Local\Temp\~DF6B7C7667359A4D41.TMP not found!
File\Folder C:\Users\Marvin III\AppData\Local\Temp\~DF6FF35758D431F74F.TMP not found!
File\Folder C:\Users\Marvin III\AppData\Local\Temp\~DF8A1199CC1F33F8D0.TMP not found!
File\Folder C:\Users\Marvin III\AppData\Local\Temp\~DFEC1360A4ABEEC74B.TMP not found!
File\Folder C:\Users\Marvin III\AppData\Local\Temp\~DFEF4E49D5D83B93E8.TMP not found!
C:\Users\Marvin III\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VD8CK3D6\fastbutton[1].htm moved successfully.
C:\Users\Marvin III\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1DM3W3VX\tweet_button.1362636220[1].htm moved successfully.
C:\Users\Marvin III\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Marvin III\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Marvin III [Admin rights]
Mode : Scan -- Date : 03/07/2013 13:34:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 91f38306fd24d7064acc305caa208870
[BSP] c381a2485dccc3c1f9dbbeef5103f944 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 689697 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1412909056 | Size: 25404 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03072013_02d1334.txt >>
RKreport[1]_S_03072013_02d1334.txt

 

[Fiery]

RE:

No, those 2 entries from Roguekiller are ok. Let's check for some rootkits.

Download TDSSkiller from here

• Double-Click on TDSSKiller.exe to run the application
• When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
• After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
  
  
• click Start scan .
  
• If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
• If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste the FRST.txt log in your next reply</li></li>
</ol>
</ul>

 

[smilinthyme]

Quick question. Should I really set Keyboard to US, I'm Swedish and use a character specific keyboard?

 

[Fiery]

That is fine then, you can use the keyboard type you want

 

[smilinthyme]

That is fine then, you can use the keyboard type you want

Thank you, better to ask one time to many

--- Here are the logs ---- (two from TDSSKiller and one from Farbar Recovery Scan)


21:16:38.0533 2184 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:16:39.0220 2184 ============================================================
21:16:39.0220 2184 Current date / time: 2013/03/07 21:16:39.0220
21:16:39.0220 2184 SystemInfo:
21:16:39.0235 2184
21:16:39.0235 2184 OS Version: 6.1.7601 ServicePack: 1.0
21:16:39.0235 2184 Product type: Workstation
21:16:39.0235 2184 ComputerName: MARVINIII
21:16:39.0235 2184 UserName: Marvin III
21:16:39.0235 2184 Windows directory: C:\Windows
21:16:39.0235 2184 System windows directory: C:\Windows
21:16:39.0235 2184 Running under WOW64
21:16:39.0235 2184 Processor architecture: Intel x64
21:16:39.0235 2184 Number of processors: 4
21:16:39.0235 2184 Page size: 0x1000
21:16:39.0235 2184 Boot type: Normal boot
21:16:39.0235 2184 ============================================================
21:16:56.0723 2184 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:16:56.0739 2184 ============================================================
21:16:56.0739 2184 \Device\Harddisk0\DR0:
21:16:56.0739 2184 MBR partitions:
21:16:56.0739 2184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:16:56.0739 2184 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x54310800
21:16:56.0739 2184 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x54374800, BlocksNum 0x319E000
21:16:56.0739 2184 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x33000
21:16:56.0739 2184 ============================================================
21:17:10.0685 2184 C: <-> \Device\Harddisk0\DR0\Partition2
21:17:31.0012 2184 D: <-> \Device\Harddisk0\DR0\Partition3
21:17:31.0012 2184 ============================================================
21:17:31.0012 2184 Initialize success
21:17:31.0012 2184 ============================================================
21:18:09.0637 2796 Deinitialize success


Second TDSSKiller log -

21:21:21.0421 3168 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:21:21.0733 3168 ============================================================
21:21:21.0733 3168 Current date / time: 2013/03/07 21:21:21.0733
21:21:21.0733 3168 SystemInfo:
21:21:21.0733 3168
21:21:21.0733 3168 OS Version: 6.1.7601 ServicePack: 1.0
21:21:21.0733 3168 Product type: Workstation
21:21:21.0733 3168 ComputerName: MARVINIII
21:21:21.0733 3168 UserName: Marvin III
21:21:21.0733 3168 Windows directory: C:\Windows
21:21:21.0733 3168 System windows directory: C:\Windows
21:21:21.0733 3168 Running under WOW64
21:21:21.0733 3168 Processor architecture: Intel x64
21:21:21.0733 3168 Number of processors: 4
21:21:21.0733 3168 Page size: 0x1000
21:21:21.0733 3168 Boot type: Normal boot
21:21:21.0733 3168 ============================================================
21:21:24.0635 3168 BG loaded
21:21:25.0134 3168 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:21:25.0149 3168 ============================================================
21:21:25.0149 3168 \Device\Harddisk0\DR0:
21:21:25.0165 3168 MBR partitions:
21:21:25.0165 3168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:21:25.0165 3168 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x54310800
21:21:25.0181 3168 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x54374800, BlocksNum 0x319E000
21:21:25.0181 3168 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x33000
21:21:25.0181 3168 ============================================================
21:21:25.0259 3168 C: <-> \Device\Harddisk0\DR0\Partition2
21:21:25.0399 3168 D: <-> \Device\Harddisk0\DR0\Partition3
21:21:25.0399 3168 ============================================================
21:21:25.0399 3168 Initialize success
21:21:25.0399 3168 ============================================================
22:06:59.0366 4360 ============================================================
22:06:59.0366 4360 Scan started
22:06:59.0366 4360 Mode: Manual; SigCheck; TDLFS;
22:06:59.0366 4360 ============================================================
22:07:00.0504 4360 ================ Scan system memory ========================
22:07:00.0504 4360 System memory - ok
22:07:00.0504 4360 ================ Scan services =============================
22:07:00.0785 4360 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:07:00.0894 4360 1394ohci - ok
22:07:00.0957 4360 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\drivers\Accelerometer.sys
22:07:00.0972 4360 Accelerometer - ok
22:07:01.0144 4360 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:07:01.0144 4360 ACPI - ok
22:07:01.0222 4360 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:07:01.0565 4360 AcpiPmi - ok
22:07:01.0690 4360 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:07:01.0690 4360 AdobeARMservice - ok
22:07:01.0799 4360 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:07:01.0815 4360 AdobeFlashPlayerUpdateSvc - ok
22:07:01.0862 4360 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:07:01.0877 4360 adp94xx - ok
22:07:01.0940 4360 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:07:01.0940 4360 adpahci - ok
22:07:01.0986 4360 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:07:02.0002 4360 adpu320 - ok
22:07:02.0033 4360 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:07:02.0158 4360 AeLookupSvc - ok
22:07:02.0205 4360 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:07:02.0252 4360 AFD - ok
22:07:02.0283 4360 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:07:02.0298 4360 agp440 - ok
22:07:02.0330 4360 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:07:02.0376 4360 ALG - ok
22:07:02.0423 4360 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:07:02.0423 4360 aliide - ok
22:07:02.0470 4360 [ 010F8750A454224982CED18F35AA2C04 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:07:02.0548 4360 AMD External Events Utility - ok
22:07:02.0579 4360 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:07:02.0595 4360 amdide - ok
22:07:02.0642 4360 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:07:02.0688 4360 AmdK8 - ok
22:07:02.0844 4360 [ 623EC962E3F8366B3C5DD03B51DE5075 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:07:02.0954 4360 amdkmdag - ok
22:07:03.0000 4360 [ DF73398D14D9A20E0E1ADAEDA63B32D5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:07:03.0047 4360 amdkmdap - ok
22:07:03.0078 4360 [ 19D7EED3928930BAFC541F1758AA6AA1 ] amdkmpfd C:\Windows\system32\DRIVERS\amdkmpfd.sys
22:07:03.0078 4360 amdkmpfd - ok
22:07:03.0110 4360 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:07:03.0141 4360 AmdPPM - ok
22:07:03.0172 4360 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:07:03.0188 4360 amdsata - ok
22:07:03.0203 4360 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:07:03.0219 4360 amdsbs - ok
22:07:03.0250 4360 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:07:03.0250 4360 amdxata - ok
22:07:03.0297 4360 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:07:03.0437 4360 AppID - ok
22:07:03.0468 4360 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:07:03.0500 4360 AppIDSvc - ok
22:07:03.0531 4360 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:07:03.0578 4360 Appinfo - ok
22:07:03.0624 4360 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:07:03.0624 4360 arc - ok
22:07:03.0656 4360 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:07:03.0656 4360 arcsas - ok
22:07:03.0687 4360 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:07:03.0718 4360 AsyncMac - ok
22:07:03.0765 4360 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:07:03.0765 4360 atapi - ok
22:07:03.0812 4360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:07:03.0858 4360 AudioEndpointBuilder - ok
22:07:03.0890 4360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:07:03.0921 4360 AudioSrv - ok
22:07:03.0983 4360 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
22:07:03.0999 4360 AVP - ok
22:07:04.0046 4360 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:07:04.0092 4360 AxInstSV - ok
22:07:04.0155 4360 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:07:04.0186 4360 b06bdrv - ok
22:07:04.0233 4360 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:07:04.0248 4360 b57nd60a - ok
22:07:04.0326 4360 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
22:07:04.0326 4360 BBSvc - ok
22:07:04.0342 4360 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
22:07:04.0358 4360 BBUpdate - ok
22:07:04.0420 4360 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:07:04.0451 4360 BCM43XX - ok
22:07:04.0498 4360 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:07:04.0529 4360 BDESVC - ok
22:07:04.0560 4360 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:07:04.0607 4360 Beep - ok
22:07:04.0654 4360 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:07:04.0685 4360 BFE - ok
22:07:04.0716 4360 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:07:04.0779 4360 BITS - ok
22:07:04.0810 4360 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:07:04.0841 4360 blbdrive - ok
22:07:04.0872 4360 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:07:04.0904 4360 bowser - ok
22:07:04.0950 4360 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:07:04.0966 4360 BrFiltLo - ok
22:07:04.0997 4360 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:07:05.0013 4360 BrFiltUp - ok
22:07:05.0044 4360 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:07:05.0060 4360 Browser - ok
22:07:05.0091 4360 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:07:05.0153 4360 Brserid - ok
22:07:05.0184 4360 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:07:05.0200 4360 BrSerWdm - ok
22:07:05.0247 4360 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:07:05.0262 4360 BrUsbMdm - ok
22:07:05.0294 4360 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:07:05.0309 4360 BrUsbSer - ok
22:07:05.0340 4360 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:07:05.0372 4360 BTHMODEM - ok
22:07:05.0418 4360 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:07:05.0450 4360 bthserv - ok
22:07:05.0496 4360 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:07:05.0528 4360 cdfs - ok
22:07:05.0559 4360 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:07:05.0559 4360 cdrom - ok
22:07:05.0606 4360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:07:05.0637 4360 CertPropSvc - ok
22:07:05.0668 4360 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:07:05.0684 4360 circlass - ok
22:07:05.0730 4360 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:07:05.0746 4360 CLFS - ok
22:07:05.0824 4360 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:07:05.0840 4360 clr_optimization_v2.0.50727_32 - ok
22:07:05.0886 4360 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:07:05.0902 4360 clr_optimization_v2.0.50727_64 - ok
22:07:05.0980 4360 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:07:05.0980 4360 clr_optimization_v4.0.30319_32 - ok
22:07:06.0027 4360 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:07:06.0042 4360 clr_optimization_v4.0.30319_64 - ok
22:07:06.0074 4360 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
22:07:06.0074 4360 clwvd - ok
22:07:06.0105 4360 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:07:06.0136 4360 CmBatt - ok
22:07:06.0167 4360 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:07:06.0167 4360 cmdide - ok
22:07:06.0214 4360 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:07:06.0230 4360 CNG - ok
22:07:06.0276 4360 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:07:06.0276 4360 Compbatt - ok
22:07:06.0323 4360 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:07:06.0339 4360 CompositeBus - ok
22:07:06.0354 4360 COMSysApp - ok
22:07:06.0370 4360 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:07:06.0386 4360 crcdisk - ok
22:07:06.0417 4360 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:07:06.0464 4360 CryptSvc - ok
22:07:06.0510 4360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:07:06.0542 4360 DcomLaunch - ok
22:07:06.0588 4360 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:07:06.0620 4360 defragsvc - ok
22:07:06.0651 4360 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:07:06.0698 4360 DfsC - ok
22:07:06.0729 4360 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:07:06.0760 4360 Dhcp - ok
22:07:06.0791 4360 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:07:06.0822 4360 discache - ok
22:07:06.0885 4360 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:07:06.0885 4360 Disk - ok
22:07:06.0916 4360 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:07:06.0963 4360 Dnscache - ok
22:07:06.0994 4360 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:07:07.0025 4360 dot3svc - ok
22:07:07.0041 4360 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:07:07.0072 4360 DPS - ok
22:07:07.0103 4360 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:07:07.0119 4360 drmkaud - ok
22:07:07.0166 4360 [ CE7743807258A7D383C427E3C178A49E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:07:07.0181 4360 DXGKrnl - ok
22:07:07.0197 4360 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:07:07.0228 4360 EapHost - ok
22:07:07.0306 4360 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:07:07.0400 4360 ebdrv - ok
22:07:07.0431 4360 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:07:07.0462 4360 EFS - ok
22:07:07.0524 4360 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:07:07.0571 4360 ehRecvr - ok
22:07:07.0618 4360 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:07:07.0649 4360 ehSched - ok
22:07:07.0680 4360 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:07:07.0696 4360 elxstor - ok
22:07:07.0727 4360 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:07:07.0758 4360 ErrDev - ok
22:07:07.0790 4360 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:07:07.0836 4360 EventSystem - ok
22:07:07.0883 4360 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:07:07.0930 4360 exfat - ok
22:07:07.0946 4360 ezSharedSvc - ok
22:07:07.0961 4360 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:07:07.0992 4360 fastfat - ok
22:07:08.0039 4360 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:07:08.0086 4360 Fax - ok
22:07:08.0102 4360 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:07:08.0133 4360 fdc - ok
22:07:08.0148 4360 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:07:08.0195 4360 fdPHost - ok
22:07:08.0195 4360 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:07:08.0226 4360 FDResPub - ok
22:07:08.0273 4360 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:07:08.0289 4360 FileInfo - ok
22:07:08.0289 4360 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:07:08.0320 4360 Filetrace - ok
22:07:08.0351 4360 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:07:08.0351 4360 flpydisk - ok
22:07:08.0382 4360 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:07:08.0398 4360 FltMgr - ok
22:07:08.0429 4360 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
22:07:08.0476 4360 FontCache - ok
22:07:08.0538 4360 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:07:08.0538 4360 FontCache3.0.0.0 - ok
22:07:08.0570 4360 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:07:08.0570 4360 FsDepends - ok
22:07:08.0648 4360 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:07:08.0663 4360 Fs_Rec - ok
22:07:08.0694 4360 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:07:08.0694 4360 fvevol - ok
22:07:08.0741 4360 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:07:08.0741 4360 gagp30kx - ok
22:07:08.0819 4360 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:07:08.0819 4360 GamesAppService - ok
22:07:08.0866 4360 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:07:08.0897 4360 gpsvc - ok
22:07:08.0960 4360 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:07:08.0960 4360 gupdate - ok
22:07:08.0991 4360 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:07:09.0006 4360 gupdatem - ok
22:07:09.0038 4360 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:07:09.0069 4360 hcw85cir - ok
22:07:09.0100 4360 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:07:09.0116 4360 HdAudAddService - ok
22:07:09.0162 4360 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:07:09.0194 4360 HDAudBus - ok
22:07:09.0225 4360 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:07:09.0240 4360 HidBatt - ok
22:07:09.0272 4360 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:07:09.0287 4360 HidBth - ok
22:07:09.0334 4360 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:07:09.0365 4360 HidIr - ok
22:07:09.0381 4360 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:07:09.0428 4360 hidserv - ok
22:07:09.0459 4360 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:07:09.0459 4360 HidUsb - ok
22:07:09.0506 4360 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:07:09.0552 4360 hkmsvc - ok
22:07:09.0568 4360 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:07:09.0599 4360 HomeGroupListener - ok
22:07:09.0646 4360 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:07:09.0677 4360 HomeGroupProvider - ok
22:07:09.0724 4360 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:07:09.0740 4360 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
22:07:09.0740 4360 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
22:07:09.0802 4360 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
22:07:09.0818 4360 HPAuto - ok
22:07:09.0864 4360 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
22:07:09.0864 4360 HPClientSvc - ok
22:07:09.0880 4360 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\drivers\hpdskflt.sys
22:07:09.0896 4360 hpdskflt - ok
22:07:09.0942 4360 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:07:09.0958 4360 hpqwmiex - ok
22:07:09.0989 4360 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:07:10.0005 4360 HpSAMD - ok
22:07:10.0020 4360 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
22:07:10.0036 4360 hpsrv - ok
22:07:10.0083 4360 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
22:07:10.0083 4360 HPWMISVC - ok
22:07:10.0130 4360 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:07:10.0176 4360 HTTP - ok
22:07:10.0192 4360 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:07:10.0192 4360 hwpolicy - ok
22:07:10.0223 4360 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:07:10.0239 4360 i8042prt - ok
22:07:10.0270 4360 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:07:10.0286 4360 iaStor - ok
22:07:10.0348 4360 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:07:10.0364 4360 IAStorDataMgrSvc - ok
22:07:10.0395 4360 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:07:10.0410 4360 iaStorV - ok
22:07:10.0457 4360 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:07:10.0473 4360 idsvc - ok
22:07:10.0504 4360 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:07:10.0520 4360 iirsp - ok
22:07:10.0551 4360 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:07:10.0598 4360 IKEEXT - ok
22:07:10.0644 4360 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:07:10.0676 4360 IntcDAud - ok
22:07:10.0738 4360 [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:07:10.0738 4360 Intel(R) Capability Licensing Service Interface - ok
22:07:10.0785 4360 [ C9DCE1CB628AEED3C0C30ABBF4F1E718 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
22:07:10.0785 4360 Intel(R) ME Service - ok
22:07:10.0816 4360 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:07:10.0816 4360 intelide - ok
22:07:11.0066 4360 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
22:07:11.0190 4360 intelkmd - ok
22:07:11.0222 4360 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
22:07:11.0253 4360 intelppm - ok
22:07:11.0284 4360 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:07:11.0331 4360 IPBusEnum - ok
22:07:11.0346 4360 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:07:11.0378 4360 IpFilterDriver - ok
22:07:11.0424 4360 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:07:11.0456 4360 iphlpsvc - ok
22:07:11.0471 4360 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:07:11.0487 4360 IPMIDRV - ok
22:07:11.0518 4360 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:07:11.0549 4360 IPNAT - ok
22:07:11.0565 4360 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:07:11.0596 4360 IRENUM - ok
22:07:11.0627 4360 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:07:11.0643 4360 isapnp - ok
22:07:11.0674 4360 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:07:11.0690 4360 iScsiPrt - ok
22:07:11.0736 4360 [ DC0DBA5164F657DE2AE94B9D1FF75DA4 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
22:07:11.0736 4360 iusb3hcs - ok
22:07:11.0768 4360 [ BA4F3A70F03584E5B907DA815677727D ] iusb3hub C:\Windows\system32\drivers\iusb3hub.sys
22:07:11.0768 4360 iusb3hub - ok
22:07:11.0799 4360 [ E6130F70D61867C7EFC13A2F808EDC58 ] iusb3xhc C:\Windows\system32\drivers\iusb3xhc.sys
22:07:11.0799 4360 iusb3xhc - ok
22:07:11.0846 4360 [ 3628933AF5305EAB8173949BFF912F04 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:07:11.0846 4360 jhi_service - ok
22:07:11.0877 4360 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:07:11.0877 4360 kbdclass - ok
22:07:11.0924 4360 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:07:11.0939 4360 kbdhid - ok
22:07:11.0970 4360 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:07:11.0970 4360 KeyIso - ok
22:07:12.0017 4360 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
22:07:12.0033 4360 KL1 - ok
22:07:12.0048 4360 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
22:07:12.0064 4360 kl2 - ok
22:07:12.0095 4360 [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:07:12.0111 4360 KLIF - ok
22:07:12.0158 4360 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
22:07:12.0158 4360 KLIM6 - ok
22:07:12.0189 4360 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
22:07:12.0189 4360 klmouflt - ok
22:07:12.0220 4360 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:07:12.0220 4360 KSecDD - ok
22:07:12.0236 4360 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:07:12.0236 4360 KSecPkg - ok
22:07:12.0267 4360 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:07:12.0314 4360 ksthunk - ok
22:07:12.0345 4360 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:07:12.0376 4360 KtmRm - ok
22:07:12.0423 4360 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:07:12.0454 4360 LanmanServer - ok
22:07:12.0485 4360 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:07:12.0516 4360 LanmanWorkstation - ok
22:07:12.0532 4360 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:07:12.0563 4360 lltdio - ok
22:07:12.0594 4360 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:07:12.0641 4360 lltdsvc - ok
22:07:12.0657 4360 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:07:12.0688 4360 lmhosts - ok
22:07:12.0735 4360 [ BF22ACF4CF3734D61357E67F0521BC03 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:07:12.0735 4360 LMS - ok
22:07:12.0766 4360 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:07:12.0782 4360 LSI_FC - ok
22:07:12.0813 4360 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:07:12.0828 4360 LSI_SAS - ok
22:07:12.0844 4360 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:07:12.0860 4360 LSI_SAS2 - ok
22:07:12.0891 4360 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:07:12.0891 4360 LSI_SCSI - ok
22:07:12.0938 4360 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:07:12.0969 4360 luafv - ok
22:07:13.0000 4360 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:07:13.0016 4360 Mcx2Svc - ok
22:07:13.0062 4360 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:07:13.0062 4360 megasas - ok
22:07:13.0094 4360 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:07:13.0109 4360 MegaSR - ok
22:07:13.0140 4360 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
22:07:13.0156 4360 MEIx64 - ok
22:07:13.0172 4360 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:07:13.0218 4360 MMCSS - ok
22:07:13.0234 4360 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:07:13.0265 4360 Modem - ok
22:07:13.0296 4360 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:07:13.0312 4360 monitor - ok
22:07:13.0359 4360 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:07:13.0374 4360 mouclass - ok
22:07:13.0406 4360 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
22:07:13.0421 4360 mouhid - ok
22:07:13.0452 4360 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:07:13.0452 4360 mountmgr - ok
22:07:13.0484 4360 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:07:13.0484 4360 mpio - ok
22:07:13.0515 4360 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:07:13.0546 4360 mpsdrv - ok
22:07:13.0562 4360 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:07:13.0593 4360 MpsSvc - ok
22:07:13.0608 4360 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:07:13.0640 4360 MRxDAV - ok
22:07:13.0671 4360 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:07:13.0733 4360 mrxsmb - ok
22:07:13.0764 4360 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:07:13.0780 4360 mrxsmb10 - ok
22:07:13.0796 4360 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:07:13.0796 4360 mrxsmb20 - ok
22:07:13.0827 4360 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:07:13.0827 4360 msahci - ok
22:07:13.0874 4360 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:07:13.0874 4360 msdsm - ok
22:07:13.0889 4360 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:07:13.0905 4360 MSDTC - ok
22:07:13.0936 4360 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:07:13.0983 4360 Msfs - ok
22:07:13.0983 4360 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:07:14.0030 4360 mshidkmdf - ok
22:07:14.0045 4360 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:07:14.0045 4360 msisadrv - ok
22:07:14.0076 4360 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:07:14.0108 4360 MSiSCSI - ok
22:07:14.0108 4360 msiserver - ok
22:07:14.0154 4360 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:07:14.0186 4360 MSKSSRV - ok
22:07:14.0201 4360 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:07:14.0232 4360 MSPCLOCK - ok
22:07:14.0248 4360 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:07:14.0279 4360 MSPQM - ok
22:07:14.0310 4360 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:07:14.0326 4360 MsRPC - ok
22:07:14.0342 4360 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:07:14.0357 4360 mssmbios - ok
22:07:14.0388 4360 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:07:14.0420 4360 MSTEE - ok
22:07:14.0420 4360 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:07:14.0435 4360 MTConfig - ok
22:07:14.0451 4360 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:07:14.0466 4360 Mup - ok
22:07:14.0482 4360 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:07:14.0529 4360 napagent - ok
22:07:14.0576 4360 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:07:14.0591 4360 NativeWifiP - ok
22:07:14.0638 4360 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:07:14.0669 4360 NDIS - ok
22:07:14.0700 4360 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:07:14.0732 4360 NdisCap - ok
22:07:14.0763 4360 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:07:14.0778 4360 NdisTapi - ok
22:07:14.0794 4360 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:07:14.0825 4360 Ndisuio - ok
22:07:14.0841 4360 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:07:14.0888 4360 NdisWan - ok
22:07:14.0903 4360 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:07:14.0919 4360 NDProxy - ok
22:07:14.0950 4360 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:07:14.0981 4360 NetBIOS - ok
22:07:15.0012 4360 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:07:15.0044 4360 NetBT - ok
22:07:15.0059 4360 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:07:15.0075 4360 Netlogon - ok
22:07:15.0122 4360 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:07:15.0168 4360 Netman - ok
22:07:15.0200 4360 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:07:15.0231 4360 netprofm - ok
22:07:15.0293 4360 [ 2F06E01DE7A3E366185E65C41C9DEBF7 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
22:07:15.0324 4360 netr28x - ok
22:07:15.0340 4360 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:07:15.0340 4360 NetTcpPortSharing - ok
22:07:15.0371 4360 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:07:15.0387 4360 nfrd960 - ok
22:07:15.0402 4360 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:07:15.0434 4360 NlaSvc - ok
22:07:15.0465 4360 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:07:15.0496 4360 Npfs - ok
22:07:15.0527 4360 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:07:15.0574 4360 nsi - ok
22:07:15.0590 4360 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:07:15.0636 4360 nsiproxy - ok
22:07:15.0699 4360 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:07:15.0730 4360 Ntfs - ok
22:07:15.0746 4360 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:07:15.0777 4360 Null - ok
22:07:15.0808 4360 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
22:07:15.0824 4360 NVENETFD - ok
22:07:15.0870 4360 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:07:15.0886 4360 nvraid - ok
22:07:15.0902 4360 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:07:15.0917 4360 nvstor - ok
22:07:15.0933 4360 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:07:15.0948 4360 nv_agp - ok
22:07:15.0964 4360 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:07:15.0980 4360 ohci1394 - ok
22:07:16.0026 4360 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:07:16.0042 4360 ose - ok
22:07:16.0182 4360 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:07:16.0245 4360 osppsvc - ok
22:07:16.0276 4360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:07:16.0323 4360 p2pimsvc - ok
22:07:16.0338 4360 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:07:16.0354 4360 p2psvc - ok
22:07:16.0370 4360 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:07:16.0385 4360 Parport - ok
22:07:16.0401 4360 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:07:16.0401 4360 partmgr - ok
22:07:16.0432 4360 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:07:16.0463 4360 PcaSvc - ok
22:07:16.0479 4360 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:07:16.0479 4360 pci - ok
22:07:16.0510 4360 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:07:16.0526 4360 pciide - ok
22:07:16.0541 4360 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:07:16.0557 4360 pcmcia - ok
22:07:16.0588 4360 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:07:16.0588 4360 pcw - ok
22:07:16.0604 4360 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:07:16.0650 4360 PEAUTH - ok
22:07:16.0728 4360 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:07:16.0744 4360 PerfHost - ok
22:07:16.0791 4360 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:07:16.0838 4360 pla - ok
22:07:16.0884 4360 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:07:16.0916 4360 PlugPlay - ok
22:07:16.0947 4360 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:07:16.0962 4360 PNRPAutoReg - ok
22:07:16.0978 4360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:07:16.0994 4360 PNRPsvc - ok
22:07:17.0025 4360 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:07:17.0072 4360 PolicyAgent - ok
22:07:17.0103 4360 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:07:17.0134 4360 Power - ok
22:07:17.0165 4360 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:07:17.0212 4360 PptpMiniport - ok
22:07:17.0228 4360 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:07:17.0259 4360 Processor - ok
22:07:17.0274 4360 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:07:17.0306 4360 ProfSvc - ok
22:07:17.0321 4360 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:07:17.0337 4360 ProtectedStorage - ok
22:07:17.0368 4360 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:07:17.0399 4360 Psched - ok
22:07:17.0462 4360 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:07:17.0477 4360 ql2300 - ok
22:07:17.0493 4360 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:07:17.0508 4360 ql40xx - ok
22:07:17.0540 4360 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:07:17.0555 4360 QWAVE - ok
22:07:17.0571 4360 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:07:17.0602 4360 QWAVEdrv - ok
22:07:17.0618 4360 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:07:17.0633 4360 RasAcd - ok
22:07:17.0680 4360 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:07:17.0727 4360 RasAgileVpn - ok
22:07:17.0742 4360 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:07:17.0789 4360 RasAuto - ok
22:07:17.0805 4360 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:07:17.0836 4360 Rasl2tp - ok
22:07:17.0867 4360 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:07:17.0914 4360 RasMan - ok
22:07:17.0945 4360 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:07:17.0976 4360 RasPppoe - ok
22:07:17.0992 4360 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:07:18.0039 4360 RasSstp - ok
22:07:18.0070 4360 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:07:18.0101 4360 rdbss - ok
22:07:18.0132 4360 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:07:18.0148 4360 rdpbus - ok
22:07:18.0179 4360 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:07:18.0210 4360 RDPCDD - ok
22:07:18.0226 4360 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:07:18.0257 4360 RDPENCDD - ok
22:07:18.0273 4360 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:07:18.0288 4360 RDPREFMP - ok
22:07:18.0335 4360 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:07:18.0351 4360 RDPWD - ok
22:07:18.0398 4360 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:07:18.0413 4360 rdyboost - ok
22:07:18.0429 4360 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:07:18.0460 4360 RemoteAccess - ok
22:07:18.0491 4360 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:07:18.0522 4360 RemoteRegistry - ok
22:07:18.0538 4360 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:07:18.0569 4360 RpcEptMapper - ok
22:07:18.0585 4360 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:07:18.0616 4360 RpcLocator - ok
22:07:18.0647 4360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:07:18.0663 4360 RpcSs - ok
22:07:18.0694 4360 [ 1BDF0DFB56603888E7BA07A99BFF3C97 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
22:07:18.0710 4360 RSP2STOR - ok
22:07:18.0756 4360 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:07:18.0772 4360 rspndr - ok
22:07:18.0819 4360 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:07:18.0819 4360 RTL8167 - ok
22:07:18.0834 4360 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:07:18.0834 4360 SamSs - ok
22:07:18.0850 4360 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:07:18.0866 4360 sbp2port - ok
22:07:18.0897 4360 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:07:18.0944 4360 SCardSvr - ok
22:07:18.0975 4360 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:07:19.0006 4360 scfilter - ok
22:07:19.0053 4360 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:07:19.0100 4360 Schedule - ok
22:07:19.0115 4360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:07:19.0146 4360 SCPolicySvc - ok
22:07:19.0178 4360 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:07:19.0193 4360 sdbus - ok
22:07:19.0209 4360 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:07:19.0256 4360 SDRSVC - ok
22:07:19.0271 4360 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:07:19.0302 4360 secdrv - ok
22:07:19.0334 4360 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:07:19.0365 4360 seclogon - ok
22:07:19.0380 4360 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:07:19.0427 4360 SENS - ok
22:07:19.0443 4360 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:07:19.0490 4360 SensrSvc - ok
22:07:19.0505 4360 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:07:19.0536 4360 Serenum - ok
22:07:19.0552 4360 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:07:19.0568 4360 Serial - ok
22:07:19.0599 4360 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:07:19.0630 4360 sermouse - ok
22:07:19.0646 4360 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:07:19.0677 4360 SessionEnv - ok
22:07:19.0708 4360 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:07:19.0724 4360 sffdisk - ok
22:07:19.0724 4360 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:07:19.0755 4360 sffp_mmc - ok
22:07:19.0770 4360 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:07:19.0802 4360 sffp_sd - ok
22:07:19.0833 4360 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:07:19.0848 4360 sfloppy - ok
22:07:19.0864 4360 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:07:19.0911 4360 SharedAccess - ok
22:07:19.0942 4360 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:07:19.0958 4360 ShellHWDetection - ok
22:07:19.0989 4360 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:07:19.0989 4360 SiSRaid2 - ok
22:07:20.0020 4360 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:07:20.0020 4360 SiSRaid4 - ok
22:07:20.0067 4360 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:07:20.0067 4360 SkypeUpdate - ok
22:07:20.0114 4360 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:07:20.0145 4360 Smb - ok
22:07:20.0176 4360 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:07:20.0192 4360 SNMPTRAP - ok
22:07:20.0207 4360 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:07:20.0207 4360 spldr - ok
22:07:20.0238 4360 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:07:20.0270 4360 Spooler - ok
22:07:20.0348 4360 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:07:20.0410 4360 sppsvc - ok
22:07:20.0441 4360 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:07:20.0472 4360 sppuinotify - ok
22:07:20.0504 4360 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:07:20.0535 4360 srv - ok
22:07:20.0550 4360 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:07:20.0582 4360 srv2 - ok
22:07:20.0613 4360 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:07:20.0628 4360 SrvHsfHDA - ok
22:07:20.0675 4360 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:07:20.0706 4360 SrvHsfV92 - ok
22:07:20.0722 4360 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:07:20.0753 4360 SrvHsfWinac - ok
22:07:20.0784 4360 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:07:20.0800 4360 srvnet - ok
22:07:20.0862 4360 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:07:20.0925 4360 SSDPSRV - ok
22:07:20.0940 4360 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:07:20.0956 4360 SstpSvc - ok
22:07:21.0050 4360 [ D30FE3ECF1D6D521365FAE307B500BC0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
22:07:21.0112 4360 STacSV - ok
22:07:21.0128 4360 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:07:21.0128 4360 stexstor - ok
22:07:21.0174 4360 [ 6F69D75F50E8FAF1003AA6CFB18B91EC ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
22:07:21.0206 4360 STHDA - ok
22:07:21.0237 4360 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:07:21.0252 4360 stisvc - ok
22:07:21.0284 4360 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:07:21.0299 4360 swenum - ok
22:07:21.0330 4360 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:07:21.0377 4360 swprv - ok
22:07:21.0440 4360 [ 772493A8945495F1A287BF6C4CA25B48 ] SynTP C:\Windows\system32\drivers\SynTP.sys
22:07:21.0455 4360 SynTP - ok
22:07:21.0502 4360 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:07:21.0533 4360 SysMain - ok
22:07:21.0549 4360 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:07:21.0564 4360 TabletInputService - ok
22:07:21.0596 4360 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:07:21.0611 4360 TapiSrv - ok
22:07:21.0627 4360 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:07:21.0658 4360 TBS - ok
22:07:21.0767 4360 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:07:21.0798 4360 Tcpip - ok
22:07:21.0845 4360 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:07:21.0861 4360 TCPIP6 - ok
22:07:21.0892 4360 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:07:21.0923 4360 tcpipreg - ok
22:07:21.0939 4360 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:07:21.0970 4360 TDPIPE - ok
22:07:22.0001 4360 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:07:22.0017 4360 TDTCP - ok
22:07:22.0032 4360 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:07:22.0064 4360 tdx - ok
22:07:22.0095 4360 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:07:22.0110 4360 TermDD - ok
22:07:22.0126 4360 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:07:22.0173 4360 TermService - ok
22:07:22.0204 4360 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:07:22.0220 4360 Themes - ok
22:07:22.0235 4360 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:07:22.0266 4360 THREADORDER - ok
22:07:22.0282 4360 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:07:22.0313 4360 TrkWks - ok
22:07:22.0360 4360 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:07:22.0391 4360 TrustedInstaller - ok
22:07:22.0422 4360 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:07:22.0454 4360 tssecsrv - ok
22:07:22.0469 4360 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:07:22.0516 4360 TsUsbFlt - ok
22:07:22.0532 4360 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:07:22.0547 4360 TsUsbGD - ok
22:07:22.0594 4360 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:07:22.0625 4360 tunnel - ok
22:07:22.0656 4360 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:07:22.0672 4360 uagp35 - ok
22:07:22.0703 4360 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:07:22.0734 4360 udfs - ok
22:07:22.0766 4360 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:07:22.0797 4360 UI0Detect - ok
22:07:22.0828 4360 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:07:22.0844 4360 uliagpkx - ok
22:07:22.0875 4360 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:07:22.0890 4360 umbus - ok
22:07:22.0922 4360 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:07:22.0953 4360 UmPass - ok
22:07:23.0078 4360 [ B097EBA0E3FEB020BB65FE43AF5ECCFF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:07:23.0078 4360 UNS - ok
22:07:23.0109 4360 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:07:23.0156 4360 upnphost - ok
22:07:23.0187 4360 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:07:23.0218 4360 usbccgp - ok
22:07:23.0249 4360 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:07:23.0265 4360 usbcir - ok
22:07:23.0296 4360 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:07:23.0312 4360 usbehci - ok
22:07:23.0358 4360 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
22:07:23.0390 4360 usbhub - ok
22:07:23.0390 4360 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:07:23.0405 4360 usbohci - ok
22:07:23.0436 4360 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:07:23.0452 4360 usbprint - ok
22:07:23.0483 4360 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:07:23.0499 4360 usbscan - ok
22:07:23.0514 4360 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:07:23.0561 4360 USBSTOR - ok
22:07:23.0592 4360 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:07:23.0608 4360 usbuhci - ok
22:07:23.0639 4360 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:07:23.0670 4360 usbvideo - ok
22:07:23.0702 4360 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:07:23.0733 4360 UxSms - ok
22:07:23.0748 4360 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:07:23.0764 4360 VaultSvc - ok
22:07:23.0795 4360 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:07:23.0795 4360 vdrvroot - ok
22:07:23.0811 4360 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:07:23.0858 4360 vds - ok
22:07:23.0889 4360 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:07:23.0904 4360 vga - ok
22:07:23.0920 4360 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:07:23.0967 4360 VgaSave - ok
22:07:23.0998 4360 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:07:23.0998 4360 vhdmp - ok
22:07:24.0029 4360 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:07:24.0045 4360 viaide - ok
22:07:24.0123 4360 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:07:24.0123 4360 volmgr - ok
22:07:24.0154 4360 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:07:24.0154 4360 volmgrx - ok
22:07:24.0185 4360 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:07:24.0201 4360 volsnap - ok
22:07:24.0232 4360 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:07:24.0232 4360 vsmraid - ok
22:07:24.0279 4360 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:07:24.0326 4360 VSS - ok
22:07:24.0341 4360 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:07:24.0372 4360 vwifibus - ok
22:07:24.0388 4360 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:07:24.0404 4360 vwififlt - ok
22:07:24.0450 4360 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:07:24.0497 4360 W32Time - ok
22:07:24.0513 4360 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:07:24.0528 4360 WacomPen - ok
22:07:24.0575 4360 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:07:24.0606 4360 WANARP - ok
22:07:24.0606 4360 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:07:24.0638 4360 Wanarpv6 - ok
22:07:24.0684 4360 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:07:24.0700 4360 WatAdminSvc - ok
22:07:24.0747 4360 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:07:24.0825 4360 wbengine - ok
22:07:24.0856 4360 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:07:24.0872 4360 WbioSrvc - ok
22:07:24.0934 4360 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:07:24.0965 4360 wcncsvc - ok
22:07:24.0981 4360 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:07:25.0012 4360 WcsPlugInService - ok
22:07:25.0043 4360 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:07:25.0043 4360 Wd - ok
22:07:25.0090 4360 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:07:25.0106 4360 Wdf01000 - ok
22:07:25.0121 4360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:07:25.0184 4360 WdiServiceHost - ok
22:07:25.0199 4360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:07:25.0199 4360 WdiSystemHost - ok
22:07:25.0215 4360 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:07:25.0246 4360 WebClient - ok
22:07:25.0277 4360 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:07:25.0308 4360 Wecsvc - ok
22:07:25.0340 4360 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:07:25.0371 4360 wercplsupport - ok
22:07:25.0386 4360 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:07:25.0418 4360 WerSvc - ok
22:07:25.0449 4360 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:07:25.0480 4360 WfpLwf - ok
22:07:25.0480 4360 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMM

 

[Fiery]

Hi there,

The TDSSkiller log is too long to fit into one reply. Attach file instead as an attachment. When you click "new reply" , scroll down to the attachment section. Attach both logs

 

[smilinthyme]

Hi there,

The TDSSkiller log is too long to fit into one reply. Attach file instead as an attachment. When you click "new reply" , scroll down to the attachment section. Attach both logs

Hi, sorry didn't notice. TDSS logs now attached and FRST below

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-03-2013 01
Ran by SYSTEM at 07-03-2013 23:32:13
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2012-01-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [576568 2011-11-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [206448 2012-11-14] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Marvin III\...\Run: [Google Update] "C:\Users\Marvin III\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-01-22] (Google Inc.)
HKU\Marvin III\...\Run: [Spotify Web Helper] "C:\Users\Marvin III\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-11-14] (Spotify Ltd)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [206448 2012-11-14] (Kaspersky Lab ZAO)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

==================== Drivers (Whitelisted) =====================

0 amdkmpfd; C:\Windows\System32\Drivers\amdkmpfd.sys [31360 2012-01-18] (Advanced Micro Devices, Inc.)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [637272 2012-11-14] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-07 04:34 - 2013-03-07 04:34 - 00001534 ____A C:\Users\Marvin III\Desktop\RKreport[1]_S_03072013_02d1334.txt
2013-03-07 04:33 - 2013-03-07 04:34 - 00000000 ____D C:\Users\Marvin III\Desktop\RK_Quarantine
2013-03-07 04:29 - 2013-03-07 04:29 - 00816640 ____A C:\Users\Marvin III\Downloads\RogueKiller.exe
2013-03-07 04:25 - 2013-03-07 04:25 - 00005192 ____A C:\Users\Marvin III\Desktop\03072013_131915.log
2013-03-07 04:19 - 2013-03-07 04:19 - 00000000 ____D C:\_OTL
2013-03-07 04:17 - 2013-03-07 04:17 - 00000826 ____A C:\Users\Marvin III\Desktop\checkup.txt
2013-03-07 04:15 - 2013-03-07 04:15 - 00881950 ____A C:\Users\Marvin III\Downloads\SecurityCheck.exe
2013-03-07 04:02 - 2013-03-07 04:02 - 00000000 ____D C:\ProgramData\ClubSanDisk
2013-03-06 15:18 - 2013-03-06 15:18 - 00002132 ____A C:\Users\Marvin III\Desktop\aswMBR.txt
2013-03-06 15:18 - 2013-03-06 15:18 - 00000512 ____A C:\Users\Marvin III\Desktop\MBR.dat
2013-03-06 15:15 - 2013-03-06 15:16 - 04732416 ____A (AVAST Software) C:\Users\Marvin III\Downloads\aswMBR.exe
2013-03-06 15:13 - 2013-03-06 15:13 - 00072490 ____A C:\Users\Marvin III\Desktop\Extras.Txt
2013-03-06 15:11 - 2013-03-06 15:11 - 00088080 ____A C:\Users\Marvin III\Desktop\OTL.Txt
2013-03-06 15:09 - 2013-03-06 15:09 - 00072490 ____A C:\Users\Marvin III\Downloads\Extras.Txt
2013-03-06 15:08 - 2013-03-06 15:08 - 00088080 ____A C:\Users\Marvin III\Downloads\OTL.Txt
2013-03-06 15:01 - 2013-03-06 15:01 - 00602112 ____A (OldTimer Tools) C:\Users\Marvin III\Downloads\OTL.exe
2013-03-06 14:04 - 2013-03-06 14:05 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Marvin III\Downloads\mbam-setup-1.70.0.1100 (1).exe
2013-03-06 13:19 - 2013-03-06 13:19 - 00000000 ____D C:\Users\Marvin III\AppData\Roaming\Malwarebytes
2013-03-06 13:18 - 2013-03-06 13:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-06 13:16 - 2013-03-06 13:17 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Marvin III\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-06 12:33 - 2013-03-06 12:33 - 00000097 ____A C:\Windows\DeleteOnReboot.bat
2013-03-03 12:54 - 2013-03-03 12:54 - 00000000 ____D C:\Users\Marvin III\AppData\Roaming\WildTangent
2013-03-02 06:53 - 2013-03-02 06:53 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-03-02 06:53 - 2013-03-02 06:53 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-03-02 06:53 - 2013-03-02 06:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-02 06:53 - 2013-03-02 06:53 - 00000000 ____D C:\Program Files (x86)\Gophoto.it
2013-03-02 06:52 - 2013-03-06 11:52 - 00000000 ____D C:\Program Files (x86)\VipBoxSportsApp.com
2013-03-02 06:52 - 2013-03-02 06:52 - 00000900 ____A C:\Users\Marvin III\Desktop\VipBoxSportsApp.lnk
2013-03-02 06:52 - 2013-03-02 06:52 - 00000000 ____D C:\Users\Marvin III\AppData\Roaming\Mozilla
2013-02-27 13:55 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 13:55 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 13:55 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-02-27 13:55 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 13:55 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-02-27 13:55 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-02-27 13:55 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-27 13:55 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-02-27 13:55 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-02-27 13:55 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-27 13:55 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-27 13:55 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-02-27 13:55 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-27 13:55 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-02-27 13:55 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-27 13:55 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-27 13:55 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-02-27 13:55 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-02-27 13:55 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-27 13:55 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-27 13:55 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-27 13:55 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-27 13:55 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-02-27 13:55 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-27 13:55 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-27 13:55 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-27 13:55 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-27 13:55 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-27 13:55 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-27 13:55 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-27 13:55 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-02-27 13:55 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-27 13:55 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-27 13:55 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-27 13:55 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-02-27 13:55 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-27 13:55 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-02-27 13:55 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-27 13:54 - 2013-02-27 13:54 - 15846768 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-02-16 06:02 - 2013-03-07 12:18 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForMarvin III.job
2013-02-16 05:53 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-16 05:53 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-16 05:53 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-16 05:53 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-16 05:53 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-16 05:53 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-16 05:53 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-16 05:53 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-16 05:53 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-16 05:53 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-16 05:53 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-16 05:53 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-16 05:53 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-16 05:53 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-16 05:53 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-16 05:53 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-16 05:53 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-16 05:53 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-16 05:53 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-16 05:53 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-16 05:53 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-16 05:53 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-16 05:53 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-16 05:53 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-16 05:53 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-16 05:53 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-16 05:53 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-16 05:53 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-16 05:53 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-16 05:53 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-16 05:53 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-16 05:53 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-13 11:45 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 11:45 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-13 11:45 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-13 11:45 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 11:45 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 11:45 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 11:45 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 11:45 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 11:45 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 11:45 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-13 11:45 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 11:45 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS


==================== One Month Modified Files and Folders =======

2013-03-07 14:27 - 2012-11-13 17:42 - 01669119 ____A C:\Windows\WindowsUpdate.log
2013-03-07 14:27 - 2009-07-13 20:45 - 00031472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-07 14:27 - 2009-07-13 20:45 - 00031472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-07 14:24 - 2013-01-10 06:10 - 00000998 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-07 14:24 - 2012-11-14 14:38 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-03-07 14:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-07 14:23 - 2009-07-13 20:51 - 00062569 ____A C:\Windows\setupact.log
2013-03-07 14:21 - 2013-01-10 06:10 - 00001002 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-07 14:14 - 2012-02-10 14:36 - 00625772 ____A C:\Windows\System32\perfh01D.dat
2013-03-07 14:14 - 2012-02-10 14:36 - 00123894 ____A C:\Windows\System32\perfc01D.dat
2013-03-07 14:14 - 2009-07-13 21:13 - 01466438 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-07 13:14 - 2010-11-20 19:47 - 00553444 ____A C:\Windows\PFRO.log
2013-03-07 12:32 - 2013-01-22 13:37 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-486875228-3771430239-1943154165-1000UA.job
2013-03-07 12:29 - 2012-02-10 15:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-07 12:18 - 2013-02-16 06:02 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForMarvin III.job
2013-03-07 12:07 - 2012-11-15 06:09 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForMARVINIII$.job
2013-03-07 05:25 - 2012-11-15 06:09 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-03-07 05:23 - 2012-12-21 12:13 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-03-07 04:34 - 2013-03-07 04:34 - 00001534 ____A C:\Users\Marvin III\Desktop\RKreport[1]_S_03072013_02d1334.txt
2013-03-07 04:34 - 2013-03-07 04:33 - 00000000 ____D C:\Users\Marvin III\Desktop\RK_Quarantine
2013-03-07 04:29 - 2013-03-07 04:29 - 00816640 ____A C:\Users\Marvin III\Downloads\RogueKiller.exe
2013-03-07 04:25 - 2013-03-07 04:25 - 00005192 ____A C:\Users\Marvin III\Desktop\03072013_131915.log
2013-03-07 04:19 - 2013-03-07 04:19 - 00000000 ____D C:\_OTL
2013-03-07 04:17 - 2013-03-07 04:17 - 00000826 ____A C:\Users\Marvin III\Desktop\checkup.txt
2013-03-07 04:15 - 2013-03-07 04:15 - 00881950 ____A C:\Users\Marvin III\Downloads\SecurityCheck.exe
2013-03-07 04:02 - 2013-03-07 04:02 - 00000000 ____D C:\ProgramData\ClubSanDisk
2013-03-06 15:18 - 2013-03-06 15:18 - 00002132 ____A C:\Users\Marvin III\Desktop\aswMBR.txt
2013-03-06 15:18 - 2013-03-06 15:18 - 00000512 ____A C:\Users\Marvin III\Desktop\MBR.dat
2013-03-06 15:16 - 2013-03-06 15:15 - 04732416 ____A (AVAST Software) C:\Users\Marvin III\Downloads\aswMBR.exe
2013-03-06 15:13 - 2013-03-06 15:13 - 00072490 ____A C:\Users\Marvin III\Desktop\Extras.Txt
2013-03-06 15:11 - 2013-03-06 15:11 - 00088080 ____A C:\Users\Marvin III\Desktop\OTL.Txt
2013-03-06 15:09 - 2013-03-06 15:09 - 00072490 ____A C:\Users\Marvin III\Downloads\Extras.Txt
2013-03-06 15:08 - 2013-03-06 15:08 - 00088080 ____A C:\Users\Marvin III\Downloads\OTL.Txt
2013-03-06 15:01 - 2013-03-06 15:01 - 00602112 ____A (OldTimer Tools) C:\Users\Marvin III\Downloads\OTL.exe
2013-03-06 14:13 - 2013-01-10 06:10 - 00000000 ____D C:\Program Files (x86)\Google
2013-03-06 14:05 - 2013-03-06 14:04 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Marvin III\Downloads\mbam-setup-1.70.0.1100 (1).exe
2013-03-06 13:19 - 2013-03-06 13:19 - 00000000 ____D C:\Users\Marvin III\AppData\Roaming\Malwarebytes
2013-03-06 13:18 - 2013-03-06 13:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-06 13:17 - 2013-03-06 13:16 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Marvin III\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-06 12:33 - 2013-03-06 12:33 - 00000097 ____A C:\Windows\DeleteOnReboot.bat
2013-03-06 11:52 - 2013-03-02 06:52 - 00000000 ____D C:\Program Files (x86)\VipBoxSportsApp.com
2013-03-03 12:54 - 2013-03-03 12:54 - 00000000 ____D C:\Users\Marvin III\AppData\Roaming\WildTangent
2013-03-03 12:54 - 2012-12-08 03:39 - 00000000 ____D C:\Users\Marvin III\AppData\Local\CrashDumps
2013-03-03 12:54 - 2012-02-10 15:30 - 00002590 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-03-03 12:54 - 2012-02-10 15:30 - 00000000 ____D C:\ProgramData\WildTangent
2013-03-03 12:54 - 2012-02-10 15:30 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-03-03 12:24 - 2012-11-15 06:19 - 00000000 ____D C:\Till nya från gamla
2013-03-02 16:32 - 2013-01-22 13:37 - 00000972 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-486875228-3771430239-1943154165-1000Core.job
2013-03-02 06:53 - 2013-03-02 06:53 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-03-02 06:53 - 2013-03-02 06:53 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-03-02 06:53 - 2013-03-02 06:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-02 06:53 - 2013-03-02 06:53 - 00000000 ____D C:\Program Files (x86)\Gophoto.it
2013-03-02 06:52 - 2013-03-02 06:52 - 00000900 ____A C:\Users\Marvin III\Desktop\VipBoxSportsApp.lnk
2013-03-02 06:52 - 2013-03-02 06:52 - 00000000 ____D C:\Users\Marvin III\AppData\Roaming\Mozilla
2013-02-28 12:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-02-28 10:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-02-28 10:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-02-28 10:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-28 10:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-27 13:54 - 2013-02-27 13:54 - 15846768 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-02-27 13:54 - 2012-02-10 15:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-27 13:54 - 2012-02-10 15:25 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-21 08:49 - 2012-11-14 16:17 - 00000000 ____D C:\Users\Marvin III\AppData\Roaming\Spotify
2013-02-21 08:48 - 2012-11-14 16:17 - 00000000 ____D C:\Users\Marvin III\AppData\Local\Spotify
2013-02-20 06:40 - 2012-11-14 14:48 - 00000000 ____D C:\Users\Marvin III\AppData\Local\Microsoft Help
2013-02-17 14:41 - 2009-07-13 20:45 - 00342232 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-16 08:27 - 2012-11-14 14:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-16 06:01 - 2012-12-16 14:05 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-02 16:28:09

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8094.36 MB
Available physical RAM: 7161.21 MB
Total Pagefile: 8092.5 MB
Available Pagefile: 7149.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:673.53 GB) (Free:624.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:24.81 GB) (Free:2.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive h: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk nr Status Storlek Ledigt Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk nr 0 Online 698 G B 0 B
Disk nr 1 Online 969 M B 0 B


Partitions of Disk 0:
===============

Disk 0 „r nu den valda disken.

Disk-ID: 81FB2120

Partitionsnr Typ Storlek Start
------------- ---------------- ------- -------
Partitionsnr 1 Prim„r 199 M 1024 K
Partitionsnr 2 Prim„r 673 G 200 M
Partitionsnr 3 Prim„r 24 G 673 G
Partitionsnr 4 Prim„r 102 M 698 G

==================================================================================

Disk: 0
Disk 0 „r nu den valda disken.

Partition 1 „r nu den valda partitionen.

Partition 1
Typ : 07
Dold : Nej
Aktiv : Ja
Offset i byte: 1048576

Volymnr Enh Etikett Fils. Typ Storlek Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volymnr 1 Y SYSTEM NTFS Partition 199 M Felfri

=========================================================

Disk: 0
Disk 0 „r nu den valda disken.

Partition 2 „r nu den valda partitionen.

Partition 2
Typ : 07
Dold : Nej
Aktiv : Nej
Offset i byte: 209715200

Volymnr Enh Etikett Fils. Typ Storlek Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volymnr 2 C NTFS Partition 673 G Felfri

=========================================================

Disk: 0
Disk 0 „r nu den valda disken.

Partition 3 „r nu den valda partitionen.

Partition 3
Typ : 07
Dold : Nej
Aktiv : Nej
Offset i byte: 723409436672

Volymnr Enh Etikett Fils. Typ Storlek Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volymnr 3 E Recovery NTFS Partition 24 G Felfri

=========================================================

Disk: 0
Disk 0 „r nu den valda disken.

Partition 4 „r nu den valda partitionen.

Partition 4
Typ : 0C
Dold : Nej
Aktiv : Nej
Offset i byte: 750047461376

Volymnr Enh Etikett Fils. Typ Storlek Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volymnr 4 F HP_TOOLS FAT32 Partition 102 M Felfri

=========================================================

Partitions of Disk 1:
===============

Disk 1 „r nu den valda disken.

Disk-ID: 00000000

Partitionsnr Typ Storlek Start
------------- ---------------- ------- -------
Partitionsnr 1 Prim„r 969 M 16 K

==================================================================================

Disk: 1
Disk 1 „r nu den valda disken.

Partition 1 „r nu den valda partitionen.

Partition 1
Typ : 0B
Dold : Nej
Aktiv : Nej
Offset i byte: 16384

Volymnr Enh Etikett Fils. Typ Storlek Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volymnr 5 H FAT32 Flyttbar 969 M Felfri

=========================================================

Last Boot: 2013-03-07 05:19

==================== End Of Log =============================

 

[Fiery]

Please download Junkware Removal Tool to your desktop from here - NOTE: Kaspesky may detect this as unsafe but rest assure that it is a safe program

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

STEP 2: Download and Run Windows Repair (all in one)

Download Windows Repair (all in one)

• Install the program then run it.
• Go to step 2 and allow it to run Disc check by clicking Do It
• Go to step 3 and allow it to run SFC
• Go to start repairs tab select advanced mode and click start.
• Allow the program to create a system restore and backup registries when prompted.
•  Check the box next to "Restart/Shutdown system when finished" and ensure all the boxes are checked along with the default checks
•   Then click Start.
  

Let me know how your PC is running now.

 

[smilinthyme]

I am on the start repairs tab in Windows Repair. I can't find where I choose advanced mode???

 

[smilinthyme]

And should I have Kaspersky on or of during this procedure?

 

[Fiery]

Please ignore the "advance mode" part as that was for an older version. Just click start repair and press start.

It's best to keep Kaspersky off to prevent any interference.

 

[smilinthyme]

Didn't get a log for the Windows Repair. It wanted me to restart the computer and then it didn't open itself again. It was quite a few posts it wasn't able to repair thougt. I will testrun it for a while. Anything else I should do?


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Marvin III on 2013-03-09 at 12:59:39,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-03-09 at 13:07:03,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Fiery]

That's fine. How is your PC running now?

 

[smilinthyme]

It seems to be running fine. Will do some more testing tomorrow. Is it more things I should do? What about all these programs I have been downloading. Keeping or uninstall?

 

[Fiery]

If you are no longer experiencing any other issues then we will clean up the tools with OTL.

Double click on OTL to run it

• Click on the Cleanup button at the top.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
• This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall

---

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link

---

Keep your system updated
Currently, the following programs on your PC are outdated:

• Adobe reader - Update Adobe Reader here

Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:

• Download and install Update Checker. It will notify you if any of your programs require an update.
• Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
• Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

---

Other steps that you may want to do to further protect your system/files:

• Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
• Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.

---

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

• KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
• AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
• NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
• Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

• AdBlock

---

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

• CCleaner
• Malwarebytes Anti-Malware

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
​

 

[smilinthyme]

We have now been testdriving it a bit more. We were able to stream some tv-shows from the official channel page. That was not possible before. But the computer is still very sluggish and Excel is crashing, it has never done that before.

 

[Fiery]

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
• The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

 

[smilinthyme]

Malwarebytes gets stuck. I have added a screenshot and the log. I do not know what to do.

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8487546880, free: 6373728256

------------ Kernel report ------------
03/11/2013 21:56:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\drivers\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\amdkmpfd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\igdpmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\iusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\SynTP.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\iusb3hub.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009587790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8009586050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.11.11
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009587790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008276b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009587790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008275b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8009586050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00f5e25c0, 0xfffffa8009587790, 0xfffffa8007fc0790
Lower DeviceData: 0xfffff8a00c2bfa00, 0xfffffa8009586050, 0xfffffa8007edfe40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 81FB2120

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 1412499456

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1412909056 Numsec = 52027392

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 1464936448 Numsec = 208896

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Performing system, memory and registry scan...