Generic30.wav in svchost.exe

Solved
By qwerty1
Dec 4, 2012
  1. Just had AVG detect this about an hour ago and it can't remove it (seems to be the norm). Any help cleaning this up would be greatly appreciated. Malwarebytes and DDS below:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.05.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Tim :: TIM-PC [administrator]

    12/4/2012 7:14:35 PM
    mbam-log-2012-12-04 (19-14-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224994
    Time elapsed: 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
    Run by Tim at 19:22:52 on 2012-12-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6304 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DFDWiz.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.yahoo.com?type=386496&fr=spigot-yhp-ie
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [DayZCommander] rundll32.exe "C:\Users\Tim\AppData\Local\Temp\",CreateTzanShellW
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    StartupFolder: C:\Users\Tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: NameServer = 192.168.10.1
    TCP: Interfaces\{0B3C4446-57F1-4CEA-87C7-5200C82689B7} : DHCPNameServer = 192.168.10.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
    SSODL: WebCheck - <orphaned>
    x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kktm9ipa.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-20 16152]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-9-20 17192]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-20 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-9-20 121344]
    R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-20 161560]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-20 363800]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
    R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
    R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-20 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-20 787736]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-9-20 66336]
    R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-9-20 34752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-20 79360]
    S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
    S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-22 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-12-05 01:21:38 20480 ----a-w- C:\Windows\svchost.exe
    2012-12-05 01:10:13 -------- d-----w- C:\Users\Tim\AppData\Roaming\Malwarebytes
    2012-12-05 01:09:53 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-12-05 01:09:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-05 01:09:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-05 00:12:03 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F5C6.tmp
    2012-12-05 00:12:03 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F5C5.tmp
    2012-12-04 12:21:34 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7078A7F8-8042-44E7-BD6A-BEB6BBD2503A}\mpengine.dll
    2012-12-03 12:20:01 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-01 21:35:34 -------- d-----w- C:\Users\Tim\AppData\Local\Package Cache
    2012-11-28 12:18:24 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C277D466-EDF9-4BB6-9400-D557C90BAABE}\gapaengine.dll
    2012-11-23 02:39:11 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-23 02:39:11 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-23 02:39:11 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-23 02:39:11 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-23 02:34:48 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-23 02:34:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-23 02:34:47 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-23 02:34:47 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-23 02:34:47 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-23 02:34:47 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-23 02:34:47 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-22 03:26:16 -------- d-----w- C:\Users\Tim\AppData\Local\ArmA 2 OA
    2012-11-22 03:25:00 -------- d-----w- C:\Users\Tim\AppData\Local\DayZCommander
    2012-11-22 03:24:53 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
    2012-11-13 14:13:33 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
    2012-11-12 20:47:20 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2012-11-12 20:47:20 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2012-11-12 20:46:50 -------- d-----w- C:\ProgramData\Battle.net
    2012-11-10 21:55:10 -------- d-----w- C:\Users\Tim\AppData\Roaming\RIFT PTS
    2012-11-08 01:42:02 -------- d-----w- C:\Program Files (x86)\Essentials Codec Pack
    2012-11-08 01:41:18 -------- d-----w- C:\Users\Tim\AppData\Roaming\Nullsoft
    2012-11-08 00:45:35 -------- d-----w- C:\Users\Tim\AppData\Local\DDMSettings
    .
    ==================== Find3M ====================
    .
    2012-12-05 01:20:43 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
    2012-11-13 14:44:22 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-11-13 14:44:22 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-11-13 14:44:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-11-10 12:59:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-10 12:59:16 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-31 02:41:51 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-10-20 13:39:06 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-10-20 13:39:06 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-10-20 13:39:06 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-10-20 13:39:06 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-10-02 19:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-21 21:42:12 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-09-21 21:42:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2012-09-21 07:21:32 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-21 07:21:31 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-21 07:21:31 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-21 05:54:13 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-09-21 05:54:13 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    .
    ============= FINISH: 19:23:02.97 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    I still need Attach.txt part of DDS.

    You're running two AV programs, AVG and MSE.
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    Next...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    Thanks for the quick reply. AVG removed. Fresh DDS file below, DDS attach zipped and uploaded, then two different TDSSKiller logs even though I ran it once and restarted once.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
    Run by Tim at 20:42:31 on 2012-12-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6692 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DFDWiz.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Tim\AppData\Local\Temp\030C4A63-64C0-4AD0-A810-11599E26E65A.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.yahoo.com?type=386496&fr=spigot-yhp-ie
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [DayZCommander] rundll32.exe "C:\Users\Tim\AppData\Local\Temp\",CreateTzanShellW
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    StartupFolder: C:\Users\Tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: NameServer = 192.168.10.1
    TCP: Interfaces\{0B3C4446-57F1-4CEA-87C7-5200C82689B7} : DHCPNameServer = 192.168.10.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
    SSODL: WebCheck - <orphaned>
    x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kktm9ipa.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-20 16152]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-9-20 17192]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-20 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-9-20 121344]
    R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-20 161560]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-20 363800]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
    R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
    R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-20 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-20 787736]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-9-20 66336]
    R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-9-20 34752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-20 79360]
    S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
    S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-22 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-12-05 02:39:58 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
    2012-12-05 02:39:53 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7078A7F8-8042-44E7-BD6A-BEB6BBD2503A}\offreg.dll
    2012-12-05 02:38:43 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-05 01:21:38 20480 ----a-w- C:\Windows\svchost.exe
    2012-12-05 01:10:13 -------- d-----w- C:\Users\Tim\AppData\Roaming\Malwarebytes
    2012-12-05 01:09:53 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-12-05 01:09:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-05 01:09:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-05 00:12:03 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F5C6.tmp
    2012-12-05 00:12:03 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F5C5.tmp
    2012-12-04 12:21:34 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7078A7F8-8042-44E7-BD6A-BEB6BBD2503A}\mpengine.dll
    2012-12-03 12:20:01 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-01 21:35:34 -------- d-----w- C:\Users\Tim\AppData\Local\Package Cache
    2012-11-28 12:18:24 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C277D466-EDF9-4BB6-9400-D557C90BAABE}\gapaengine.dll
    2012-11-23 02:39:11 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-23 02:39:11 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-23 02:39:11 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-23 02:39:11 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-23 02:34:48 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-23 02:34:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-23 02:34:47 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-23 02:34:47 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-23 02:34:47 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-23 02:34:47 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-23 02:34:47 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-22 03:26:16 -------- d-----w- C:\Users\Tim\AppData\Local\ArmA 2 OA
    2012-11-22 03:25:00 -------- d-----w- C:\Users\Tim\AppData\Local\DayZCommander
    2012-11-22 03:24:53 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
    2012-11-12 20:47:20 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2012-11-12 20:47:20 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2012-11-12 20:46:50 -------- d-----w- C:\ProgramData\Battle.net
    2012-11-10 21:55:10 -------- d-----w- C:\Users\Tim\AppData\Roaming\RIFT PTS
    2012-11-08 01:42:02 -------- d-----w- C:\Program Files (x86)\Essentials Codec Pack
    2012-11-08 01:41:18 -------- d-----w- C:\Users\Tim\AppData\Roaming\Nullsoft
    2012-11-08 00:45:35 -------- d-----w- C:\Users\Tim\AppData\Local\DDMSettings
    .
    ==================== Find3M ====================
    .
    2012-12-05 02:39:58 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
    2012-11-13 14:44:22 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-11-13 14:44:22 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-11-13 14:44:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-11-10 12:59:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-10 12:59:16 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-31 02:41:51 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-10-20 13:39:06 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-10-20 13:39:06 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-10-20 13:39:06 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-10-20 13:39:06 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-10-02 19:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-21 21:42:12 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-09-21 21:42:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2012-09-21 07:21:32 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-21 07:21:31 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-21 07:21:31 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-21 05:54:13 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-09-21 05:54:13 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 20:42:39.84 ===============

    Attached Files:

  4. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    TDSS files uploaded instead of pasted due to size.

    Attached Files:

  5. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Please observe forum rules.
    All logs have to be pasted not attached.
  6. Broni

    Broni Malware Annihilator Posts: 46,319   +252

  7. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    DDS attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/21/2012 12:34:09 AM
    System Uptime: 12/4/2012 8:39:12 PM (0 hours ago)
    .
    Motherboard: ASRock | | Z77 Extreme4
    Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3366/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 238 GiB total, 92.12 GiB free.
    D: is FIXED (NTFS) - 1863 GiB total, 316.33 GiB free.
    E: is FIXED (NTFS) - 932 GiB total, 95.171 GiB free.
    F: is FIXED (NTFS) - 932 GiB total, 931.385 GiB free.
    G: is FIXED (NTFS) - 932 GiB total, 619.278 GiB free.
    H: is CDROM ()
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP90: 11/21/2012 9:24:47 PM - Installed DayZ Commander
    RP91: 11/21/2012 9:25:27 PM - Installed DirectX
    RP92: 11/22/2012 8:34:42 PM - Windows Update
    RP93: 11/26/2012 4:33:23 PM - Windows Update
    RP94: 11/30/2012 4:21:51 PM - Windows Update
    RP95: 12/3/2012 6:31:50 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    applicationupdater
    ARMA 2
    ARMA 2: Operation Arrowhead
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Asmedia ASM106x SATA Host Controller Driver
    ASRock App Charger v1.0.5
    Bastion
    Battlefield 3™
    Battlefield: Bad Company 2
    Battlelog Web Plugins
    BattlEye for OA Uninstall
    Bonjour
    Borderlands
    Borderlands 2
    Broadcom NetLink Controller
    Command and Conquer: Red Alert 3
    Creative Audio Control Panel
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    DayZ Commander
    Defense Grid: The Awakening
    Deus Ex: Game of the Year Edition
    Deus Ex: Invisible War
    Diablo III
    DivX Setup
    Dungeon Defenders
    DVD Decrypter (Remove Only)
    ESN Sonar
    Fallout 3 - Game of the Year Edition
    FIFA 12
    FreeRIP 3.90
    gamelauncher-ps2-live
    Ghostbusters: The Video Game
    Intel(R) Control Center
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) Smart Connect Technology 2.0 x64
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    iTunes
    Java 7 Update 7
    Java Auto Updater
    King's Bounty: Armored Princess
    King's Bounty: Crossworlds
    King's Bounty: The Legend
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mass Effect
    Mass Effect 2
    Max Payne
    Max Payne 2: The Fall of Max Payne
    MechWarrior Online
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.2
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OpenAL
    OpenOffice.org 3.4.1
    Orcs Must Die!
    Origin
    Osmos
    PlanetSide 2
    Plants vs. Zombies: Game of the Year
    Portal 2
    PunkBuster Services
    Resident Evil 5
    RIFT™
    Samsung SSD Magician
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Sid Meier's Civilization V
    Skype™ 5.10
    Source SDK Base 2007
    Star Wars: Knights of the Old Republic
    Steam
    TeamSpeak 3 Client
    The Elder Scrolls IV: Oblivion
    The Sims(TM) 3
    Tribes: Ascend
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client for Windows x64
    VIRTU MVP 2.1.111
    Visual Studio 2010 x64 Redistributables
    Winamp
    Windows Essentials Media Codec Pack 4.0 [64-Bit]
    WinRAR 4.20 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/4/2012 8:39:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHA
    12/4/2012 7:20:43 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    12/4/2012 6:30:56 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.
    12/3/2012 8:57:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
    12/3/2012 5:16:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    12/3/2012 5:16:29 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/2/2012 12:22:12 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR8.
    .
    ==== End Of File ===========================
  8. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    TDSS 1 part 1
    20:38:09.0346 5048 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    20:38:09.0799 5048 ============================================================
    20:38:09.0799 5048 Current date / time: 2012/12/04 20:38:09.0799
    20:38:09.0799 5048 SystemInfo:
    20:38:09.0799 5048
    20:38:09.0799 5048 OS Version: 6.1.7601 ServicePack: 1.0
    20:38:09.0799 5048 Product type: Workstation
    20:38:09.0799 5048 ComputerName: TIM-PC
    20:38:09.0799 5048 UserName: Tim
    20:38:09.0799 5048 Windows directory: C:\Windows
    20:38:09.0799 5048 System windows directory: C:\Windows
    20:38:09.0799 5048 Running under WOW64
    20:38:09.0799 5048 Processor architecture: Intel x64
    20:38:09.0799 5048 Number of processors: 4
    20:38:09.0799 5048 Page size: 0x1000
    20:38:09.0799 5048 Boot type: Normal boot
    20:38:09.0799 5048 ============================================================
    20:38:10.0142 5048 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:38:10.0142 5048 Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:38:10.0594 5048 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:38:10.0594 5048 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:38:10.0610 5048 Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:38:10.0735 5048 Drive \Device\Harddisk5\DR5 - Size: 0x2537397000 (148.86 Gb), SectorSize: 0x1000, Cylinders: 0x97D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    20:38:10.0735 5048 ============================================================
    20:38:10.0735 5048 \Device\Harddisk0\DR0:
    20:38:10.0735 5048 MBR partitions:
    20:38:10.0735 5048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
    20:38:10.0735 5048 \Device\Harddisk1\DR1:
    20:38:10.0735 5048 MBR partitions:
    20:38:10.0735 5048 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    20:38:10.0735 5048 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
    20:38:10.0735 5048 \Device\Harddisk2\DR2:
    20:38:10.0735 5048 MBR partitions:
    20:38:10.0735 5048 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    20:38:10.0735 5048 \Device\Harddisk3\DR3:
    20:38:10.0735 5048 MBR partitions:
    20:38:10.0735 5048 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    20:38:10.0735 5048 \Device\Harddisk4\DR4:
    20:38:10.0735 5048 MBR partitions:
    20:38:10.0735 5048 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    20:38:10.0735 5048 \Device\Harddisk5\DR5:
    20:38:10.0735 5048 MBR partitions:
    20:38:10.0735 5048 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x2537357
    20:38:10.0735 5048 ============================================================
    20:38:10.0735 5048 C: <-> \Device\Harddisk1\DR1\Partition2
    20:38:10.0781 5048 D: <-> \Device\Harddisk0\DR0\Partition1
    20:38:10.0797 5048 E: <-> \Device\Harddisk2\DR2\Partition1
    20:38:10.0828 5048 F: <-> \Device\Harddisk3\DR3\Partition1
    20:38:10.0828 5048 G: <-> \Device\Harddisk4\DR4\Partition1
    20:38:10.0828 5048 ============================================================
    20:38:10.0828 5048 Initialize success
    20:38:10.0828 5048 ============================================================
    20:38:21.0043 4412 ============================================================
    20:38:21.0043 4412 Scan started
    20:38:21.0043 4412 Mode: Manual;
    20:38:21.0043 4412 ============================================================
    20:38:21.0760 4412 ================ Scan system memory ========================
    20:38:21.0760 4412 System memory - ok
    20:38:21.0760 4412 ================ Scan services =============================
    20:38:21.0791 4412 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    20:38:21.0791 4412 1394ohci - ok
    20:38:21.0807 4412 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    20:38:21.0807 4412 ACPI - ok
    20:38:21.0807 4412 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    20:38:21.0807 4412 AcpiPmi - ok
    20:38:21.0807 4412 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    20:38:21.0823 4412 AdobeARMservice - ok
    20:38:21.0823 4412 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    20:38:21.0823 4412 adp94xx - ok
    20:38:21.0838 4412 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    20:38:21.0838 4412 adpahci - ok
    20:38:21.0838 4412 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    20:38:21.0854 4412 adpu320 - ok
    20:38:21.0854 4412 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    20:38:21.0854 4412 AeLookupSvc - ok
    20:38:21.0869 4412 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    20:38:21.0869 4412 AFD - ok
    20:38:21.0869 4412 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    20:38:21.0869 4412 agp440 - ok
    20:38:21.0869 4412 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    20:38:21.0885 4412 ALG - ok
    20:38:21.0885 4412 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    20:38:21.0885 4412 aliide - ok
    20:38:21.0885 4412 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    20:38:21.0885 4412 amdide - ok
    20:38:21.0885 4412 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    20:38:21.0885 4412 AmdK8 - ok
    20:38:21.0901 4412 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    20:38:21.0901 4412 AmdPPM - ok
    20:38:21.0901 4412 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    20:38:21.0901 4412 amdsata - ok
    20:38:21.0901 4412 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    20:38:21.0901 4412 amdsbs - ok
    20:38:21.0901 4412 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    20:38:21.0901 4412 amdxata - ok
    20:38:21.0916 4412 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    20:38:21.0916 4412 AppID - ok
    20:38:21.0916 4412 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    20:38:21.0916 4412 AppIDSvc - ok
    20:38:21.0916 4412 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    20:38:21.0916 4412 Appinfo - ok
    20:38:21.0916 4412 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:38:21.0932 4412 Apple Mobile Device - ok
    20:38:21.0932 4412 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    20:38:21.0932 4412 arc - ok
    20:38:21.0932 4412 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    20:38:21.0932 4412 arcsas - ok
    20:38:21.0932 4412 [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
    20:38:21.0932 4412 asahci64 - ok
    20:38:21.0932 4412 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
    20:38:21.0932 4412 asmthub3 - ok
    20:38:21.0947 4412 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
    20:38:21.0947 4412 asmtxhci - ok
    20:38:21.0963 4412 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    20:38:21.0963 4412 aspnet_state - ok
    20:38:21.0963 4412 [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
    20:38:21.0979 4412 AsrAppCharger - ok
    20:38:21.0979 4412 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    20:38:21.0979 4412 AsyncMac - ok
    20:38:21.0979 4412 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    20:38:21.0979 4412 atapi - ok
    20:38:21.0994 4412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    20:38:21.0994 4412 AudioEndpointBuilder - ok
    20:38:22.0010 4412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    20:38:22.0010 4412 AudioSrv - ok
    20:38:22.0010 4412 AVGIDSHA - ok
    20:38:22.0010 4412 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    20:38:22.0010 4412 Avgloga - ok
    20:38:22.0025 4412 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    20:38:22.0025 4412 AxInstSV - ok
    20:38:22.0025 4412 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    20:38:22.0025 4412 b06bdrv - ok
    20:38:22.0041 4412 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    20:38:22.0041 4412 b57nd60a - ok
    20:38:22.0041 4412 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    20:38:22.0041 4412 BDESVC - ok
    20:38:22.0041 4412 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    20:38:22.0041 4412 Beep - ok
    20:38:22.0057 4412 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    20:38:22.0057 4412 BFE - ok
    20:38:22.0072 4412 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    20:38:22.0072 4412 BITS - ok
    20:38:22.0072 4412 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    20:38:22.0072 4412 blbdrive - ok
    20:38:22.0088 4412 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:38:22.0088 4412 Bonjour Service - ok
    20:38:22.0088 4412 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    20:38:22.0088 4412 bowser - ok
    20:38:22.0103 4412 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:38:22.0103 4412 BrFiltLo - ok
    20:38:22.0103 4412 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:38:22.0103 4412 BrFiltUp - ok
    20:38:22.0103 4412 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    20:38:22.0103 4412 Browser - ok
    20:38:22.0103 4412 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    20:38:22.0119 4412 Brserid - ok
    20:38:22.0119 4412 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    20:38:22.0119 4412 BrSerWdm - ok
    20:38:22.0119 4412 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:38:22.0119 4412 BrUsbMdm - ok
    20:38:22.0119 4412 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    20:38:22.0119 4412 BrUsbSer - ok
    20:38:22.0119 4412 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    20:38:22.0119 4412 BTHMODEM - ok
    20:38:22.0135 4412 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    20:38:22.0135 4412 bthserv - ok
    20:38:22.0135 4412 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    20:38:22.0135 4412 cdfs - ok
    20:38:22.0135 4412 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    20:38:22.0135 4412 cdrom - ok
    20:38:22.0135 4412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    20:38:22.0150 4412 CertPropSvc - ok
    20:38:22.0150 4412 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    20:38:22.0150 4412 circlass - ok
    20:38:22.0150 4412 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    20:38:22.0150 4412 CLFS - ok
    20:38:22.0166 4412 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:38:22.0166 4412 clr_optimization_v2.0.50727_32 - ok
    20:38:22.0166 4412 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:38:22.0166 4412 clr_optimization_v2.0.50727_64 - ok
    20:38:22.0181 4412 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:38:22.0181 4412 clr_optimization_v4.0.30319_32 - ok
    20:38:22.0181 4412 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:38:22.0197 4412 clr_optimization_v4.0.30319_64 - ok
    20:38:22.0197 4412 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    20:38:22.0197 4412 CmBatt - ok
    20:38:22.0197 4412 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    20:38:22.0197 4412 cmdide - ok
    20:38:22.0213 4412 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
    20:38:22.0213 4412 CNG - ok
    20:38:22.0213 4412 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    20:38:22.0213 4412 Compbatt - ok
    20:38:22.0213 4412 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    20:38:22.0213 4412 CompositeBus - ok
    20:38:22.0213 4412 COMSysApp - ok
    20:38:22.0244 4412 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
    20:38:22.0244 4412 cphs - ok
    20:38:22.0244 4412 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    20:38:22.0244 4412 crcdisk - ok
    20:38:22.0244 4412 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    20:38:22.0244 4412 Creative Audio Engine Licensing Service - ok
    20:38:22.0259 4412 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    20:38:22.0275 4412 CryptSvc - ok
    20:38:22.0275 4412 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
    20:38:22.0275 4412 CT20XUT - ok
    20:38:22.0275 4412 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
    20:38:22.0275 4412 CT20XUT.SYS - ok
    20:38:22.0291 4412 [ EB3843A91A10150C9E05607CBCB44090 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
    20:38:22.0291 4412 ctac32k - ok
    20:38:22.0291 4412 [ BC06EFB59A2316537765462DFE40F764 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
    20:38:22.0291 4412 ctaud2k - ok
    20:38:22.0306 4412 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    20:38:22.0337 4412 CTAudSvcService - ok
    20:38:22.0353 4412 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
    20:38:22.0353 4412 CTEXFIFX - ok
    20:38:22.0369 4412 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
    20:38:22.0369 4412 CTEXFIFX.SYS - ok
    20:38:22.0369 4412 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
    20:38:22.0369 4412 CTHWIUT - ok
    20:38:22.0369 4412 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
    20:38:22.0384 4412 CTHWIUT.SYS - ok
    20:38:22.0384 4412 [ EBC9548EF5838CB5AA8F18B3AC28AF12 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
    20:38:22.0384 4412 ctprxy2k - ok
    20:38:22.0384 4412 [ 459BEE1682121842285C162E2D98D81A ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
    20:38:22.0384 4412 ctsfm2k - ok
    20:38:22.0384 4412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    20:38:22.0400 4412 DcomLaunch - ok
    20:38:22.0400 4412 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    20:38:22.0400 4412 defragsvc - ok
    20:38:22.0400 4412 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    20:38:22.0400 4412 DfsC - ok
    20:38:22.0415 4412 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    20:38:22.0415 4412 Dhcp - ok
    20:38:22.0415 4412 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    20:38:22.0415 4412 discache - ok
    20:38:22.0415 4412 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    20:38:22.0415 4412 Disk - ok
    20:38:22.0415 4412 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    20:38:22.0415 4412 Dnscache - ok
    20:38:22.0431 4412 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    20:38:22.0431 4412 dot3svc - ok
    20:38:22.0431 4412 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    20:38:22.0431 4412 DPS - ok
    20:38:22.0431 4412 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    20:38:22.0431 4412 drmkaud - ok
    20:38:22.0447 4412 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    20:38:22.0447 4412 DXGKrnl - ok
    20:38:22.0447 4412 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    20:38:22.0447 4412 EapHost - ok
    20:38:22.0478 4412 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    20:38:22.0493 4412 ebdrv - ok
    20:38:22.0493 4412 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    20:38:22.0493 4412 EFS - ok
    20:38:22.0509 4412 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    20:38:22.0509 4412 ehRecvr - ok
    20:38:22.0509 4412 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    20:38:22.0509 4412 ehSched - ok
    20:38:22.0525 4412 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    20:38:22.0525 4412 elxstor - ok
    20:38:22.0525 4412 [ C26133B6165928FBD156C6FE570F9ED2 ] emupia C:\Windows\system32\drivers\emupia2k.sys
    20:38:22.0525 4412 emupia - ok
    20:38:22.0525 4412 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    20:38:22.0525 4412 ErrDev - ok
    20:38:22.0540 4412 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    20:38:22.0540 4412 EventSystem - ok
    20:38:22.0540 4412 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    20:38:22.0540 4412 exfat - ok
    20:38:22.0540 4412 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    20:38:22.0540 4412 fastfat - ok
    20:38:22.0556 4412 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    20:38:22.0556 4412 Fax - ok
    20:38:22.0556 4412 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    20:38:22.0556 4412 fdc - ok
    20:38:22.0571 4412 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    20:38:22.0571 4412 fdPHost - ok
    20:38:22.0571 4412 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    20:38:22.0571 4412 FDResPub - ok
    20:38:22.0571 4412 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    20:38:22.0571 4412 FileInfo - ok
    20:38:22.0571 4412 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    20:38:22.0571 4412 Filetrace - ok
    20:38:22.0571 4412 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    20:38:22.0571 4412 flpydisk - ok
    20:38:22.0587 4412 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    20:38:22.0587 4412 FltMgr - ok
    20:38:22.0587 4412 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    20:38:22.0603 4412 FontCache - ok
    20:38:22.0603 4412 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:38:22.0603 4412 FontCache3.0.0.0 - ok
    20:38:22.0603 4412 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    20:38:22.0603 4412 FsDepends - ok
    20:38:22.0603 4412 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    20:38:22.0603 4412 Fs_Rec - ok
    20:38:22.0618 4412 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    20:38:22.0618 4412 fvevol - ok
    20:38:22.0618 4412 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:38:22.0618 4412 gagp30kx - ok
    20:38:22.0618 4412 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:38:22.0618 4412 GEARAspiWDM - ok
    20:38:22.0634 4412 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    20:38:22.0634 4412 gpsvc - ok
    20:38:22.0649 4412 [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
    20:38:22.0649 4412 ha20x2k - ok
    20:38:22.0649 4412 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    20:38:22.0649 4412 hcw85cir - ok
    20:38:22.0665 4412 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    20:38:22.0665 4412 HdAudAddService - ok
    20:38:22.0665 4412 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    20:38:22.0665 4412 HDAudBus - ok
    20:38:22.0665 4412 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    20:38:22.0665 4412 HidBatt - ok
    20:38:22.0665 4412 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    20:38:22.0665 4412 HidBth - ok
    20:38:22.0681 4412 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    20:38:22.0681 4412 HidIr - ok
    20:38:22.0681 4412 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    20:38:22.0681 4412 hidserv - ok
    20:38:22.0681 4412 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    20:38:22.0681 4412 HidUsb - ok
    20:38:22.0681 4412 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    20:38:22.0681 4412 hkmsvc - ok
    20:38:22.0681 4412 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    20:38:22.0696 4412 HomeGroupListener - ok
    20:38:22.0696 4412 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    20:38:22.0696 4412 HomeGroupProvider - ok
    20:38:22.0696 4412 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    20:38:22.0696 4412 HpSAMD - ok
    20:38:22.0712 4412 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    20:38:22.0712 4412 HTTP - ok
    20:38:22.0712 4412 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    20:38:22.0712 4412 hwpolicy - ok
    20:38:22.0712 4412 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    20:38:22.0712 4412 i8042prt - ok
    20:38:22.0727 4412 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    20:38:22.0727 4412 iaStor - ok
    20:38:22.0727 4412 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    20:38:22.0727 4412 IAStorDataMgrSvc - ok
    20:38:22.0727 4412 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    20:38:22.0743 4412 iaStorV - ok
    20:38:22.0743 4412 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:38:22.0759 4412 idsvc - ok
    20:38:22.0790 4412 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    20:38:22.0821 4412 igfx - ok
    20:38:22.0821 4412 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    20:38:22.0821 4412 iirsp - ok
    20:38:22.0821 4412 [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
    20:38:22.0837 4412 ikbevent - ok
    20:38:22.0837 4412 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    20:38:22.0837 4412 IKEEXT - ok
    20:38:22.0852 4412 [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys
    20:38:22.0852 4412 imsevent - ok
    20:38:22.0868 4412 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    20:38:23.0414 4412 Intel(R) Capability Licensing Service Interface - ok
    20:38:23.0414 4412 [ 709C8623721A1F1EF388EA75A07EC33B ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    20:38:23.0492 4412 Intel(R) ME Service - ok
    20:38:23.0492 4412 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    20:38:23.0492 4412 intelide - ok
    20:38:23.0492 4412 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    20:38:23.0492 4412 intelppm - ok
    20:38:23.0507 4412 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    20:38:23.0507 4412 IPBusEnum - ok
    20:38:23.0507 4412 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:38:23.0507 4412 IpFilterDriver - ok
    20:38:23.0507 4412 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    20:38:23.0523 4412 iphlpsvc - ok
    20:38:23.0523 4412 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    20:38:23.0523 4412 IPMIDRV - ok
    20:38:23.0523 4412 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    20:38:23.0523 4412 IPNAT - ok
    20:38:23.0539 4412 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    20:38:23.0539 4412 iPod Service - ok
    20:38:23.0539 4412 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    20:38:23.0539 4412 IRENUM - ok
    20:38:23.0539 4412 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    20:38:23.0539 4412 isapnp - ok
    20:38:23.0554 4412 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    20:38:23.0554 4412 iScsiPrt - ok
    20:38:23.0554 4412 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
    20:38:23.0554 4412 ISCT - ok
    20:38:23.0554 4412 [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    20:38:23.0570 4412 ISCTAgent - ok
    20:38:23.0570 4412 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
    20:38:23.0570 4412 iusb3hcs - ok
    20:38:23.0570 4412 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
    20:38:23.0570 4412 iusb3hub - ok
    20:38:23.0585 4412 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
    20:38:23.0585 4412 iusb3xhc - ok
    20:38:23.0585 4412 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    20:38:23.0585 4412 jhi_service - ok
    20:38:23.0601 4412 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
    20:38:23.0601 4412 k57nd60a - ok
    20:38:23.0601 4412 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    20:38:23.0601 4412 kbdclass - ok
    20:38:23.0601 4412 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    20:38:23.0601 4412 kbdhid - ok
    20:38:23.0601 4412 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    20:38:23.0601 4412 KeyIso - ok
    20:38:23.0601 4412 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    20:38:23.0601 4412 KSecDD - ok
    20:38:23.0617 4412 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    20:38:23.0617 4412 KSecPkg - ok
    20:38:23.0617 4412 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    20:38:23.0617 4412 ksthunk - ok
    20:38:23.0617 4412 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    20:38:23.0617 4412 KtmRm - ok
    20:38:23.0632 4412 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    20:38:23.0632 4412 LanmanServer - ok
    20:38:23.0632 4412 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    20:38:23.0632 4412 LanmanWorkstation - ok
    20:38:23.0632 4412 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    20:38:23.0632 4412 lltdio - ok
    20:38:23.0648 4412 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    20:38:23.0648 4412 lltdsvc - ok
    20:38:23.0648 4412 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    20:38:23.0648 4412 lmhosts - ok
    20:38:23.0648 4412 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    20:38:23.0648 4412 LMS - ok
    20:38:23.0648 4412 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:38:23.0663 4412 LSI_FC - ok
    20:38:23.0663 4412 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:38:23.0663 4412 LSI_SAS - ok
    20:38:23.0663 4412 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:38:23.0663 4412 LSI_SAS2 - ok
    20:38:23.0663 4412 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:38:23.0663 4412 LSI_SCSI - ok
    20:38:23.0663 4412 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    20:38:23.0663 4412 luafv - ok
    20:38:23.0679 4412 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    20:38:23.0679 4412 Mcx2Svc - ok
    20:38:23.0679 4412 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    20:38:23.0679 4412 megasas - ok
    20:38:23.0679 4412 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    20:38:23.0679 4412 MegaSR - ok
    20:38:23.0679 4412 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    20:38:23.0679 4412 MEIx64 - ok
    20:38:23.0695 4412 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    20:38:23.0695 4412 MMCSS - ok
    20:38:23.0695 4412 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    20:38:23.0695 4412 Modem - ok
    20:38:23.0710 4412 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    20:38:23.0710 4412 monitor - ok
    20:38:23.0710 4412 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    20:38:23.0710 4412 mouclass - ok
    20:38:23.0710 4412 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    20:38:23.0710 4412 mouhid - ok
    20:38:23.0710 4412 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    20:38:23.0710 4412 mountmgr - ok
    20:38:23.0710 4412 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    20:38:23.0726 4412 MozillaMaintenance - ok
    20:38:23.0726 4412 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    20:38:23.0726 4412 MpFilter - ok
    20:38:23.0726 4412 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    20:38:23.0726 4412 mpio - ok
    20:38:23.0726 4412 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    20:38:23.0726 4412 mpsdrv - ok
    20:38:23.0741 4412 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    20:38:23.0741 4412 MpsSvc - ok
    20:38:23.0741 4412 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    20:38:23.0757 4412 MRxDAV - ok
    20:38:23.0757 4412 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:38:23.0757 4412 mrxsmb - ok
    20:38:23.0757 4412 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:38:23.0757 4412 mrxsmb10 - ok
    20:38:23.0757 4412 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:38:23.0773 4412 mrxsmb20 - ok
    20:38:23.0773 4412 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    20:38:23.0773 4412 msahci - ok
    20:38:23.0773 4412 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    20:38:23.0773 4412 msdsm - ok
    20:38:23.0773 4412 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    20:38:23.0773 4412 MSDTC - ok
    20:38:23.0773 4412 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    20:38:23.0788 4412 Msfs - ok
    20:38:23.0788 4412 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    20:38:23.0788 4412 mshidkmdf - ok
    20:38:23.0788 4412 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    20:38:23.0788 4412 msisadrv - ok
    20:38:23.0788 4412 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    20:38:23.0788 4412 MSiSCSI - ok
    20:38:23.0788 4412 msiserver - ok
    20:38:23.0788 4412 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    20:38:23.0788 4412 MSKSSRV - ok
    20:38:23.0804 4412 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    20:38:23.0804 4412 MsMpSvc - ok
    20:38:23.0804 4412 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    20:38:23.0804 4412 MSPCLOCK - ok
    20:38:23.0804 4412 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    20:38:23.0804 4412 MSPQM - ok
    20:38:23.0804 4412 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    20:38:23.0804 4412 MsRPC - ok
    20:38:23.0804 4412 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    20:38:23.0819 4412 mssmbios - ok
    20:38:23.0819 4412 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    20:38:23.0819 4412 MSTEE - ok
    20:38:23.0819 4412 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    20:38:23.0819 4412 MTConfig - ok
    20:38:23.0819 4412 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    20:38:23.0819 4412 Mup - ok
    20:38:23.0819 4412 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
  9. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    TDSS 1 part 2
    20:38:23.0835 4412 napagent - ok
    20:38:23.0835 4412 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    20:38:23.0835 4412 NativeWifiP - ok
    20:38:23.0851 4412 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    20:38:23.0851 4412 NDIS - ok
    20:38:23.0851 4412 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    20:38:23.0851 4412 NdisCap - ok
    20:38:23.0851 4412 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    20:38:23.0851 4412 NdisTapi - ok
    20:38:23.0851 4412 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    20:38:23.0851 4412 Ndisuio - ok
    20:38:23.0866 4412 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    20:38:23.0866 4412 NdisWan - ok
    20:38:23.0866 4412 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    20:38:23.0866 4412 NDProxy - ok
    20:38:23.0866 4412 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    20:38:23.0866 4412 NetBIOS - ok
    20:38:23.0866 4412 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    20:38:23.0882 4412 NetBT - ok
    20:38:23.0882 4412 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    20:38:23.0882 4412 Netlogon - ok
    20:38:23.0882 4412 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    20:38:23.0882 4412 Netman - ok
    20:38:23.0897 4412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:38:23.0897 4412 NetMsmqActivator - ok
    20:38:23.0897 4412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:38:23.0897 4412 NetPipeActivator - ok
    20:38:23.0897 4412 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    20:38:23.0913 4412 netprofm - ok
    20:38:23.0913 4412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:38:23.0913 4412 NetTcpActivator - ok
    20:38:23.0913 4412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:38:23.0913 4412 NetTcpPortSharing - ok
    20:38:23.0913 4412 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    20:38:23.0913 4412 nfrd960 - ok
    20:38:23.0913 4412 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    20:38:23.0913 4412 NisDrv - ok
    20:38:23.0929 4412 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    20:38:23.0929 4412 NisSrv - ok
    20:38:23.0929 4412 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    20:38:23.0944 4412 NlaSvc - ok
    20:38:23.0944 4412 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    20:38:23.0944 4412 Npfs - ok
    20:38:23.0944 4412 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    20:38:23.0944 4412 nsi - ok
    20:38:23.0960 4412 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    20:38:23.0960 4412 nsiproxy - ok
    20:38:23.0975 4412 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    20:38:23.0975 4412 Ntfs - ok
    20:38:23.0975 4412 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    20:38:23.0975 4412 Null - ok
    20:38:23.0991 4412 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    20:38:23.0991 4412 NVHDA - ok
    20:38:24.0053 4412 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    20:38:24.0100 4412 nvlddmkm - ok
    20:38:24.0100 4412 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    20:38:24.0116 4412 nvraid - ok
    20:38:24.0116 4412 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    20:38:24.0116 4412 nvstor - ok
    20:38:24.0116 4412 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
    20:38:24.0131 4412 nvsvc - ok
    20:38:24.0131 4412 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    20:38:24.0147 4412 nvUpdatusService - ok
    20:38:24.0147 4412 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    20:38:24.0147 4412 nv_agp - ok
    20:38:24.0147 4412 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    20:38:24.0147 4412 ohci1394 - ok
    20:38:24.0163 4412 [ 0E2DE427EBE106E7E5B52869D5C99F68 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
    20:38:24.0163 4412 ossrv - ok
    20:38:24.0163 4412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    20:38:24.0163 4412 p2pimsvc - ok
    20:38:24.0178 4412 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    20:38:24.0178 4412 p2psvc - ok
    20:38:24.0178 4412 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    20:38:24.0178 4412 Parport - ok
    20:38:24.0178 4412 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    20:38:24.0178 4412 partmgr - ok
    20:38:24.0178 4412 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    20:38:24.0178 4412 PcaSvc - ok
    20:38:24.0194 4412 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    20:38:24.0194 4412 pci - ok
    20:38:24.0194 4412 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    20:38:24.0194 4412 pciide - ok
    20:38:24.0194 4412 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    20:38:24.0194 4412 pcmcia - ok
    20:38:24.0194 4412 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    20:38:24.0194 4412 pcw - ok
    20:38:24.0209 4412 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    20:38:24.0209 4412 PEAUTH - ok
    20:38:24.0225 4412 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    20:38:24.0225 4412 PerfHost - ok
    20:38:24.0241 4412 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    20:38:24.0256 4412 pla - ok
    20:38:24.0256 4412 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    20:38:24.0272 4412 PlugPlay - ok
    20:38:24.0272 4412 PnkBstrA - ok
    20:38:24.0272 4412 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    20:38:24.0272 4412 PNRPAutoReg - ok
    20:38:24.0272 4412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    20:38:24.0272 4412 PNRPsvc - ok
    20:38:24.0287 4412 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    20:38:24.0287 4412 Point64 - ok
    20:38:24.0287 4412 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    20:38:24.0287 4412 PolicyAgent - ok
    20:38:24.0287 4412 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    20:38:24.0303 4412 Power - ok
    20:38:24.0303 4412 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    20:38:24.0303 4412 PptpMiniport - ok
    20:38:24.0303 4412 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    20:38:24.0303 4412 Processor - ok
    20:38:24.0303 4412 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    20:38:24.0303 4412 ProfSvc - ok
    20:38:24.0319 4412 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    20:38:24.0319 4412 ProtectedStorage - ok
    20:38:24.0319 4412 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    20:38:24.0319 4412 Psched - ok
    20:38:24.0334 4412 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    20:38:24.0334 4412 ql2300 - ok
    20:38:24.0350 4412 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    20:38:24.0350 4412 ql40xx - ok
    20:38:24.0350 4412 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    20:38:24.0350 4412 QWAVE - ok
    20:38:24.0350 4412 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    20:38:24.0350 4412 QWAVEdrv - ok
    20:38:24.0350 4412 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    20:38:24.0350 4412 RasAcd - ok
    20:38:24.0365 4412 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:38:24.0365 4412 RasAgileVpn - ok
    20:38:24.0365 4412 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    20:38:24.0365 4412 RasAuto - ok
    20:38:24.0365 4412 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:38:24.0365 4412 Rasl2tp - ok
    20:38:24.0365 4412 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    20:38:24.0381 4412 RasMan - ok
    20:38:24.0381 4412 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    20:38:24.0381 4412 RasPppoe - ok
    20:38:24.0381 4412 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    20:38:24.0381 4412 RasSstp - ok
    20:38:24.0381 4412 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    20:38:24.0381 4412 rdbss - ok
    20:38:24.0397 4412 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    20:38:24.0397 4412 rdpbus - ok
    20:38:24.0397 4412 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:38:24.0397 4412 RDPCDD - ok
    20:38:24.0397 4412 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    20:38:24.0397 4412 RDPENCDD - ok
    20:38:24.0397 4412 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    20:38:24.0397 4412 RDPREFMP - ok
    20:38:24.0397 4412 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    20:38:24.0397 4412 RdpVideoMiniport - ok
    20:38:24.0412 4412 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    20:38:24.0412 4412 RDPWD - ok
    20:38:24.0412 4412 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    20:38:24.0412 4412 rdyboost - ok
    20:38:24.0412 4412 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    20:38:24.0412 4412 RemoteAccess - ok
    20:38:24.0428 4412 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    20:38:24.0428 4412 RemoteRegistry - ok
    20:38:24.0428 4412 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    20:38:24.0428 4412 RpcEptMapper - ok
    20:38:24.0428 4412 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    20:38:24.0428 4412 RpcLocator - ok
    20:38:24.0428 4412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    20:38:24.0443 4412 RpcSs - ok
    20:38:24.0443 4412 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    20:38:24.0443 4412 rspndr - ok
    20:38:24.0443 4412 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    20:38:24.0443 4412 SamSs - ok
    20:38:24.0443 4412 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    20:38:24.0443 4412 sbp2port - ok
    20:38:24.0443 4412 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    20:38:24.0459 4412 SCardSvr - ok
    20:38:24.0459 4412 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    20:38:24.0459 4412 scfilter - ok
    20:38:24.0459 4412 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    20:38:24.0475 4412 Schedule - ok
    20:38:24.0475 4412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    20:38:24.0475 4412 SCPolicySvc - ok
    20:38:24.0475 4412 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    20:38:24.0475 4412 SDRSVC - ok
    20:38:24.0475 4412 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    20:38:24.0475 4412 secdrv - ok
    20:38:24.0490 4412 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    20:38:24.0490 4412 seclogon - ok
    20:38:24.0490 4412 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    20:38:24.0490 4412 SENS - ok
    20:38:24.0490 4412 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    20:38:24.0490 4412 SensrSvc - ok
    20:38:24.0490 4412 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    20:38:24.0490 4412 Serenum - ok
    20:38:24.0506 4412 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    20:38:24.0506 4412 Serial - ok
    20:38:24.0506 4412 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    20:38:24.0506 4412 sermouse - ok
    20:38:24.0506 4412 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    20:38:24.0506 4412 SessionEnv - ok
    20:38:24.0506 4412 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    20:38:24.0506 4412 sffdisk - ok
    20:38:24.0506 4412 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    20:38:24.0521 4412 sffp_mmc - ok
    20:38:24.0521 4412 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    20:38:24.0521 4412 sffp_sd - ok
    20:38:24.0521 4412 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    20:38:24.0521 4412 sfloppy - ok
    20:38:24.0521 4412 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    20:38:24.0521 4412 SharedAccess - ok
    20:38:24.0537 4412 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    20:38:24.0537 4412 ShellHWDetection - ok
    20:38:24.0537 4412 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:38:24.0537 4412 SiSRaid2 - ok
    20:38:24.0537 4412 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    20:38:24.0537 4412 SiSRaid4 - ok
    20:38:24.0537 4412 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    20:38:24.0537 4412 SkypeUpdate - ok
    20:38:24.0553 4412 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    20:38:24.0553 4412 Smb - ok
    20:38:24.0553 4412 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    20:38:24.0553 4412 SNMPTRAP - ok
    20:38:24.0553 4412 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    20:38:24.0553 4412 spldr - ok
    20:38:24.0568 4412 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    20:38:24.0568 4412 Spooler - ok
    20:38:24.0584 4412 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    20:38:24.0615 4412 sppsvc - ok
    20:38:24.0615 4412 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    20:38:24.0615 4412 sppuinotify - ok
    20:38:24.0615 4412 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    20:38:24.0615 4412 srv - ok
    20:38:24.0631 4412 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    20:38:24.0631 4412 srv2 - ok
    20:38:24.0631 4412 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    20:38:24.0631 4412 srvnet - ok
    20:38:24.0646 4412 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    20:38:24.0646 4412 SSDPSRV - ok
    20:38:24.0646 4412 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    20:38:24.0646 4412 SstpSvc - ok
    20:38:24.0646 4412 Steam Client Service - ok
    20:38:24.0646 4412 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    20:38:24.0662 4412 Stereo Service - ok
    20:38:24.0662 4412 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    20:38:24.0662 4412 stexstor - ok
    20:38:24.0662 4412 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    20:38:24.0662 4412 stisvc - ok
    20:38:24.0677 4412 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    20:38:24.0677 4412 swenum - ok
    20:38:24.0677 4412 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    20:38:24.0677 4412 swprv - ok
    20:38:24.0693 4412 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    20:38:24.0709 4412 SysMain - ok
    20:38:24.0709 4412 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    20:38:24.0709 4412 TabletInputService - ok
    20:38:24.0709 4412 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    20:38:24.0724 4412 TapiSrv - ok
    20:38:24.0724 4412 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    20:38:24.0724 4412 TBS - ok
    20:38:24.0740 4412 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    20:38:24.0740 4412 Tcpip - ok
    20:38:24.0755 4412 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    20:38:24.0771 4412 TCPIP6 - ok
    20:38:24.0771 4412 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    20:38:24.0771 4412 tcpipreg - ok
    20:38:24.0771 4412 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    20:38:24.0771 4412 TDPIPE - ok
    20:38:24.0771 4412 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    20:38:24.0771 4412 TDTCP - ok
    20:38:24.0787 4412 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    20:38:24.0787 4412 tdx - ok
    20:38:24.0787 4412 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    20:38:24.0787 4412 TermDD - ok
    20:38:24.0787 4412 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    20:38:24.0802 4412 TermService - ok
    20:38:24.0802 4412 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    20:38:24.0802 4412 Themes - ok
    20:38:24.0802 4412 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    20:38:24.0802 4412 THREADORDER - ok
    20:38:24.0802 4412 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    20:38:24.0802 4412 TrkWks - ok
    20:38:24.0818 4412 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    20:38:24.0818 4412 TrustedInstaller - ok
    20:38:24.0818 4412 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:38:24.0818 4412 tssecsrv - ok
    20:38:24.0818 4412 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    20:38:24.0818 4412 TsUsbFlt - ok
    20:38:24.0818 4412 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    20:38:24.0818 4412 tunnel - ok
    20:38:24.0833 4412 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    20:38:24.0833 4412 uagp35 - ok
    20:38:24.0833 4412 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    20:38:24.0833 4412 udfs - ok
    20:38:24.0833 4412 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    20:38:24.0833 4412 UI0Detect - ok
    20:38:24.0849 4412 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    20:38:24.0849 4412 uliagpkx - ok
    20:38:24.0849 4412 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    20:38:24.0849 4412 umbus - ok
    20:38:24.0849 4412 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    20:38:24.0849 4412 UmPass - ok
    20:38:24.0849 4412 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    20:38:24.0849 4412 UNS - ok
    20:38:24.0865 4412 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    20:38:24.0865 4412 upnphost - ok
    20:38:24.0865 4412 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    20:38:24.0865 4412 USBAAPL64 - ok
    20:38:24.0865 4412 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
    20:38:24.0865 4412 usbccgp - ok
    20:38:24.0880 4412 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    20:38:24.0880 4412 usbcir - ok
    20:38:24.0880 4412 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    20:38:24.0880 4412 usbehci - ok
    20:38:24.0880 4412 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    20:38:24.0880 4412 usbhub - ok
    20:38:24.0880 4412 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    20:38:24.0880 4412 usbohci - ok
    20:38:24.0896 4412 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    20:38:24.0896 4412 usbprint - ok
    20:38:24.0896 4412 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:38:24.0896 4412 USBSTOR - ok
    20:38:24.0896 4412 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    20:38:24.0896 4412 usbuhci - ok
    20:38:24.0896 4412 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    20:38:24.0896 4412 UxSms - ok
    20:38:24.0896 4412 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    20:38:24.0896 4412 VaultSvc - ok
    20:38:24.0911 4412 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    20:38:24.0911 4412 vdrvroot - ok
    20:38:24.0911 4412 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    20:38:24.0911 4412 vds - ok
    20:38:24.0911 4412 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    20:38:24.0911 4412 vga - ok
    20:38:24.0911 4412 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    20:38:24.0927 4412 VgaSave - ok
    20:38:24.0927 4412 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    20:38:24.0927 4412 vhdmp - ok
    20:38:24.0927 4412 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    20:38:24.0927 4412 viaide - ok
    20:38:24.0927 4412 [ D314B6B04C273DDD5D69D6351919CB7F ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
    20:38:24.0943 4412 VirtuWDDM - ok
    20:38:24.0943 4412 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    20:38:24.0943 4412 volmgr - ok
    20:38:24.0943 4412 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    20:38:24.0943 4412 volmgrx - ok
    20:38:24.0958 4412 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    20:38:24.0958 4412 volsnap - ok
    20:38:24.0958 4412 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    20:38:24.0958 4412 vsmraid - ok
    20:38:24.0974 4412 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    20:38:24.0974 4412 VSS - ok
    20:38:24.0989 4412 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    20:38:24.0989 4412 vwifibus - ok
    20:38:24.0989 4412 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    20:38:24.0989 4412 W32Time - ok
    20:38:24.0989 4412 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    20:38:24.0989 4412 WacomPen - ok
    20:38:25.0005 4412 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    20:38:25.0005 4412 WANARP - ok
    20:38:25.0005 4412 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    20:38:25.0005 4412 Wanarpv6 - ok
    20:38:25.0021 4412 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    20:38:25.0021 4412 WatAdminSvc - ok
    20:38:25.0036 4412 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    20:38:25.0036 4412 wbengine - ok
    20:38:25.0052 4412 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    20:38:25.0052 4412 WbioSrvc - ok
    20:38:25.0052 4412 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    20:38:25.0052 4412 wcncsvc - ok
    20:38:25.0052 4412 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    20:38:25.0067 4412 WcsPlugInService - ok
    20:38:25.0067 4412 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    20:38:25.0067 4412 Wd - ok
    20:38:25.0067 4412 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    20:38:25.0083 4412 Wdf01000 - ok
    20:38:25.0083 4412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    20:38:25.0083 4412 WdiServiceHost - ok
    20:38:25.0083 4412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    20:38:25.0083 4412 WdiSystemHost - ok
    20:38:25.0083 4412 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    20:38:25.0083 4412 WebClient - ok
    20:38:25.0099 4412 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    20:38:25.0099 4412 Wecsvc - ok
    20:38:25.0099 4412 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    20:38:25.0099 4412 wercplsupport - ok
    20:38:25.0099 4412 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    20:38:25.0099 4412 WerSvc - ok
    20:38:25.0099 4412 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    20:38:25.0114 4412 WfpLwf - ok
    20:38:25.0114 4412 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    20:38:25.0114 4412 WIMMount - ok
    20:38:25.0114 4412 WinDefend - ok
    20:38:25.0114 4412 WinHttpAutoProxySvc - ok
    20:38:25.0130 4412 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    20:38:25.0130 4412 Winmgmt - ok
    20:38:25.0145 4412 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    20:38:25.0145 4412 WinRM - ok
    20:38:25.0161 4412 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    20:38:25.0177 4412 Wlansvc - ok
    20:38:25.0177 4412 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    20:38:25.0177 4412 WmiAcpi - ok
    20:38:25.0177 4412 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    20:38:25.0177 4412 wmiApSrv - ok
    20:38:25.0177 4412 WMPNetworkSvc - ok
    20:38:25.0177 4412 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    20:38:25.0177 4412 WPCSvc - ok
    20:38:25.0192 4412 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    20:38:25.0192 4412 WPDBusEnum - ok
    20:38:25.0208 4412 [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001 C:\Windows\system32\drivers\WPRO_41_2001.sys
    20:38:25.0208 4412 WPRO_41_2001 - ok
    20:38:25.0208 4412 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    20:38:25.0208 4412 ws2ifsl - ok
    20:38:25.0208 4412 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    20:38:25.0208 4412 wscsvc - ok
    20:38:25.0223 4412 WSearch - ok
    20:38:25.0239 4412 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    20:38:25.0255 4412 wuauserv - ok
    20:38:25.0255 4412 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    20:38:25.0255 4412 WudfPf - ok
    20:38:25.0255 4412 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:38:25.0255 4412 WUDFRd - ok
    20:38:25.0255 4412 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    20:38:25.0270 4412 wudfsvc - ok
    20:38:25.0270 4412 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    20:38:25.0286 4412 WwanSvc - ok
    20:38:25.0286 4412 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    20:38:25.0286 4412 xusb21 - ok
    20:38:25.0286 4412 ================ Scan global ===============================
    20:38:25.0286 4412 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    20:38:25.0286 4412 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    20:38:25.0301 4412 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    20:38:25.0317 4412 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    20:38:25.0317 4412 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    20:38:25.0317 4412 [Global] - ok
    20:38:25.0317 4412 ================ Scan MBR ==================================
    20:38:25.0317 4412 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    20:38:25.0317 4412 \Device\Harddisk0\DR0 - ok
    20:38:25.0317 4412 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    20:38:25.0317 4412 Suspicious mbr (Forged): \Device\Harddisk1\DR1
    20:38:25.0317 4412 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - infected
    20:38:25.0317 4412 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.c (0)
    20:38:25.0348 4412 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
    20:38:25.0348 4412 \Device\Harddisk2\DR2 - ok
    20:38:25.0348 4412 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
    20:38:25.0411 4412 \Device\Harddisk3\DR3 - ok
    20:38:25.0426 4412 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
    20:38:25.0473 4412 \Device\Harddisk4\DR4 - ok
    20:38:25.0489 4412 [ ADE8A174CD6C964C69A420C1CF4C17CD ] \Device\Harddisk5\DR5
    20:38:30.0325 4412 \Device\Harddisk5\DR5 - ok
    20:38:30.0325 4412 ================ Scan VBR ==================================
    20:38:30.0325 4412 [ 59C867C901274C4FEA3BDD804D21D7B7 ] \Device\Harddisk0\DR0\Partition1
    20:38:30.0325 4412 \Device\Harddisk0\DR0\Partition1 - ok
    20:38:30.0325 4412 [ 9F242C02F9B2FC17BD418193F3978E26 ] \Device\Harddisk1\DR1\Partition1
    20:38:30.0325 4412 \Device\Harddisk1\DR1\Partition1 - ok
    20:38:30.0325 4412 [ C28CA0D3693AFCE324433D3CB240C242 ] \Device\Harddisk1\DR1\Partition2
    20:38:30.0340 4412 \Device\Harddisk1\DR1\Partition2 - ok
    20:38:30.0356 4412 [ FA33CF4C57E74688AB51E234C1CEC4C2 ] \Device\Harddisk2\DR2\Partition1
    20:38:30.0356 4412 \Device\Harddisk2\DR2\Partition1 - ok
    20:38:30.0371 4412 [ 2417CF42FD87CDCE32C054DB435ACD83 ] \Device\Harddisk3\DR3\Partition1
    20:38:30.0371 4412 \Device\Harddisk3\DR3\Partition1 - ok
    20:38:30.0387 4412 [ CF75FBBA9352EAC96EBE31E8827C6119 ] \Device\Harddisk4\DR4\Partition1
    20:38:30.0403 4412 \Device\Harddisk4\DR4\Partition1 - ok
    20:38:30.0403 4412 [ 8A9791B9F5D968EDD901497169EEF500 ] \Device\Harddisk5\DR5\Partition1
    20:38:30.0403 4412 \Device\Harddisk5\DR5\Partition1 - ok
    20:38:30.0403 4412 ============================================================
    20:38:30.0403 4412 Scan finished
    20:38:30.0403 4412 ============================================================
    20:38:30.0403 4404 Detected object count: 1
    20:38:30.0403 4404 Actual detected object count: 1
    20:38:43.0850 4404 \Device\Harddisk1\DR1\# - copied to quarantine
    20:38:43.0881 4404 \Device\Harddisk1\DR1 - copied to quarantine
    20:38:45.0082 4404 \Device\Harddisk1\DR1\TDLFS\cmd.dll - copied to quarantine
    20:38:45.0098 4404 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
    20:38:45.0113 4404 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
    20:38:46.0720 4404 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
    20:38:46.0720 4404 \Device\Harddisk1\DR1\TDLFS\servers.dat - copied to quarantine
    20:38:46.0720 4404 \Device\Harddisk1\DR1\TDLFS\config.ini - copied to quarantine
    20:38:46.0720 4404 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
    20:38:46.0829 4404 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
    20:38:46.0829 4404 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
    20:38:46.0845 4404 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
    20:38:46.0845 4404 \Device\Harddisk1\DR1\TDLFS\ldrm - copied to quarantine
    20:38:46.0845 4404 \Device\Harddisk1\DR1\TDLFS\u - copied to quarantine
    20:38:46.0845 4404 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    20:38:46.0845 4404 \Device\Harddisk1\DR1 - ok
    20:38:46.0845 4404 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    20:38:55.0753 2616 Deinitialize success
  10. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    TDSS 2
    20:40:10.0406 3404 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    20:40:10.0734 3404 ============================================================
    20:40:10.0734 3404 Current date / time: 2012/12/04 20:40:10.0734
    20:40:10.0734 3404 SystemInfo:
    20:40:10.0734 3404
    20:40:10.0734 3404 OS Version: 6.1.7601 ServicePack: 1.0
    20:40:10.0734 3404 Product type: Workstation
    20:40:10.0734 3404 ComputerName: TIM-PC
    20:40:10.0734 3404 UserName: Tim
    20:40:10.0734 3404 Windows directory: C:\Windows
    20:40:10.0734 3404 System windows directory: C:\Windows
    20:40:10.0734 3404 Running under WOW64
    20:40:10.0734 3404 Processor architecture: Intel x64
    20:40:10.0734 3404 Number of processors: 4
    20:40:10.0734 3404 Page size: 0x1000
    20:40:10.0734 3404 Boot type: Normal boot
    20:40:10.0734 3404 ============================================================
    20:40:10.0905 3404 BG loaded
    20:40:11.0046 3404 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:40:11.0046 3404 Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:40:11.0516 3404 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:40:11.0518 3404 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:40:11.0557 3404 Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:40:11.0742 3404 Drive \Device\Harddisk5\DR5 - Size: 0x2537397000 (148.86 Gb), SectorSize: 0x1000, Cylinders: 0x97D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    20:40:12.0011 3404 ============================================================
    20:40:12.0011 3404 \Device\Harddisk0\DR0:
    20:40:12.0011 3404 MBR partitions:
    20:40:12.0011 3404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
    20:40:12.0011 3404 \Device\Harddisk1\DR1:
    20:40:12.0011 3404 MBR partitions:
    20:40:12.0011 3404 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    20:40:12.0011 3404 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
    20:40:12.0011 3404 \Device\Harddisk2\DR2:
    20:40:12.0012 3404 MBR partitions:
    20:40:12.0012 3404 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    20:40:12.0012 3404 \Device\Harddisk3\DR3:
    20:40:12.0012 3404 MBR partitions:
    20:40:12.0012 3404 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    20:40:12.0012 3404 \Device\Harddisk4\DR4:
    20:40:12.0012 3404 MBR partitions:
    20:40:12.0012 3404 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    20:40:12.0012 3404 \Device\Harddisk5\DR5:
    20:40:12.0013 3404 MBR partitions:
    20:40:12.0013 3404 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x2537357
    20:40:12.0013 3404 ============================================================
    20:40:12.0015 3404 C: <-> \Device\Harddisk1\DR1\Partition2
    20:40:12.0029 3404 D: <-> \Device\Harddisk0\DR0\Partition1
    20:40:12.0080 3404 E: <-> \Device\Harddisk2\DR2\Partition1
    20:40:12.0088 3404 F: <-> \Device\Harddisk3\DR3\Partition1
    20:40:12.0093 3404 G: <-> \Device\Harddisk4\DR4\Partition1
    20:40:12.0093 3404 ============================================================
    20:40:12.0093 3404 Initialize success
    20:40:12.0093 3404 ============================================================
    21:25:54.0565 3104 Deinitialize success
  11. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Good :)

    Re-run MBAM one more time and post new log.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  12. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    (Thanks a lot for your help. RogueKiller coming shortly)

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.05.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Tim :: TIM-PC [administrator]

    12/4/2012 10:06:37 PM
    mbam-log-2012-12-04 (22-06-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224750
    Time elapsed: 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
  13. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    Hmm tried removing the one trojan mbam found, restarted, and ran mbam again and this time it found nothing. Here is that log.

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.05.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Tim :: TIM-PC [administrator]

    12/4/2012 10:12:48 PM
    mbam-log-2012-12-04 (22-12-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224682
    Time elapsed: 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  14. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    RogueKiller log:

    RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Tim [Admin rights]
    Mode : Remove -- Date : 12/04/2012 22:18:32

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [RUN][NOTFOUND] HKCU\[...]\Run : DayZCommander (rundll32.exe "C:\Users\Tim\AppData\Local\Temp\",CreateTzanShellW) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2002FAEX-007BA0 +++++
    --- User ---
    [MBR] bb4528dabe985ff6a3509b0e17cea40d
    [BSP] e1c84fd4b093d906a68e4c505f4f1031 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SAMSUNG SSD 830 Series +++++
    --- User ---
    [MBR] 6b23c279ea3789e1c68adacbb41204e9
    [BSP] 3c4bb00e01629e6b6fdb6e1fb51d9917 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 244096 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: WDC WD10EADS-00L5B1 +++++
    --- User ---
    [MBR] 3c4d433d1c3bef52fd136f58030e0e45
    [BSP] 069b8fccd15b91828368e8b816653edf : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: ST31000340AS +++++
    --- User ---
    [MBR] f746f20630fc364531febe2ea5d31806
    [BSP] 7916bb97a21b481da0fd55c71bae2a19 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive4: WDC WD1001FALS-00J7B0 +++++
    --- User ---
    [MBR] a94ae3de5a012613f4be010328468cdf
    [BSP] 9f8d0357ed5e6322605abcb2f8a079a0 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_12042012_02d2218.txt >>
    RKreport[1]_S_12042012_02d2217.txt ; RKreport[2]_D_12042012_02d2218.txt
  15. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    aswMBR output:

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-04 22:25:21
    -----------------------------
    22:25:21.698 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:25:21.698 Number of processors: 4 586 0x3A09
    22:25:21.698 ComputerName: TIM-PC UserName: Tim
    22:25:21.878 Initialize success
    22:25:59.352 AVAST engine defs: 12120401
    22:26:19.016 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:26:19.016 Disk 0 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 3
    22:26:19.032 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    22:26:19.032 Disk 1 Vendor: SAMSUNG_ CXM0 Size: 244198MB BusType: 3
    22:26:19.032 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
    22:26:19.032 Disk 2 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
    22:26:19.032 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
    22:26:19.032 Disk 3 Vendor: ST310003 SD15 Size: 953869MB BusType: 3
    22:26:19.047 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IAAStorageDevice-5
    22:26:19.047 Disk 4 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
    22:26:19.047 Disk 1 MBR read successfully
    22:26:19.047 Disk 1 MBR scan
    22:26:19.063 Disk 1 Windows 7 default MBR code
    22:26:19.063 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:26:19.079 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 244096 MB offset 206848
    22:26:19.125 Disk 1 scanning C:\Windows\system32\drivers
    22:26:23.349 Service scanning
    22:26:34.129 Modules scanning
    22:26:34.129 Disk 1 trace - called modules:
    22:26:34.129 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    22:26:34.145 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007a92060]
    22:26:34.145 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8007870860]
    22:26:34.145 5 ACPI.sys[fffff88000f8c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800786f050]
    22:26:34.363 AVAST engine scan C:\Windows
    22:26:34.815 AVAST engine scan C:\Windows\system32
    22:27:54.959 AVAST engine scan C:\Windows\system32\drivers
    22:27:59.701 AVAST engine scan C:\Users\Tim
    22:29:01.141 AVAST engine scan C:\ProgramData
    22:29:13.913 Scan finished successfully
    22:29:31.710 Disk 1 MBR has been saved successfully to "C:\Users\Tim\Desktop\MBR.dat"
    22:29:31.756 The log file has been saved successfully to "C:\Users\Tim\Desktop\aswMBR.txt"
  16. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  17. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    ComboFix 12-12-04.01 - Tim 12/05/2012 5:45.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6726 [GMT -6:00]
    Running from: c:\users\Tim\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\DRM\F5C5.tmp
    c:\programdata\Microsoft\Windows\DRM\F5C6.tmp
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-05 11:48 . 2012-12-05 11:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-12-05 11:48 . 2012-12-05 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-05 11:36 . 2012-12-05 11:36 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7078A7F8-8042-44E7-BD6A-BEB6BBD2503A}\offreg.dll
    2012-12-05 02:39 . 2012-12-05 11:36 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
    2012-12-05 02:38 . 2012-12-05 02:38 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-05 01:10 . 2012-12-05 01:10 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes
    2012-12-05 01:09 . 2012-12-05 01:09 -------- d-----w- c:\programdata\Malwarebytes
    2012-12-05 01:09 . 2012-12-05 01:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-12-05 01:09 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-04 12:21 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7078A7F8-8042-44E7-BD6A-BEB6BBD2503A}\mpengine.dll
    2012-12-03 12:20 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-01 21:35 . 2012-12-01 21:35 -------- d-----w- c:\users\Tim\AppData\Local\Package Cache
    2012-11-28 12:18 . 2012-11-28 12:18 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C277D466-EDF9-4BB6-9400-D557C90BAABE}\gapaengine.dll
    2012-11-23 02:39 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-23 02:39 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-23 02:39 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-23 02:39 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-23 02:36 . 2012-10-08 12:29 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2012-11-23 02:34 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-23 02:34 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-23 02:34 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-23 02:34 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-23 02:34 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-23 02:34 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-23 02:34 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-22 03:26 . 2012-11-22 04:00 -------- d-----w- c:\users\Tim\AppData\Local\ArmA 2 OA
    2012-11-22 03:25 . 2012-11-22 03:25 -------- d-----w- c:\users\Tim\AppData\Local\DayZCommander
    2012-11-22 03:24 . 2012-11-22 03:24 -------- d-----w- c:\program files (x86)\Dotjosh Studios
    2012-11-21 00:06 . 2006-03-31 18:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
    2012-11-12 20:47 . 2012-11-13 14:13 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
    2012-11-12 20:47 . 2012-11-12 20:47 -------- d-----w- c:\programdata\Blizzard Entertainment
    2012-11-12 20:46 . 2012-11-12 20:47 -------- d-----w- c:\programdata\Battle.net
    2012-11-10 21:55 . 2012-11-10 21:57 -------- d-----w- c:\users\Tim\AppData\Roaming\RIFT PTS
    2012-11-08 01:42 . 2012-11-08 01:42 -------- d-----w- c:\users\Tim\AppData\Roaming\Media Player Classic
    2012-11-08 01:42 . 2012-11-08 01:42 -------- d-----w- c:\program files (x86)\Essentials Codec Pack
    2012-11-08 01:41 . 2012-11-08 01:41 -------- d-----w- c:\users\Tim\AppData\Roaming\Nullsoft
    2012-11-08 00:45 . 2012-11-08 00:45 -------- d-----w- c:\users\Tim\AppData\Local\DDMSettings
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-05 11:36 . 2012-09-21 05:48 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
    2012-11-23 02:35 . 2012-09-21 06:03 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-11-13 14:44 . 2012-10-31 02:37 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-11-13 14:44 . 2012-09-22 21:24 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-11-13 14:44 . 2012-09-22 21:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-11-10 12:59 . 2012-09-21 07:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-10 12:59 . 2012-09-21 07:22 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-31 02:41 . 2012-09-22 21:24 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-10-20 13:39 . 2012-09-22 17:25 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-10-20 13:39 . 2012-09-22 17:25 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-10-20 13:39 . 2012-09-22 17:25 123480 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-10-20 13:39 . 2012-09-22 17:25 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-10-16 08:38 . 2012-12-03 12:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-12-03 12:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-12-03 12:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-10 08:22 . 2012-10-10 08:22 80384 ----a-w- c:\windows\system32\igdde64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 21818368 ----a-w- c:\windows\SysWow64\igdfcl32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
    2012-10-10 08:22 . 2012-10-10 08:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 27438080 ----a-w- c:\windows\system32\igdfcl64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
    2012-10-10 08:22 . 2012-10-10 08:22 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
    2012-10-10 08:22 . 2012-09-21 05:42 110592 ----a-w- c:\windows\system32\hccutils.dll
    2012-10-10 08:22 . 2012-10-10 08:22 598780 ----a-w- c:\windows\system32\igvpkrng700.bin
    2012-10-10 08:22 . 2012-10-10 08:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 56832 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 441888 ----a-w- c:\windows\system32\igfxpers.exe
    2012-10-10 08:22 . 2012-10-10 08:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 3582976 ----a-w- c:\windows\system32\igdbcl64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
    2012-10-10 08:22 . 2012-09-21 05:42 56832 ----a-w- c:\windows\system32\OpenCL.dll
    2012-10-10 08:22 . 2012-10-10 08:22 9007616 ----a-w- c:\windows\system32\igfxress.dll
    2012-10-10 08:22 . 2012-10-10 08:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
    2012-10-10 08:22 . 2012-10-10 08:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 441856 ----a-w- c:\windows\system32\igfxdev.dll
    2012-10-10 08:22 . 2012-10-10 08:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
    2012-10-10 08:22 . 2012-10-10 08:22 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
    2012-10-10 08:22 . 2012-10-10 08:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
    2012-10-10 08:22 . 2012-09-21 05:42 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
    2012-10-10 08:22 . 2012-10-10 08:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
    2012-10-10 08:22 . 2012-10-10 08:22 185376 ----a-w- c:\windows\system32\difx64.exe
    2012-10-10 08:22 . 2012-10-10 08:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
    2012-10-10 08:22 . 2012-10-10 08:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
    2012-10-10 08:22 . 2012-10-10 08:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 56320 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
    2012-10-10 08:22 . 2012-10-10 08:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2012-10-10 08:22 . 2012-09-21 05:42 56320 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-10-10 08:22 . 2012-10-10 08:22 8579584 ----a-w- c:\windows\SysWow64\ig7icd32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 386048 ----a-w- c:\windows\system32\igfxpph.dll
    2012-10-10 08:22 . 2012-10-10 08:22 11595776 ----a-w- c:\windows\system32\ig7icd64.dll
    2012-10-10 08:22 . 2012-10-10 08:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 28672 ----a-w- c:\windows\system32\igfxexps.dll
    2012-10-10 08:22 . 2012-10-10 08:22 252448 ----a-w- c:\windows\system32\igfxext.exe
    2012-10-10 08:22 . 2012-10-10 08:22 11040256 ----a-w- c:\windows\SysWow64\igdumd32.dll
    2012-10-10 08:22 . 2012-10-10 08:22 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2012-10-10 08:22 . 2012-10-10 08:22 755048 ----a-w- c:\windows\system32\igcodeckrng700.bin
    2012-10-10 08:22 . 2012-10-10 08:22 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
    2012-10-10 08:22 . 2012-10-10 08:22 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
    2012-10-02 22:21 . 2012-09-21 07:25 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-10-02 22:21 . 2012-09-21 07:25 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-10-02 22:21 . 2012-09-21 06:46 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
    .
    c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-9-22 2056192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-20 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-21 1255736]
    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
    S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
    S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
    S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
    S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2012-03-12 66336]
    S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-12-05 34752]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
    .
    2012-12-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VIRTU MVP"="c:\program files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe" [2012-03-12 3006240]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.yahoo.com?type=386496&fr=spigot-yhp-ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.10.1
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kktm9ipa.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
    Wow6432Node-HKLM-Run-AVG_UI - c:\program files (x86)\AVG\AVG2013\avgui.exe
    SafeBoot-76788330.sys
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-05 05:49:09
    ComboFix-quarantined-files.txt 2012-12-05 11:49
    .
    Pre-Run: 99,928,580,096 bytes free
    Post-Run: 103,761,375,232 bytes free
    .
    - - End Of File - - 5B1A5A3BFE3E7FDE3FB69B006408824B
  18. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Looks good.

    How is computer doing?

    ===========================

    You're running two AV programs, AVG and MSE.
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    Next...

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  19. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    Looks good as in there's no sign of the virus? :) The computer is fine and was fine, minus the virus scanner picking up the virus earlier. Now though, MSE does not detect anything...so I'm guessing I'm fine but will defer to you.

    Any point to running AdwCleaner and OTL if the virus is gone?

    I removed AVG earlier using the uninstallers provided so I'm not sure why it is still detected. It does not appear in Control Panel -> Uninstall program list. I ran the uninstaller again for good measure.

    What do you recommend for a free antivirus option and malware/spyware detector/remover? I'd rather not have to run 5 different things if fewer can do the job.

    Thank you!
  20. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    We need to complete cleaning process so you need to follow my previous reply.
  21. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    AdwCleaner:

    # AdwCleaner v2.011 - Logfile created 12/05/2012 at 19:49:05
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Tim - TIM-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tim\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Deleted : C:\Program Files (x86)\FreeRIP
    Folder Deleted : C:\ProgramData\FreeRIP
    Folder Deleted : C:\Users\Tim\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default
    File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kktm9ipa.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1726 octets] - [05/12/2012 19:49:05]

    ########## EOF - C:\AdwCleaner[S1].txt - [1786 octets] ##########
  22. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    OTL.txt:

    OTL logfile created on: 12/5/2012 7:51:50 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tim\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.90 Gb Total Physical Memory | 6.74 Gb Available Physical Memory | 85.41% Memory free
    15.79 Gb Paging File | 14.59 Gb Available in Paging File | 92.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 238.37 Gb Total Space | 96.38 Gb Free Space | 40.43% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 316.33 Gb Free Space | 16.98% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 95.17 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
    Drive F: | 931.51 Gb Total Space | 931.38 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
    Drive G: | 931.51 Gb Total Space | 619.28 Gb Free Space | 66.48% Space Free | Partition Type: NTFS

    Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/05 19:47:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
    PRC - [2012/10/30 20:41:51 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/10/02 16:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/12 09:52:44 | 001,763,328 | ---- | M] (Software Security System) -- C:\Program Files\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe
    PRC - [2012/02/07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/02/07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/02/07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2012/02/07 16:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/01/26 11:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/11/29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/05/05 18:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
    PRC - [2010/05/05 18:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/23 00:34:29 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll
    MOD - [2012/11/23 00:34:28 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll
    MOD - [2012/11/22 20:51:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
    MOD - [2012/11/22 20:51:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/22 20:51:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
    MOD - [2012/11/22 20:51:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
    MOD - [2012/11/22 20:51:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
    MOD - [2012/11/22 20:50:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
    MOD - [2012/11/22 20:50:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
    MOD - [2012/11/22 20:50:56 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
    MOD - [2012/11/22 20:50:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2010/05/05 18:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
    MOD - [2009/03/26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/02/09 15:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
    SRV:64bit: - [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/12/04 22:11:06 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/03 17:16:23 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/10/30 20:41:51 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/10/20 07:39:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/10/02 16:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/02/07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/02/07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2012/02/07 16:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/12/05 19:49:47 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
    DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/12 10:15:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/09 15:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
    DRV:64bit: - [2012/02/09 15:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
    DRV:64bit: - [2012/02/09 15:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
    DRV:64bit: - [2012/01/26 11:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/01/26 11:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/01/26 11:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2011/11/29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/09/21 16:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/05/10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
    DRV:64bit: - [2011/05/09 19:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011/03/04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/05/05 20:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/05/05 20:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/05/05 20:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/05/05 20:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/05/05 20:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/05/05 20:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
    DRV:64bit: - [2010/05/05 20:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=386496&fr=spigot-yhp-ie
    IE - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 8F 09 80 BC 97 CD 01 [binary data]
    IE - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-21-1289342065-2482355784-787199102-1001\..\SearchScopes,DefaultScope =

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=386496_yhs3tst"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/22 10:33:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 22:11:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/04 22:10:50 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 22:11:07 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/04 22:10:50 | 000,000,000 | ---D | M]

    [2012/09/20 23:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
    [2012/12/01 11:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kktm9ipa.default\extensions
    [1625/12/13 21:00:20 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kktm9ipa.default\extensions\jjnednosuz@jjnednosuz.org.xpi
    [2012/12/04 22:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/12/04 22:11:07 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/05 19:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/11 20:56:47 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/12/05 05:48:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKU\S-1-5-21-1289342065-2482355784-787199102-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1289342065-2482355784-787199102-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1289342065-2482355784-787199102-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B3C4446-57F1-4CEA-87C7-5200C82689B7}: DhcpNameServer = 192.168.10.1
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/05 19:47:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
    [2012/12/05 18:49:36 | 002,899,344 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_2125.exe
    [2012/12/05 18:49:30 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x86_2012_2125.exe
    [2012/12/05 06:34:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/12/05 05:49:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/12/05 05:45:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/12/05 05:45:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/12/05 05:45:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/12/05 05:45:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/12/05 05:45:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/12/05 05:41:30 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Tim\Desktop\ComboFix.exe
    [2012/12/04 22:20:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Tim\Desktop\aswMBR.exe
    [2012/12/04 22:16:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\RK_Quarantine
    [2012/12/04 22:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/12/04 20:38:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/12/04 20:37:49 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tim\Desktop\TDSSKiller.exe
    [2012/12/04 19:10:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
    [2012/12/04 19:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/12/04 19:09:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/12/04 19:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/12/04 19:08:53 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Tim\Desktop\dds.com
    [2012/12/04 19:08:26 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tim\Desktop\mbam-setup-1.65.1.1000.exe
    [2012/12/01 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Package Cache
    [2012/11/21 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
    [2012/11/21 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\ArmA 2 OA
    [2012/11/21 21:25:00 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\DayZCommander
    [2012/11/21 21:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
    [2012/11/20 18:07:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\SCE
    [2012/11/20 18:07:28 | 000,000,000 | ---D | C] -- C:\Crash
    [2012/11/20 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Sony Online Entertainment
    [2012/11/12 14:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    [2012/11/12 14:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2012/11/12 14:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2012/11/12 14:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2012/11/10 15:55:10 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\RIFT PTS
    [2012/11/09 23:52:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/11/07 19:42:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Media Player Classic
    [2012/11/07 19:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack
    [2012/11/07 19:42:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack
    [2012/11/07 19:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Essentials Codec Pack
    [2012/11/07 19:41:18 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Nullsoft
    [2012/11/07 18:45:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\DDMSettings
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/05 19:49:47 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
    [2012/12/05 19:49:47 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    [2012/12/05 19:49:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/05 19:49:42 | 2064,121,855 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/05 19:49:23 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
    [2012/12/05 19:49:23 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
    [2012/12/05 19:49:23 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
    [2012/12/05 19:47:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
    [2012/12/05 19:47:02 | 000,540,743 | ---- | M] () -- C:\Users\Tim\Desktop\adwcleaner.exe
    [2012/12/05 18:49:36 | 002,899,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_2125.exe
    [2012/12/05 18:49:31 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x86_2012_2125.exe
    [2012/12/05 17:13:30 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/05 17:13:30 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/05 17:13:14 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/12/05 17:13:14 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/12/05 17:13:14 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/12/05 05:48:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/12/05 05:41:41 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Tim\Desktop\ComboFix.exe
    [2012/12/04 22:29:31 | 000,000,512 | ---- | M] () -- C:\Users\Tim\Desktop\MBR.dat
    [2012/12/04 22:21:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Tim\Desktop\aswMBR.exe
    [2012/12/04 22:09:12 | 000,752,128 | ---- | M] () -- C:\Users\Tim\Desktop\RogueKiller.exe
    [2012/12/04 20:45:45 | 000,002,698 | ---- | M] () -- C:\Users\Tim\Desktop\attach.zip
    [2012/12/04 20:37:13 | 002,195,061 | ---- | M] () -- C:\Users\Tim\Desktop\tdsskiller.zip
    [2012/12/04 19:18:49 | 000,001,828 | ---- | M] () -- C:\Users\Tim\Desktop\Logs - Shortcut.lnk
    [2012/12/04 19:09:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/04 19:08:55 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Tim\Desktop\dds.com
    [2012/12/04 19:08:34 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tim\Desktop\mbam-setup-1.65.1.1000.exe
    [2012/12/04 16:48:22 | 001,442,294 | ---- | M] () -- C:\Users\Tim\Desktop\Finlandia_FIN-_FLB_Manual.pdf
    [2012/12/02 21:55:17 | 000,021,687 | ---- | M] () -- C:\Users\Tim\Desktop\monthly budget.ods
    [2012/12/02 13:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    [2012/12/01 15:35:36 | 000,001,899 | ---- | M] () -- C:\Users\Tim\Desktop\MechWarrior Online.lnk
    [2012/12/01 15:35:04 | 000,013,464 | ---- | M] () -- C:\Users\Tim\Desktop\New OpenDocument Spreadsheet.ods
    [2012/11/22 20:48:17 | 000,295,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/21 21:24:54 | 000,001,334 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
    [2012/11/15 16:41:48 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/11/13 08:44:22 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/11/13 08:44:22 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/11/13 08:44:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/11/12 14:50:49 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012/11/09 23:51:59 | 526,949,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/08 16:22:32 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/11/07 19:42:05 | 000,001,188 | ---- | M] () -- C:\Users\Tim\Desktop\Media Player Classic.lnk
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/05 19:46:56 | 000,540,743 | ---- | C] () -- C:\Users\Tim\Desktop\adwcleaner.exe
    [2012/12/05 05:45:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/12/05 05:45:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/12/05 05:45:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/12/05 05:45:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/12/05 05:45:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/12/04 22:29:31 | 000,000,512 | ---- | C] () -- C:\Users\Tim\Desktop\MBR.dat
    [2012/12/04 22:09:08 | 000,752,128 | ---- | C] () -- C:\Users\Tim\Desktop\RogueKiller.exe
    [2012/12/04 20:45:45 | 000,002,698 | ---- | C] () -- C:\Users\Tim\Desktop\attach.zip
    [2012/12/04 20:37:11 | 002,195,061 | ---- | C] () -- C:\Users\Tim\Desktop\tdsskiller.zip
    [2012/12/04 19:18:49 | 000,001,828 | ---- | C] () -- C:\Users\Tim\Desktop\Logs - Shortcut.lnk
    [2012/12/04 19:09:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/04 16:48:22 | 001,442,294 | ---- | C] () -- C:\Users\Tim\Desktop\Finlandia_FIN-_FLB_Manual.pdf
    [2012/12/01 15:35:36 | 000,001,899 | ---- | C] () -- C:\Users\Tim\Desktop\MechWarrior Online.lnk
    [2012/11/22 20:39:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/22 20:34:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/21 21:24:54 | 000,001,334 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
    [2012/11/12 14:50:40 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012/11/09 23:51:59 | 526,949,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/11/07 19:42:05 | 000,001,188 | ---- | C] () -- C:\Users\Tim\Desktop\Media Player Classic.lnk
    [2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/10/10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
    [2012/10/10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
    [2012/10/07 10:31:57 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
    [2012/09/30 21:27:32 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/09/22 15:24:35 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/09/22 15:24:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/09/22 11:25:12 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2012/09/22 11:25:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2012/09/22 10:30:32 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2012/09/22 10:30:10 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2012/09/22 10:30:01 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
    [2012/09/21 00:42:11 | 000,775,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/20 23:42:56 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
    [2012/09/20 23:42:56 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
    [2012/02/02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/12 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/10/12 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/09/22 18:52:49 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG2013
    [2012/09/22 10:29:04 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Helios
    [2012/11/07 19:41:18 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nullsoft
    [2012/09/22 10:38:40 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\OpenOffice.org
    [2012/09/22 13:25:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Origin
    [2012/10/07 10:32:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Red Alert 3
    [2012/11/28 23:52:28 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Rift
    [2012/11/10 15:57:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\RIFT PTS
    [2012/09/21 00:44:44 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    < End of report >
  23. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    OTL extras:

    OTL Extras logfile created on: 12/5/2012 7:51:50 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tim\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.90 Gb Total Physical Memory | 6.74 Gb Available Physical Memory | 85.41% Memory free
    15.79 Gb Paging File | 14.59 Gb Available in Paging File | 92.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 238.37 Gb Total Space | 96.38 Gb Free Space | 40.43% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 316.33 Gb Free Space | 16.98% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 95.17 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
    Drive F: | 931.51 Gb Total Space | 931.38 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
    Drive G: | 931.51 Gb Total Space | 619.28 Gb Free Space | 66.48% Space Free | Partition Type: NTFS

    Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FF86923-DFC2-4B74-973B-8458B32847A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{1428912B-FD1F-41CE-A148-E877EF4436C3}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{145AAD08-92F1-47BB-93BE-41650D960EFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{16333AB6-8CF0-4D68-8DED-00B13978B1FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{1D07FB2A-EEE6-4121-9E51-D8F3B2FC0D11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{1D8D6901-0525-44FD-B249-2E00AAEC6A20}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{1F240F16-95CE-48B8-8E0C-A01D5851F3E2}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{1F436971-F92C-4BB1-AE5B-6796F4D31836}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
    "{26B9E712-4312-46C7-AE5D-3AE32DEC209A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{2A793C35-F8F9-4235-BE00-72EB7FD2C7E9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{2B5A2D57-C513-49C4-B325-E1F6E52BA74A}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
    "{2F07C82A-1F04-4FBC-A6CD-53B9ED1B77E8}" = protocol=17 | dir=in | app=c:\games\origin\fifa 12\game\fifa.exe |
    "{381444D4-248C-4337-ADDA-B31AB11CB4A6}" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
    "{3917EC09-B989-4793-BFB7-81733E768F4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe |
    "{40D1A719-AA6B-4807-96CD-74BFB063B33C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{42C04433-620F-4748-A48C-966A9C20F9D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
    "{4778D02C-F574-4827-A3A0-53CB05C6DAB3}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe |
    "{48796FAD-A9D8-4568-9B92-96888991D7DA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{4E32BCB2-04D7-40ED-B6DF-D51CB0160AF3}" = protocol=17 | dir=in | app=c:\games\steam.exe |
    "{4E88A5B3-2E08-4B7D-AD7B-999EF37B8D82}" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
    "{5433598C-9037-45D0-8FE7-08EE2FE96884}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{566B76E7-AC65-4057-9CAA-37F58966DF0A}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{58CA201A-4FE2-4361-A93E-8EFEDF72993F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
    "{5C58EED4-92E7-4879-8F06-BB375E156BDE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{68101F24-C29E-4002-946C-2DF115EBA9B0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{681EAE9E-6420-4C77-989D-7CA43554A948}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{69BA4865-2A55-444B-AD9F-8B544A905CD8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{6C959681-C826-4299-925B-1F7B77CF5686}" = protocol=6 | dir=in | app=c:\games\origin\battlefield 3\bf3.exe |
    "{7032C0F0-39DB-4234-AB8E-8692B06BD578}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
    "{7173EE86-62DF-4E7C-B3B0-36053E501DE3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{72B2B905-9B71-4B4B-99CD-BDBE89EB7532}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe |
    "{73D6CEE1-1628-43DA-B892-7B8A6C4F414E}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{745CFB2F-18D8-4012-B429-8BB776454B32}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{7E893F10-91FF-4283-8831-160C562218FA}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{806D8D44-C0EF-4B44-A904-F98A73C886ED}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{8214BF47-9E2F-4437-B918-CEA2794F3A92}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{88417720-39D1-4E8E-ABCD-43DC84CC05DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe |
    "{8A74D67B-3C13-4DE5-BF4D-A9C7F109422B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
    "{93DDED6F-D52D-442A-9AFC-258E0734878C}" = protocol=6 | dir=in | app=c:\games\origin\fifa 12\game\fifa.exe |
    "{9494589D-C0A5-45FD-8C7A-CB655EE419CD}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{97C0288F-2978-4B89-8904-767E641C1EC4}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{9B1AE0B5-5082-4A14-80CD-C4C2FF19E19F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe |
    "{9BEAEDF2-6D66-46E9-96A5-290D96E67FAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{9FECEA09-0D1D-4564-AEC2-6CB846FBC10D}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
    "{A12B487E-E828-4BDB-BD81-251AA398BB13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{A530E28E-DD42-437B-ACD3-80CEA53C32C1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{B488A6D4-98E5-4744-977C-911D5970C191}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{B8B7CE3E-0373-48FF-AE94-A90204C482CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BDAB680A-F550-4A7A-9E65-D82A2EB17D82}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{BE6D4E16-89E8-4B48-BC56-DECBE8B2EBE9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{C3BE68A4-1C78-45FF-96B3-354BCD8DC771}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{C444A852-BA13-4D27-9693-4636B8AC96FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
    "{C568C0E1-9C89-48A0-A8ED-2B3608220A7E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C7CF63C9-7071-4297-9D24-B863429CBE01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CBF7DA39-C84D-4791-A68D-87342ABFD7D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{D41D2903-682B-4049-988E-23A8CAC7E683}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
    "{D7D14EAD-9AEA-4536-97B4-F6213C5E4FF7}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\rift\riftpatchlive.exe |
    "{DA04D613-0CC2-469F-BF96-5B2B01F1C75C}" = protocol=6 | dir=in | app=c:\games\steam.exe |
    "{DA73D814-0C9D-407C-91C2-674FD24AC0F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{DDD508D5-5BD6-4974-A8CC-0D8CE1B413E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{DFD53947-5B00-423D-AF5C-2BB4671450F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{E0C53879-EB8B-48C6-B6A8-912AFF852B4A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{E639B788-E560-4DDC-BC86-34F62E58A944}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe |
    "{EEDCF54E-FADA-4009-A815-CE07EDFF1DC7}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\rift\riftpatchlive.exe |
    "{F0F43DF9-6888-45EF-9452-49F9076432F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{F1F3FE0B-1D53-4F1B-9F44-5CB2ED9106DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
    "{F3744CBD-B47D-4FFD-BE80-DEBF041B5837}" = protocol=17 | dir=in | app=c:\games\origin\battlefield 3\bf3.exe |
    "{F9FF4D17-A4CB-42D6-BAC4-34F1EE459B60}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{FE6EB369-A693-4114-9701-F73727E0A377}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "TCP Query User{1B587863-95FC-4166-86F1-7075A54FAF76}D:\games\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
    "TCP Query User{91492992-8121-4F07-8CBC-F3BB52E70242}D:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
    "TCP Query User{A1533E44-B264-4C7B-AB05-5B867A9043E1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "TCP Query User{BCBBD0E6-347A-46CC-B87C-B24A27569968}D:\games\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "TCP Query User{CB1D6F6E-C757-4D99-B0DB-5831AC13CD0A}D:\games\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\planetside 2\planetside2.exe |
    "TCP Query User{CC78C501-A605-4332-B5AE-A17F12694AA6}D:\games\steam\steamapps\common\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\portal 2\portal2.exe |
    "TCP Query User{E448D87E-0107-4A5C-9B74-B67EE9CD54CD}D:\games\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
    "TCP Query User{EF56DCA8-1369-4D94-919D-88CDB31E49BB}C:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
    "UDP Query User{0704DB9A-3A7E-4335-B77B-F85885742AEB}D:\games\steam\steamapps\common\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\portal 2\portal2.exe |
    "UDP Query User{0739CD13-2EA0-4DC1-9F0E-E7C3BD3A5C9A}D:\games\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\planetside 2\planetside2.exe |
    "UDP Query User{0E4DD359-4726-486A-A226-BBFA40563033}D:\games\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
    "UDP Query User{2F4EBA94-3C46-46C2-919E-1C49D6FA2824}D:\games\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "UDP Query User{32BA5DC5-D1C3-4CF7-B864-FF3BB94A8A4A}D:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
    "UDP Query User{B50996B7-D806-4AC1-A558-C6CA7F222F12}C:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
    "UDP Query User{D57629F9-CB65-4465-B979-FA322E289C20}D:\games\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
    "UDP Query User{FF83E2D6-AF89-4D99-A58B-2EEA8C3EC2F7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
    "{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel(R) Smart Connect Technology 2.0 x64
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "ASRock App Charger_is1" = ASRock App Charger v1.0.5
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft Security Client" = Microsoft Security Essentials
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "VIRTU MVP_is1" = VIRTU MVP 2.1.111
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{263050F0-65B8-4288-9B70-90FAA1B8A1E7}" = DayZ Commander
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
    "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.90
    "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AudioCS" = Creative Audio Control Panel
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "BattlEye for OA" = BattlEye for OA Uninstall
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Diablo III" = Diablo III
    "DivX Setup" = DivX Setup
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "ESN Sonar-0.70.4" = ESN Sonar
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 102600" = Orcs Must Die!
    "Steam App 107100" = Bastion
    "Steam App 12140" = Max Payne
    "Steam App 12150" = Max Payne 2: The Fall of Max Payne
    "Steam App 17080" = Tribes: Ascend
    "Steam App 17460" = Mass Effect
    "Steam App 17480" = Command and Conquer: Red Alert 3
    "Steam App 18500" = Defense Grid: The Awakening
    "Steam App 21690" = Resident Evil 5
    "Steam App 218" = Source SDK Base 2007
    "Steam App 218230" = PlanetSide 2
    "Steam App 22330" = The Elder Scrolls IV: Oblivion
    "Steam App 22370" = Fallout 3 - Game of the Year Edition
    "Steam App 24960" = Battlefield: Bad Company 2
    "Steam App 24980" = Mass Effect 2
    "Steam App 25900" = King's Bounty: The Legend
    "Steam App 29180" = Osmos
    "Steam App 3170" = King's Bounty: Armored Princess
    "Steam App 32370" = Star Wars: Knights of the Old Republic
    "Steam App 33900" = ARMA 2
    "Steam App 33930" = ARMA 2: Operation Arrowhead
    "Steam App 3590" = Plants vs. Zombies: Game of the Year
    "Steam App 39120" = RIFT™
    "Steam App 47890" = The Sims(TM) 3
    "Steam App 49520" = Borderlands 2
    "Steam App 620" = Portal 2
    "Steam App 63910" = King's Bounty: Crossworlds
    "Steam App 65800" = Dungeon Defenders
    "Steam App 6910" = Deus Ex: Game of the Year Edition
    "Steam App 6920" = Deus Ex: Invisible War
    "Steam App 8930" = Sid Meier's Civilization V
    "Steam App 8980" = Borderlands
    "Steam App 9870" = Ghostbusters: The Video Game
    "Winamp" = Winamp
    "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 4.0 [64-Bit]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
    "SOE-" = gamelauncher-ps2-live
    "SOE-C:/Users/Tim/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/4/2012 8:17:02 PM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 12/4/2012 8:22:57 PM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 12/4/2012 9:14:00 PM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 12/4/2012 9:20:43 PM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 12/4/2012 10:35:46 PM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 12/4/2012 10:39:58 PM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 12/5/2012 12:11:55 AM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 12/5/2012 7:36:42 AM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 12/5/2012 7:06:26 PM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 12/5/2012 9:49:47 PM | Computer Name = Tim-PC | Source = ISCT Agent | ID = 1003
    Description =

    [ System Events ]
    Error - 12/5/2012 7:36:43 AM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVGIDSHA

    Error - 12/5/2012 7:45:49 AM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) ME Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/5/2012 7:46:47 AM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 12/5/2012 7:47:51 AM | Computer Name = Tim-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 12/5/2012 7:48:05 AM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 12/5/2012 8:13:39 AM | Computer Name = Tim-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk5\DR6.

    Error - 12/5/2012 8:13:40 AM | Computer Name = Tim-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk5\DR6.

    Error - 12/5/2012 8:13:41 AM | Computer Name = Tim-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk5\DR6.

    Error - 12/5/2012 7:06:27 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVGIDSHA

    Error - 12/5/2012 9:49:47 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AVGIDSHA


    < End of report >
  24. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKU\S-1-5-21-1289342065-2482355784-787199102-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
      O15 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1289342065-2482355784-787199102-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. qwerty1

    qwerty1 Newcomer, in training Topic Starter Posts: 22

    OTL
    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1289342065-2482355784-787199102-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1289342065-2482355784-787199102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Tim
    ->Temp folder emptied: 101553 bytes
    ->Temporary Internet Files folder emptied: 11559894 bytes
    ->Java cache emptied: 393361 bytes
    ->FireFox cache emptied: 1154042859 bytes
    ->Flash cache emptied: 114545 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 13698 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 286487848 bytes

    Total Files Cleaned = 1,386.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Tim
    ->Java cache emptied: 0 bytes

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Tim
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12052012_221419

    Files\Folders moved on Reboot...
    C:\Users\Tim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.